[kictanet] NSIS website hacked?

Odhiambo Washington odhiambo at gmail.com
Tue Dec 11 17:35:49 EAT 2007


On Dec 11, 2007 4:54 PM, John Walubengo <jwalu at yahoo.com> wrote:
> >>>>--- Odhiambo Washington <odhiambo at gmail.com> wrote:
>
> Hey, Walu, it's just the website, the content of which is
> for public consumption (and public defacing whenever
> possible to prove a point).
> <<<<<
>
> Wash,
> true, it's just a website and i am definate that there was
> nothing critical or sensitive on the site...but think about
> it this way, whoever defaced the site had to gain
> admininistrator rights on the box and from there he or she
> could launch an attack onto other probably more sensitive
> boxes within NSIS(the intranet)...

Fortunately, it was external to NSIS intranet (if there is any, I don't know).

> yes, i too checked out and noted their domain (nsis.go.ke)
> is hosted at wananchi online. what I dont know is whether
> the content(website) is there as well or is in-house at
> NSIS which could raise the stakes abit....

Let's just say all's well that ends well. The site was fixed soon
after you posted.
They just need to audit the security of that webserver thoroughly.
Unless this is
done, the security hole is very much in place and will be abused again.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
                        --from a /. post




More information about the KICTANet mailing list