[kictanet] NSIS website hacked?

Patrick Mburu patrick.mburu at gmail.com
Fri Dec 14 02:08:28 EAT 2007 

Dear all,

I have seen a lot of correspondence put on here and cheer our IT fraternity 
for leading the dialogues / identifying issues in this respect and other 
issues collectively; as more corporate's in Kenya particularly join the joys 
of the WWW, some, mostly dealing in e-services and the like, are just about 
to start experiencing preliminary stages of cyber crime / cyber attacks such 
as web vandalism,: which does include web site defacing,...Gathering Data: 
poaching of data that is not securely handled, and the list goes on....As we 
approach a new information "era" in EA, it is imperative that the relative 
authorities look into measures to look address information security and 
accountability...and if I may mention social responsibility measures where 
applicable.. that would need to be established accordingly...

In anycase, wishing all a great end to the week, and happy belated Jamuhuri 
day.

Regards
Mburu,


Patrick M. Mburu
Director of IT & Training
Advanced Technology Solutions -Africa
Mob: +254737185675
         +393476097758
Email:patrick.mburu at ats-africa.com
         patrick.mburu at gmail.com
----- Original Message ----- 
From: "Odhiambo Washington" <odhiambo at gmail.com>
To: <patrick.mburu at gmail.com>
Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
Sent: Tuesday, December 11, 2007 3:35 PM
Subject: Re: [kictanet] NSIS website hacked?


> On Dec 11, 2007 4:54 PM, John Walubengo <jwalu at yahoo.com> wrote:
>> >>>>--- Odhiambo Washington <odhiambo at gmail.com> wrote:
>>
>> Hey, Walu, it's just the website, the content of which is
>> for public consumption (and public defacing whenever
>> possible to prove a point).
>> <<<<<
>>
>> Wash,
>> true, it's just a website and i am definate that there was
>> nothing critical or sensitive on the site...but think about
>> it this way, whoever defaced the site had to gain
>> admininistrator rights on the box and from there he or she
>> could launch an attack onto other probably more sensitive
>> boxes within NSIS(the intranet)...
>
> Fortunately, it was external to NSIS intranet (if there is any, I don't 
> know).
>
>> yes, i too checked out and noted their domain (nsis.go.ke)
>> is hosted at wananchi online. what I dont know is whether
>> the content(website) is there as well or is in-house at
>> NSIS which could raise the stakes abit....
>
> Let's just say all's well that ends well. The site was fixed soon
> after you posted.
> They just need to audit the security of that webserver thoroughly.
> Unless this is
> done, the security hole is very much in place and will be abused again.
>
>
> -- 
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
> "Oh My God! They killed init! You Bastards!"
>                        --from a /. post
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> This message was sent to: patrick.mburu at gmail.com
> Unsubscribe or change your options at 
> http://lists.kictanet.or.ke/mailman/options/kictanet/patrick.mburu%40gmail.com

More information about the KICTANet mailing list