[kictanet] Day 3 of 10: What threats would face Regulators as they adopt service provision over the web

Michuki Mwangi michuki at swiftkenya.com
Fri Oct 12 10:56:39 EAT 2007 

Walu,

John Walubengo wrote:
> 
> We need to think like hackers here.  Assuming you had the
> time, the motive and the skill, what would you want to lay
> your hands on from the e-Regulators?
> 

A hackers world is driven by "bragging rights" which elevates an
individual from a n00b (a newbie) giving them access to various h4ckers
forums especially on IRC chats where there's alot of information and
knowledge to be gained. There are three types of h4ackers i.e
black-hats, grey-hats and white-hats.

With that background, its important to know that websites to
black-hats/grey-hats are like priced tokens. A place to harness their
skills and every success earns them bragging rights amongst their peers.
White-hats are known as ethical h4ckers and despised by the rest.

There are numerous techniques that are used to break into websites
ranging from remote file injection (RFI) into databases, defacing and
Denial of Service attacks (DDoS).

IMHO, the e-Regulators will attract attention and thus the information
placed online would therefore require them to deploy advanced security
features & systems to mitigate against these types of attacks.

The e-Regulators information can be "confidential information" hence up
for sale to the highest bidder. While this maybe a little bit far
fetched, but in a competitive environment and where the regulators are
privy to some of this information from the service providers/bidders,
your guess is as good as mine. Phishing & identity theft are major
attractions of such websites.

One of the most important aspects of security is to understand that
there still exists the social vulnerability aspect. This is by far the
most difficult to safeguard against. Fortunately or unfortunately, most
h4ckers are well aware of this vulnerability.

DDOS and Defacements impact socially on the organizations ability to
provide the online services. They should never be ignored as the
perpetrators can always leave back-doors into the system.


My humble attempt to thinking as a hacker and hope that helps.

Regards,







-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the KICTANet mailing list