[kictanet] Day 3 of 10: What threats would face Regulators as they adopt service provision over the web
John Walubengo
jwalu at yahoo.com
Fri Oct 12 13:31:18 EAT 2007
Thanks Michuki for insights on the internet risks. Very
useful and relevant to entities getting online,
particularly the point on social engineering/vulnerability.
Human beings are often the weakest link in a security
chain. Thats why we still have the so-called Nigerian Scam
mails and Phishing attacks still going strong.
Indeed something to worry about. Anybody with other threat
examples?
walu.
--- Michuki Mwangi <michuki at swiftkenya.com> wrote:
> Walu,
>
> John Walubengo wrote:
> >
> > We need to think like hackers here. Assuming you had
> the
> > time, the motive and the skill, what would you want to
> lay
> > your hands on from the e-Regulators?
> >
>
> A hackers world is driven by "bragging rights" which
> elevates an
> individual from a n00b (a newbie) giving them access to
> various h4ckers
> forums especially on IRC chats where there's alot of
> information and
> knowledge to be gained. There are three types of h4ackers
> i.e
> black-hats, grey-hats and white-hats.
>
> With that background, its important to know that websites
> to
> black-hats/grey-hats are like priced tokens. A place to
> harness their
> skills and every success earns them bragging rights
> amongst their peers.
> White-hats are known as ethical h4ckers and despised by
> the rest.
>
> There are numerous techniques that are used to break into
> websites
> ranging from remote file injection (RFI) into databases,
> defacing and
> Denial of Service attacks (DDoS).
>
> IMHO, the e-Regulators will attract attention and thus
> the information
> placed online would therefore require them to deploy
> advanced security
> features & systems to mitigate against these types of
> attacks.
>
> The e-Regulators information can be "confidential
> information" hence up
> for sale to the highest bidder. While this maybe a little
> bit far
> fetched, but in a competitive environment and where the
> regulators are
> privy to some of this information from the service
> providers/bidders,
> your guess is as good as mine. Phishing & identity theft
> are major
> attractions of such websites.
>
> One of the most important aspects of security is to
> understand that
> there still exists the social vulnerability aspect. This
> is by far the
> most difficult to safeguard against. Fortunately or
> unfortunately, most
> h4ckers are well aware of this vulnerability.
>
> DDOS and Defacements impact socially on the organizations
> ability to
> provide the online services. They should never be ignored
> as the
> perpetrators can always leave back-doors into the system.
>
>
> My humble attempt to thinking as a hacker and hope that
> helps.
>
> Regards,
>
>
>
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> This message was sent to: jwalu at yahoo.com
> Unsubscribe or change your options at
>
http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
>
____________________________________________________________________________________
Check out the hottest 2008 models today at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
More information about the KICTANet
mailing list