[kictanet] Online Security in Kenya needs to be mainstreamed

Brian Munyao Longwe blongwe at gmail.com
Mon Feb 13 17:54:24 EAT 2012 

Also from Twitter today:

"KCB Group - Informed your Info Sec guy of a Dir Listing and Privilege
Escalation vulnerability on your site. No action so far."

Kenya Commercial Bank website continues with known vulnerabilities as
their IT sercurity personnel enjoy their fat salaries and benefits -
do we *really* have conscientious and professional Info-security
personnel in KE?

Brian

On Mon, Feb 13, 2012 at 5:42 PM, Brian Munyao Longwe <blongwe at gmail.com> wrote:
> From Twitter today:
>
> "Multiple Vulnerabilities found on Oriental Bank's website. Default
> configs for the site left shamelessly around."
>
> Kuna shida kweli,
>
> Brian
>
> On Sun, Feb 12, 2012 at 1:29 PM, Brian Munyao Longwe <blongwe at gmail.com> wrote:
>> ...and in other news, Rwanda hosts a cyber-security conference next month...
>>
>> http://aptantech.com/2012/02/rwanda-to-host-cyber-security-workshop/
>>
>> Mblayo
>>
>>
>> On Sat, Feb 11, 2012 at 10:04 PM, Michuki Mwangi <michuki at swiftkenya.com>
>> wrote:
>>>
>>> Hi Brian, et al,
>>>
>>> On 2/11/12 9:28 PM, Brian Munyao Longwe wrote:
>>> > Hey Michuki,
>>> >
>>> > A group calling themselves "Rwandan-Hackers" compromised the Standard
>>> > Media website yesterday and published online a list of KTN Live members
>>> > which included username, encrypted password and email addresses, a
>>> > snippet follows:
>>> >
>>>
>>> So this brings on a new perspectives to the discussion.
>>>
>>> 1. The great connectivity that we have has not only exposed us to
>>> external threats but also to Internal threats.
>>>
>>> 2. It also clears the fact that it doesnt matter where your website is
>>> hosted since this website is hosted in the US just like the Toyota one.
>>>
>>> 3. The attack is through an SQL injection which IMHO exposes the depth
>>> of our web-developers.
>>>
>>> Point 3 above leads me to a conclusion that the CxO's are making the
>>> necessary investments. But it looks like the ball is dropped elsewhere.
>>>
>>> my 2 cents!.
>>>
>>> Mich
>>>
>>
>>
>>
>> --
>> Brian Munyao Longwe
>> e-mail: blongwe at gmail.com
>> cell:  +254715964281
>> blog : http://zinjlog.blogspot.com
>> meta-blog: http://mashilingi.blogspot.com
>
>
>
> --
> Brian Munyao Longwe
> e-mail: blongwe at gmail.com
> cell:  +254715964281
> blog : http://zinjlog.blogspot.com
> meta-blog: http://mashilingi.blogspot.com
>
> "Give us clear vision that we may know where to stand and what to
> stand for, because unless we stand for something, we shall fall for
> anything."



-- 
Brian Munyao Longwe
e-mail: blongwe at gmail.com
cell:  +254715964281
blog : http://zinjlog.blogspot.com
meta-blog: http://mashilingi.blogspot.com

"Give us clear vision that we may know where to stand and what to
stand for, because unless we stand for something, we shall fall for
anything."

More information about the KICTANet mailing list