[kictanet] Close to 2,000 Kenyan websites hacked over past year

Brian Munyao Longwe blongwe at gmail.com
Tue Feb 14 14:34:43 EAT 2012


According to http://www.zone-h.org/archive/filter=1/domain=.co.ke/fulltext=1/page=50
- almost 2,000 Kenyan websites have been hacked between February 2011
and February 2012 to varying degrees ranging from home page
defacements, mass defacements and redefacements.

Is it time for us to start seriously talking about how to go about
addressing our online security as a national concern?

Regards,

Brian

On Mon, Feb 13, 2012 at 5:54 PM, Brian Munyao Longwe <blongwe at gmail.com> wrote:
> Also from Twitter today:
>
> "KCB Group - Informed your Info Sec guy of a Dir Listing and Privilege
> Escalation vulnerability on your site. No action so far."
>
> Kenya Commercial Bank website continues with known vulnerabilities as
> their IT sercurity personnel enjoy their fat salaries and benefits -
> do we *really* have conscientious and professional Info-security
> personnel in KE?
>
> Brian
>
> On Mon, Feb 13, 2012 at 5:42 PM, Brian Munyao Longwe <blongwe at gmail.com> wrote:
>> From Twitter today:
>>
>> "Multiple Vulnerabilities found on Oriental Bank's website. Default
>> configs for the site left shamelessly around."
>>
>> Kuna shida kweli,
>>
>> Brian
>>
>> On Sun, Feb 12, 2012 at 1:29 PM, Brian Munyao Longwe <blongwe at gmail.com> wrote:
>>> ...and in other news, Rwanda hosts a cyber-security conference next month...
>>>
>>> http://aptantech.com/2012/02/rwanda-to-host-cyber-security-workshop/
>>>
>>> Mblayo
>>>
>>>
>>> On Sat, Feb 11, 2012 at 10:04 PM, Michuki Mwangi <michuki at swiftkenya.com>
>>> wrote:
>>>>
>>>> Hi Brian, et al,
>>>>
>>>> On 2/11/12 9:28 PM, Brian Munyao Longwe wrote:
>>>> > Hey Michuki,
>>>> >
>>>> > A group calling themselves "Rwandan-Hackers" compromised the Standard
>>>> > Media website yesterday and published online a list of KTN Live members
>>>> > which included username, encrypted password and email addresses, a
>>>> > snippet follows:
>>>> >
>>>>
>>>> So this brings on a new perspectives to the discussion.
>>>>
>>>> 1. The great connectivity that we have has not only exposed us to
>>>> external threats but also to Internal threats.
>>>>
>>>> 2. It also clears the fact that it doesnt matter where your website is
>>>> hosted since this website is hosted in the US just like the Toyota one.
>>>>
>>>> 3. The attack is through an SQL injection which IMHO exposes the depth
>>>> of our web-developers.
>>>>
>>>> Point 3 above leads me to a conclusion that the CxO's are making the
>>>> necessary investments. But it looks like the ball is dropped elsewhere.
>>>>
>>>> my 2 cents!.
>>>>
>>>> Mich
>>>>
>>>
>>>
>>>
>>> --
>>> Brian Munyao Longwe
>>> e-mail: blongwe at gmail.com
>>> cell:  +254715964281
>>> blog : http://zinjlog.blogspot.com
>>> meta-blog: http://mashilingi.blogspot.com
>>
>>
>>
>> --
>> Brian Munyao Longwe
>> e-mail: blongwe at gmail.com
>> cell:  +254715964281
>> blog : http://zinjlog.blogspot.com
>> meta-blog: http://mashilingi.blogspot.com
>>
>> "Give us clear vision that we may know where to stand and what to
>> stand for, because unless we stand for something, we shall fall for
>> anything."
>
>
>
> --
> Brian Munyao Longwe
> e-mail: blongwe at gmail.com
> cell:  +254715964281
> blog : http://zinjlog.blogspot.com
> meta-blog: http://mashilingi.blogspot.com
>
> "Give us clear vision that we may know where to stand and what to
> stand for, because unless we stand for something, we shall fall for
> anything."



-- 
Brian Munyao Longwe
e-mail: blongwe at gmail.com
cell:  +254715964281
blog : http://zinjlog.blogspot.com
meta-blog: http://mashilingi.blogspot.com

"Give us clear vision that we may know where to stand and what to
stand for, because unless we stand for something, we shall fall for
anything."




More information about the KICTANet mailing list