[kictanet] Was the IEBC hacked? An insider's view

Odhiambo Washington odhiambo at gmail.com
Sat Mar 9 12:21:26 EAT 2013 

+1

I will repeat what Adam has noted:

It sounds like he did the best job possible but a penetration test is just
one of many layers needed for security so this really does appear to be a
textbook example of a failed implementation of an important technology
system.

Pentest and securing of a system does NOT in any way stop someone with
access privileges from compromising the system in their own special way:)



On 9 March 2013 11:58, Adam Nelson <adam at varud.com> wrote:

> It doesn't really matter in terms of the election itself because the
> system was abandoned and was never intended to be the definitive basis of
> results.
>
> However, saying that attacks were stopped in real time is already bad
> news.  The fact that he was changing passwords and taking the "SQL server"
> off the network (I presume he means on some sort of public or unsafe
> network) just days before the election is pretty bad.  The system could
> have been hijacked before he set up the IDS and did that work.  It sounds
> like he did the best job possible but a penetration test is just one of
> many layers needed for security so this really does appear to be a textbook
> example of a failed implementation of an important technology system.
>
> However, many best practices and lessons could come out of this.  It
> almost seems like a book-length project.
>
> -Adam
>
>  On Sat, Mar 9, 2013 at 11:47 AM, Rebecca Wanjiku <
> rebeccawanjiku at yahoo.com> wrote:
>
>>  Just in case you were wondering whether it was hacked, the person who
>> did the pen test and monitored the network says no.
>>
>> Read the views......
>>
>>
>> http://www.wanjiku.co.ke/2013/03/was-the-iebc-network-compromise-an-insiders-view/
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20130309/10b2cf4f/attachment.htm>

More information about the KICTANet mailing list