[kictanet] Was the IEBC hacked? An insider's view

S.M. Muraya murigi.muraya at gmail.com
Sat Mar 9 14:34:13 EAT 2013


A KE.xpert says the IEBC multiplication error was caused by a "faulty SQL
join".

https://twitter.com/paul_mungai/status/310334406168571904

Something to do with 8 candidates and a multiplication of 8....


On Sat, Mar 9, 2013 at 11:58 AM, Adam Nelson <adam at varud.com> wrote:

> It doesn't really matter in terms of the election itself because the
> system was abandoned and was never intended to be the definitive basis of
> results.
>
> However, saying that attacks were stopped in real time is already bad
> news.  The fact that he was changing passwords and taking the "SQL server"
> off the network (I presume he means on some sort of public or unsafe
> network) just days before the election is pretty bad.  The system could
> have been hijacked before he set up the IDS and did that work.  It sounds
> like he did the best job possible but a penetration test is just one of
> many layers needed for security so this really does appear to be a textbook
> example of a failed implementation of an important technology system.
>
> However, many best practices and lessons could come out of this.  It
> almost seems like a book-length project.
>
> -Adam
>
> On Sat, Mar 9, 2013 at 11:47 AM, Rebecca Wanjiku <rebeccawanjiku at yahoo.com
> > wrote:
>
>> Just in case you were wondering whether it was hacked, the person who did
>> the pen test and monitored the network says no.
>>
>> Read the views......
>>
>>
>> http://www.wanjiku.co.ke/2013/03/was-the-iebc-network-compromise-an-insiders-view/
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20130309/c3a3abd8/attachment.htm>


More information about the KICTANet mailing list