[kictanet] Was the IEBC hacked? An insider's view

kris njoroge krsnjo at gmail.com
Sun Mar 10 00:53:26 EAT 2013 

Was someones toes stepped on? The initial link does not work...


On Sat, Mar 9, 2013 at 12:34 PM, S.M. Muraya <murigi.muraya at gmail.com>wrote:

> A KE.xpert says the IEBC multiplication error was caused by a "faulty SQL
> join".
>
> https://twitter.com/paul_mungai/status/310334406168571904
>
> Something to do with 8 candidates and a multiplication of 8....
>
>
> On Sat, Mar 9, 2013 at 11:58 AM, Adam Nelson <adam at varud.com> wrote:
>
>> It doesn't really matter in terms of the election itself because the
>> system was abandoned and was never intended to be the definitive basis of
>> results.
>>
>> However, saying that attacks were stopped in real time is already bad
>> news.  The fact that he was changing passwords and taking the "SQL server"
>> off the network (I presume he means on some sort of public or unsafe
>> network) just days before the election is pretty bad.  The system could
>> have been hijacked before he set up the IDS and did that work.  It sounds
>> like he did the best job possible but a penetration test is just one of
>> many layers needed for security so this really does appear to be a textbook
>> example of a failed implementation of an important technology system.
>>
>> However, many best practices and lessons could come out of this.  It
>> almost seems like a book-length project.
>>
>> -Adam
>>
>>  On Sat, Mar 9, 2013 at 11:47 AM, Rebecca Wanjiku <
>> rebeccawanjiku at yahoo.com> wrote:
>>
>>>  Just in case you were wondering whether it was hacked, the person who
>>> did the pen test and monitored the network says no.
>>>
>>> Read the views......
>>>
>>>
>>> http://www.wanjiku.co.ke/2013/03/was-the-iebc-network-compromise-an-insiders-view/
>>>
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>> Unsubscribe or change your options at
>>> https://lists.kictanet.or.ke/mailman/options/kictanet/adam%40varud.com
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com
>>
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/krsnjo%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>



-- 
*

If the human brain were so simple that we could understand it, we
would be so simple that we couldn't. - Emerson M. Pugh

*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20130309/3eef4d90/attachment.htm>

More information about the KICTANet mailing list