I remember being approached way back in 2002, just after I had set up KIXP by some tech guru from an Eastern European country's embassy here in Kenya, wanting to find out how they could access ISPs (ostensibly for their intelligence activities, though he didn't say as much). My response was a flat, "please conduct your business through the appropriate government and diplomatic channels".<div>
<br></div><div>It scares me to think how much of our confidential information is in the hands of foreign govts who have top notch security professionals on their payroll if such a 'simpleton' can actually break into the server hosting the majority of our govts public websites.</div>
<div><br></div><div>Once again I call for a proper information security policy framework and associated interventions to ensure that we are on solid ground when it comes to data and information resource protection.</div><div>
<br></div><div>Come on guys - we are probably the most connected country in the continent with the number of optical fibers (and bandwidth) landing into our borders and the levels of internal infrastructure, let us face the stark reality that these huge information highways carry good as well as bad traffic and do what is necessary to protect against external and internal threats.</div>
<div><br></div><div>Still shaking my head,</div><div><br></div><div>Brian<br><br><div class="gmail_quote">On Tue, Jan 17, 2012 at 5:42 PM, waudo siganga <span dir="ltr"><<a href="mailto:emailsignet@mailcan.com">emailsignet@mailcan.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div style="font-family:Arial;font-size:medium" dir="ltr"><div>
Thanks for the news Brian. This is a big shame for all Kenyans that our Government sites can be hacked by a simpleton. It is important to establish who in the maze of ICT Governance in the Government is responsible for Government sites and what coordination there is between different agencies and ministries. Are there appropriate ICT Policies in place covering areas such as Hosting Policy, Server Back-up Policy, etc? Is there regular ICT Audit of Government systems and methods to ensure that they conform to recognised standards and are acceptably safe and secure? Some learning�should come out of this incident.</div>
<div>
<div><div><div class="h5">
<div>
�</div>
<div>
�</div>
<div>
On Tue, Jan 17, 2012, at 04:09 PM, Brian Munyao Longwe wrote:</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div>
�</div>
The fact that a student on a hacking/computer security course could hack into and deface more than 100 Government of Kenya websites<span style="font-weight:bold"> in one night(!)</span> is a crying shame. In addition to that, the fact that it seems all or most of these sites were hosted on a single server is a travesty of best practice.
<div>
�</div>
<div>
Is it so difficult for GoK to invite (readily available) information security experts to design and implement a suitable online information framework for public government websites?</div>
<div>
�</div>
<div>
Shaking my head,</div>
<div>
�</div>
<div>
Brian<br clear="all">
<div>
�</div>
--<br>
Brian Munyao Longwe<br>
e-mail: <a href="mailto:blongwe@gmail.com" target="_blank">blongwe@gmail.com</a><br>
cell:� +254715964281<br>
blog : <a href="http://zinjlog.blogspot.com" target="_blank">http://zinjlog.blogspot.com</a><br>
meta-blog: <a href="http://mashilingi.blogspot.com" target="_blank">http://mashilingi.blogspot.com</a></div>
</div></div><pre>_______________________________________________
kictanet mailing list
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a>
<a href="http://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">http://lists.kictanet.or.ke/mailman/listinfo/kictanet</a>
Unsubscribe or change your options at <a href="http://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.com" target="_blank">http://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.com</a><div class="im">
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
</div></pre>
</blockquote>
</div>
</div>
<div>
�</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Brian Munyao Longwe<br>e-mail: <a href="mailto:blongwe@gmail.com" target="_blank">blongwe@gmail.com</a><br>cell:� +254715964281<br>blog : <a href="http://zinjlog.blogspot.com" target="_blank">http://zinjlog.blogspot.com</a><br>
meta-blog: <a href="http://mashilingi.blogspot.com" target="_blank">http://mashilingi.blogspot.com</a><br>
</div>