<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Do we have someone from IEBC on this list? </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">This is a serious breach. In the dark web there are vendors of stolen identities. What IEBC has done is to basically leave the bank vaults open and invite every identity theft vendor in the world into this treasure trove..</div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">This whole verification exercise needs to be suspended until this rookie mistake is rectified. <br><br><div><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.294118); -webkit-composition-fill-color: rgba(175, 192, 227, 0.231373);"><b>Ali Hussein</b></span></div><div><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.294118); -webkit-composition-fill-color: rgba(175, 192, 227, 0.231373);"><b>Principal</b></span></div><div><b style="background-color: rgba(255, 255, 255, 0);">Hussein & Associates</b></div><div style="font-family: Helvetica; font-size: medium; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); -webkit-text-size-adjust: auto; ">+254 0713 601113 </div><div style="font-family: Helvetica; font-size: medium; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); -webkit-text-size-adjust: auto; "><br></div><div><p style="margin: 0in 0in 0pt;"><span style="background-color: rgba(255, 255, 255, 0);">Twitter: @AliHKassim</span></p><span style="background-color: rgba(255, 255, 255, 0);"><font></font></span><p style="margin: 0in 0in 0pt;"><span style="background-color: rgba(255, 255, 255, 0);">Skype: abu-jomo</span></p><p style="margin: 0in 0in 0pt;"><span style="background-color: rgba(255, 255, 255, 0);">LinkedIn: <a href="http://ke.linkedin.com/in/alihkassim" target="_blank">http://ke.linkedin.com/in/alihkassim</a></span></p><font><br></font></div><div><span style="background-color: rgba(255, 255, 255, 0);">"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle</span></div><div><br></div><div><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.294118); -webkit-composition-fill-color: rgba(175, 192, 227, 0.231373);"><br></span></div>Sent from my iPad</div><div><br>On 30 Jun 2017, at 1:05 AM, Grace Githaiga via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>> wrote:<br><br></div><blockquote type="cite"><div>
@Chebukati<br><br>I like the idea of a legitimate implementable solution. And I believe we have many of those here--on this list. So Listers, take up Chebukati's challenge and suggest what is pragmatic and would probably help the techies at IEBC move this process forward with less glitches. <br>
<br>
<br>
<br>
Best regards<br>
<br>
<br>
Githaiga, Grace<br>
<br><br><br>On Friday, 30-06-2017 at 01:29 Emmanuel Chebukati via kictanet wrote:<br><blockquote style="border:0;border-left: 2px solid #22437f; padding:0px; margin:0px; padding-left:5px; margin-left: 5px; "><div dir="ltr">Greetings,<div><br></div><div>Thinking out loud here: what are the alternatives to an open system? In my view: Limiting requests per IP address would obviously lock out many users. Implementing cookies et al to limit to one query per day would also lock out several legitimate users (e.g. those who share PCs at cybers). Introducing a username/password combo made out of perhaps the birth-date would complicate matters for the average voter.</div><div><br></div><div>I think the only legitimate options they have to prevent abuse/mass mining of this information is to implement a service like Cloudflare on the subdomain. This would at least stop a repetitive CURL request in its tracks or at least severely slow it down. Nevertheless, a quick IP ping shows that it appears as though the subdomain <a target="_blank" class="blue" href="http://voterstatus.iebc.or.ke">voterstatus.iebc.or.ke</a> is running on Google Cloud servers which offer similar services as Cloudflare these days. I trust the good people at IEBC have explored these services.</div><div><br></div><div>Let's brainstorm. Perhaps a legitimate, implementable solution may arise from this discussion that works for the "Kenyan context".</div><div><br></div><div><br></div><div>Regards,</div><div><br></div><div>EC</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 29, 2017 at 11:55 PM, Ronald Ojino via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">This is a very serious anomaly that must be addressed soonest possible. It begs the question, are we safe as data subjects? If a body like IEBC that is expected to be beyond reproach can have such open flaws...then we say that we are ready to go for elections huh?its a disappointment.</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On 29-Jun-2017 11:47 PM, "Mwendwa Kivuva via kictanet" <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><wbr>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div>Dear Listers,</div><div><br></div><div>Today I'm wearing my CISA hat.</div><div><br></div><div>IEBC has launched a voter verification tool both through sms, and web query at <a target="_blank" class="blue" href="http://voterstatus.iebc.or.ke/voter">http://voterstatus.iebc.or.<wbr>ke/voter</a></div><div><br></div><div>If you are privacy conscious, and a little bit paranoid, you will realize that IEBC is doing badly with how they are exposing raw data of nearly 20 million Kenyans to the world. Anybody with basic programing skills can be able to harvest the raw data through an automated search. If you search any random number with the format of Kenya ID numbers, say hypothetically 12345678, you will realize you can pull up citizen's details, at least ID number, and name, and where they live.</div><div><br></div><div>Basic security tips would require the system to have a captcha to prevent automated harvest of the information, and also have a challenge questions like date of birth to supplement the ID number, therefore thwart any mischievous individuals from harvesting the rich data<br></div><div><br></div><div>Can IEBC correct the anomaly?</div><div><br></div><div>Attached is a sample demo screenshot. Of course there is the other thing of strange ID numbers finding their way into the voter register.</div><div><br></div><div><h4 style="margin:0px 0px 0.5rem;padding:0px;box-sizing:border-box;border:none;font-weight:400;font-family:"Open Sans Condensed",calibri_0xx,sans-serif;line-height:1.1;color:rgb(52,52,52);font-size:1.5rem;outline:0px">Voter Details for Id: 12345678</h4><table class="m_-5448251496144261118m_3799577072574419567gmail-detail-view m_-5448251496144261118m_3799577072574419567gmail-table m_-5448251496144261118m_3799577072574419567gmail-table-bordered m_-5448251496144261118m_3799577072574419567gmail-table-striped" id="m_-5448251496144261118m_3799577072574419567gmail-yw0" style="margin:0px;padding:0px;box-sizing:border-box;border:1px solid rgb(236,238,239);max-width:100%;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;width:1517.5px;border-radius:4px;color:rgb(52,52,52);font-family:"Open Sans Condensed",calibri_0xx,sans-serif;font-size:16px;outline:0px"><tbody style="margin:0px;padding:0px;box-sizing:border-box;border:none;outline:0px"><tr class="m_-5448251496144261118m_3799577072574419567gmail-odd" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background:0px 0px;outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:0px 1px 1px;border-top-style:initial;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:initial;border-right-color:rgb(236,238,239);border-bottom-color:rgb(236,238,239);border-left-color:rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;background-color:rgb(249,249,249);border-top-left-radius:4px;outline:0px">Id / Passport Number</th><td style="padding:2px;box-sizing:border-box;border-width:0px 1px 1px;border-top-style:initial;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:initial;border-right-color:rgb(236,238,239);border-bottom-color:rgb(236,238,239);border-left-color:rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;background-color:rgb(249,249,249);border-top-right-radius:4px;outline:0px">12345678</td></tr><tr class="m_-5448251496144261118m_3799577072574419567even" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background-color:rgb(251,252,253);outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;outline:0px">Primary Name</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;outline:0px">KIBET</td></tr><tr class="m_-5448251496144261118m_3799577072574419567gmail-odd" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background:0px 0px;outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;background-color:rgb(249,249,249);outline:0px">Secondary Name</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;background-color:rgb(249,249,249);outline:0px">KIRUI</td></tr><tr class="m_-5448251496144261118m_3799577072574419567even" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background-color:rgb(251,252,253);outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;outline:0px">Birth Date</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;outline:0px">01/01/1994</td></tr><tr class="m_-5448251496144261118m_3799577072574419567gmail-odd" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background:0px 0px;outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;background-color:rgb(249,249,249);outline:0px">Gender</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;background-color:rgb(249,249,249);outline:0px">M</td></tr><tr class="m_-5448251496144261118m_3799577072574419567even" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background-color:rgb(251,252,253);outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;outline:0px">Polling Station Code</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;outline:0px">101</td></tr><tr class="m_-5448251496144261118m_3799577072574419567gmail-odd" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background:0px 0px;outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;background-color:rgb(249,249,249);outline:0px">Polling Station</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;background-color:rgb(249,249,249);outline:0px">LELACH PRIMARY SCHOOL</td></tr><tr class="m_-5448251496144261118m_3799577072574419567even" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background-color:rgb(251,252,253);outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;outline:0px">County</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;outline:0px">KERICHO</td></tr><tr class="m_-5448251496144261118m_3799577072574419567gmail-odd" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background:0px 0px;outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;background-color:rgb(249,249,249);outline:0px">Contituency</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);vertical-align:middle;line-height:1.5;height:6px;background-color:rgb(249,249,249);outline:0px">BURETI</td></tr><tr class="m_-5448251496144261118m_3799577072574419567even" style="margin:0px;padding:0px;box-sizing:border-box;border:none;background-color:rgb(251,252,253);outline:0px"><th style="margin:0px;padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);text-align:right;vertical-align:middle;width:160px;line-height:1.5;border-bottom-left-radius:4px;outline:0px">Ward</th><td style="padding:2px;box-sizing:border-box;border-width:1px;border-style:solid;border-color:rgb(216,226,231) rgb(236,238,239) rgb(236,238,239);outline:0px;vertical-align:middle;line-height:1.5;height:6px;border-bottom-right-radius:4px">CHEPLANGET<br></td></tr></tbody></table><div><div class="m_-5448251496144261118m_3799577072574419567gmail_signature"><br></div><div class="m_-5448251496144261118m_3799577072574419567gmail_signature">______________________<br>Mwendwa Kivuva, Nairobi, Kenya<br><a target="_blank" class="blue" href="http://twitter.com/lordmwesh">twitter.com/lordmwesh</a><br><br><br></div></div><div class="m_-5448251496144261118m_3799577072574419567gmail_signature"><br></div>
</div>
</div>
<br></div></div>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>
<a target="_blank" class="blue" href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer">https://lists.kictanet.or.ke/m<wbr>ailman/listinfo/kictanet</a><br>
Twitter: <a target="_blank" class="blue" href="http://twitter.com/kictanet" rel="noreferrer">http://twitter.com/kictanet</a><br>
Facebook: <a target="_blank" class="blue" href="https://www.facebook.com/KICTANet/" rel="noreferrer">https://www.facebook.com/KICTA<wbr>Net/</a><br>
<br>
Unsubscribe or change your options at <a target="_blank" class="blue" href="https://lists.kictanet.or.ke/mailman/options/kictanet/ronojinx%40gmail.com" rel="noreferrer">https://lists.kictanet.or.ke/m<wbr>ailman/options/kictanet/ronoji<wbr>nx%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br>
<br></blockquote></div></div>
<br>______________________________<wbr>_________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
<a target="_blank" class="blue" href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" rel="noreferrer">https://lists.kictanet.or.ke/<wbr>mailman/listinfo/kictanet</a><br>
Twitter: <a target="_blank" class="blue" href="http://twitter.com/kictanet" rel="noreferrer">http://twitter.com/kictanet</a><br>
Facebook: <a target="_blank" class="blue" href="https://www.facebook.com/KICTANet/" rel="noreferrer">https://www.facebook.com/<wbr>KICTANet/</a><br>
<br>
Unsubscribe or change your options at <a target="_blank" class="blue" href="https://lists.kictanet.or.ke/mailman/options/kictanet/echebukati%40gmail.com" rel="noreferrer">https://lists.kictanet.or.ke/<wbr>mailman/options/kictanet/<wbr>echebukati%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br>
<br></blockquote></div><br></div>
</blockquote><br><div id="EmailSignature">Co-Convenor<br>
Kenya ICT Action Network (KICTANet)<br>
Twitter:@ggithaiga<br>
Tel: 254722701495<br>
Skype: gracegithaiga<br>
Alternate email: <a class="normal-link" href="mailto:ggithaiga@hotmail.com">ggithaiga@hotmail.com</a><br>
Linkedin: <a href="https://www.linkedin.com/in/gracegithaiga" target="_blank" class="normal-link">https://www.linkedin.com/in/gracegithaiga</a><br>
<a href="http://www.kictanet.or.ke">www.kictanet.or.ke</a><br>
<br>
"Change only happens when ordinary people get involved, get engaged and come together to demand it. I am asking you to believe. Not in my ability to bring about change – but in yours"---Barrack Obama.</div><br></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>kictanet mailing list</span><br><span><a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a></span><br><span><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a></span><br><span>Twitter: <a href="http://twitter.com/kictanet">http://twitter.com/kictanet</a></span><br><span>Facebook: <a href="https://www.facebook.com/KICTANet/">https://www.facebook.com/KICTANet/</a></span><br><span></span><br><span>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com">https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com</a></span><br><span></span><br><span>The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.</span><br><span></span><br><span>KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</span><br></div></blockquote></body></html>