the vulnerability here is that people usually use 1 password for everything so if someone has time, you can go into many of those email accounts.....possibly FB pages and twitter... On Wed, Jul 18, 2012 at 7:48 AM, Brian Munyao Longwe <blongwe@gmail.com>wrote:
Ndungu,
Look up something called "SQL Injection" and you will see what exploit was used to access this server. This is not the work of a polished hacker, more of a "script kiddy" trolling for vulnerabilities and chalking up a personal scorecard. Nevertheless, we should be afraid, very afraid... as it is abundantly clear that we have very low or zero standards within our organizations for Information Security...
Mblayo
[image: logo] *Brian Munyao Longwe* | Mobile: 254715964281 http://mashilingi.blogspot.com <http://www.facebook.com/brianmunyao> Facebook<http://www.facebook.com/brianmunyao> <http://www.twitter.com/blongwe> Twitter <http://www.twitter.com/blongwe> <http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> LinkedIn<http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> Contact me: [image: Skype] blongwe Want a signature like mine? <http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16> Click here.<http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16>
On Tue, Jul 17, 2012 at 4:22 PM, ndungu stephen <ndungustephen@gmail.com>wrote:
And here i was thinkin it was KCB...
So the guy was able to discover a loop hole to access the admin pages (mabbe a default password was used) ;
Then he entered the sql database using the same password and give us a print out of users who access the page and leave their email address behind ... Big WhOOPP!!!
I am sure the emails are not even KBC staff - these are probably those users told to register inorder to drop their comments ..
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sent from my Voice Recognition Watch© -------------------------------------------------------------------- Our greatest fear is not that we are inadequate,but that we are powerful beyond measure.It is our light, not our darkness, that frightens us.There is nothing enlightened about shrinking so that other people won't feel insecure around you.As we let our own light shine, we consciously give other people permission to do the same. As we are liberated from our fear,our presence automatically liberates others.