the vulnerability here is that people usually use 1 password for everything so if someone has time, you can go into many of those email accounts.....possibly FB pages and twitter...<br><br><div class="gmail_quote">On Wed, Jul 18, 2012 at 7:48 AM, Brian Munyao Longwe <span dir="ltr">&lt;<a href="mailto:blongwe@gmail.com" target="_blank">blongwe@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ndungu,<div><br></div><div>Look up something called &quot;SQL Injection&quot; and you will see what exploit was used to access this server. This is not the work of a polished hacker, more of a &quot;script kiddy&quot; trolling for vulnerabilities and chalking up a personal scorecard. Nevertheless, we should be afraid, very afraid... as it is abundantly clear that we have very low or zero standards within our organizations for Information Security...</div>

<div><br></div><div>Mblayo<br><br><div><div style="font-size:13.3px;font-family:Verdana,Arial,Helvetica,sans-serif">
			<div style="margin:0 0 8px 0"><span class="HOEnZb"><font color="#888888">
</font></span><span class="HOEnZb"><font color="#888888">
</font></span><span class="HOEnZb"><font color="#888888">
</font></span><table border="0">
<tbody>
<tr valign="top">
<td><img alt="logo"><span style="font-size:small">  <br></span></td><td style="text-align:left"><span style="font-size:small"><span style="color:#808080"><strong>Brian Munyao Longwe</strong></span></span><br>
<div style="margin-top:0px;margin-bottom:0px"><span style="font-size:small"><span style="color:#808080"><span style="color:#ff6600"> | </span>Mobile: 254715964281</span></span></div>
<span style="font-size:small"><span style="color:#666699"><a href="http://mashilingi.blogspot.com" target="_blank">http://mashilingi.blogspot.com</a><br></span></span></td>
</tr></tbody></table><span class="HOEnZb"><font color="#888888"><div style="clear:both"></div></font></span></div><span class="HOEnZb"><font color="#888888"><a href="http://www.facebook.com/brianmunyao" style="text-decoration:underline" target="_blank"><img width="16" height="16" style="padding:0px 0px 5px 0px;vertical-align:middle" border="0"></a> <a href="http://www.facebook.com/brianmunyao" style="text-decoration:underline" target="_blank"><span style>Facebook</span></a> <a href="http://www.twitter.com/blongwe" style="text-decoration:underline" target="_blank"><img width="16" height="16" style="padding:0px 0px 5px 0px;vertical-align:middle" border="0"></a> <a href="http://www.twitter.com/blongwe" style="text-decoration:underline" target="_blank"><span style>Twitter</span></a> <a href="http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254" style="text-decoration:underline" target="_blank"><img width="16" height="16" style="padding:0px 0px 5px 0px;vertical-align:middle" border="0"></a> <a href="http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254" style="text-decoration:underline" target="_blank"><span style>LinkedIn</span></a><br>

<span style="color:gray">Contact me: </span> <img width="16" height="16" alt="Skype" style="padding:0px 0px 5px 0px;vertical-align:middle" border="0"> blongwe<br>

			<div style="width:auto;padding-top:2px;font-size:70%;border-top:1px solid #eeeeee;margin-top:10px">
				<a style="color:#6f6f6f;text-decoration:none" href="http://r1.wisestamp.com/r/landing?promo=16&amp;dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16" target="_blank">
					<span style="color:#6f6f6f">Want a signature like mine?</span>
				</a>
				<span style="color:#3f48cc"><a style="color:#3f48cc" href="http://r1.wisestamp.com/r/landing?promo=16&amp;dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16" target="_blank">Click here.</a></span>
				<img border="0" width="1" height="1">
				 
			</div>
		<img width="1" height="1"></font></span></div></div><br><br><div class="gmail_quote"><div><div class="h5">On Tue, Jul 17, 2012 at 4:22 PM, ndungu stephen <span dir="ltr">&lt;<a href="mailto:ndungustephen@gmail.com" target="_blank">ndungustephen@gmail.com</a>&gt;</span> wrote:<br>

</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><font face="tahoma, sans-serif" color="#3333ff">And here i was thinkin it was KCB...</font><div>
<font face="tahoma, sans-serif" color="#3333ff"><br>
</font></div><div><font face="tahoma, sans-serif" color="#3333ff">So the guy was able to discover a loop hole to access the admin pages (mabbe a default password was used) ; </font></div>
<div><font face="tahoma, sans-serif" color="#3333ff"><br></font></div><div><font face="tahoma, sans-serif" color="#3333ff">Then he entered the sql database using the same password and give us a print out of users who access the page and leave their email address behind ... Big WhOOPP!!!</font></div>


<div><font face="tahoma, sans-serif" color="#3333ff"><br></font></div><div><font face="tahoma, sans-serif" color="#3333ff">I am sure the emails are not even KBC staff - these are probably those users told to register inorder to drop their comments ..</font></div>


<br></div></div><div class="im">_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke" target="_blank">Skunkworks@lists.my.co.ke</a><br>
------------<br>
List info, subscribe/unsubscribe<br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke">Skunkworks@lists.my.co.ke</a><br>
------------<br>
List info, subscribe/unsubscribe<br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Sent from my Voice Recognition Watch©<br>--------------------------------------------------------------------<br>
Our greatest fear is not that we are inadequate,but that we are powerful beyond measure.It is our light, not our darkness, that frightens us.There is nothing enlightened about shrinking so that other people won&#39;t feel insecure around you.As we let our own light shine, we consciously give other people permission to do the same.<br>
As we are liberated from our fear,our presence automatically liberates others. <br>