Ndungu,<div><br></div><div>Look up something called &quot;SQL Injection&quot; and you will see what exploit was used to access this server. This is not the work of a polished hacker, more of a &quot;script kiddy&quot; trolling for vulnerabilities and chalking up a personal scorecard. Nevertheless, we should be afraid, very afraid... as it is abundantly clear that we have very low or zero standards within our organizations for Information Security...</div>
<div><br></div><div>Mblayo<br><br><div id="WISESTAMP_SIG_8629"><div style="font-size:13.3px;font-family:Verdana,Arial,Helvetica,sans-serif">
			<div style="margin:0 0 8px 0"><table border="0">
<tbody>
<tr valign="top">
<td><img src="http://graph.facebook.com/1167175520/picture" alt="logo"><span style="font-size:small">  <br></span></td>
<td style="text-align:left"><span style="font-size:small"><span style="color:#808080"><strong>Brian Munyao Longwe</strong></span></span><br>
<div style="margin-top:0px;margin-bottom:0px"><span style="font-size:small"><span style="color:#808080"><span style="color:#ff6600"> | </span>Mobile: 254715964281</span></span></div>
<span style="font-size:small"><span style="color:#666699"><a href="http://mashilingi.blogspot.com">http://mashilingi.blogspot.com</a><br></span></span></td>
</tr>
</tbody>
</table><div style="clear:both"></div></div><a href="http://www.facebook.com/brianmunyao" style="text-decoration:underline"><img width="16" height="16" style="padding: 0px 0px 5px 0px; vertical-align: middle;" border="0" src="https://s3.amazonaws.com/images.wisestamp.com/facebook.png"></a> <a href="http://www.facebook.com/brianmunyao" style="color:black;text-decoration:underline"><span style="color:black">Facebook</span></a> <a href="http://www.twitter.com/blongwe" style="text-decoration:underline"><img width="16" height="16" style="padding: 0px 0px 5px 0px; vertical-align: middle;" border="0" src="https://s3.amazonaws.com/images.wisestamp.com/twitter.png"></a> <a href="http://www.twitter.com/blongwe" style="color:black;text-decoration:underline"><span style="color:black">Twitter</span></a> <a href="http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254" style="text-decoration:underline"><img width="16" height="16" style="padding: 0px 0px 5px 0px; vertical-align: middle;" border="0" src="https://s3.amazonaws.com/images.wisestamp.com/linkedin.png"></a> <a href="http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254" style="color:black;text-decoration:underline"><span style="color:black">LinkedIn</span></a><br>
<span style="color:gray">Contact me: </span> <img width="16" height="16" alt="Skype" style="padding: 0px 0px 5px 0px; vertical-align: middle;" border="0" src="https://s3.amazonaws.com/images.wisestamp.com/skype.png"> blongwe<br>

			<div style="width:auto;padding-top:2px;font-size:70%;border-top:1px solid #eeeeee;margin-top:10px">
				<a style="color:#6f6f6f;text-decoration:none" href="http://r1.wisestamp.com/r/landing?promo=16&amp;dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16">
					<span style="color:#6f6f6f">Want a signature like mine?</span>
				</a>
				<span style="color:#3f48cc"><a style="color:#3f48cc" href="http://r1.wisestamp.com/r/landing?promo=16&amp;dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16">Click here.</a></span>
				<img border="0" width="1" height="1" src="http://pr1.wisestamp.com/p.gif?promo=16">
				 
			</div>
		<img src="https://wisestamp.appspot.com/pixel.png?p=safari&amp;v=3.11.17.0&amp;t=1342586797422&amp;u=c1d0b3470c4ca423" width="1" height="1"></div></div><br><br><div class="gmail_quote">On Tue, Jul 17, 2012 at 4:22 PM, ndungu stephen <span dir="ltr">&lt;<a href="mailto:ndungustephen@gmail.com" target="_blank">ndungustephen@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><font face="tahoma, sans-serif" color="#3333ff">And here i was thinkin it was KCB...</font><div><font face="tahoma, sans-serif" color="#3333ff"><br>
</font></div><div><font face="tahoma, sans-serif" color="#3333ff">So the guy was able to discover a loop hole to access the admin pages (mabbe a default password was used) ; </font></div>
<div><font face="tahoma, sans-serif" color="#3333ff"><br></font></div><div><font face="tahoma, sans-serif" color="#3333ff">Then he entered the sql database using the same password and give us a print out of users who access the page and leave their email address behind ... Big WhOOPP!!!</font></div>

<div><font face="tahoma, sans-serif" color="#3333ff"><br></font></div><div><font face="tahoma, sans-serif" color="#3333ff">I am sure the emails are not even KBC staff - these are probably those users told to register inorder to drop their comments ..</font></div>

<br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke">Skunkworks@lists.my.co.ke</a><br>
------------<br>
List info, subscribe/unsubscribe<br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div><br></div>