IEBC Online Voter verification flaws
Hi Skunks, Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily,[?] trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature. Regards Gerald.
The register and its contents is public information and any Kenyan has the right to scrutinize it so long as he oe she uses the information for election purposes only. Sent from my BlackBerry® -----Original Message----- From: gerald mbuthia <geraldmbuthia@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sat, 12 Jan 2013 22:55:37 To: <skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: [Skunkworks] IEBC Online Voter verification flaws _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
I also thought it was a bit too open but then i remembered all the times i have used mpesa and i realised my id number and my personal details are not really private...by now they are all over. On 13 Jan 2013 08:25, <thomas.kibui@gmail.com> wrote:
The register and its contents is public information and any Kenyan has the right to scrutinize it so long as he oe she uses the information for election purposes only.
Sent from my BlackBerry®
-----Original Message----- From: gerald mbuthia <geraldmbuthia@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sat, 12 Jan 2013 22:55:37 To: <skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
@Gerald, How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how? Without suggesting solutions, you are simply part of the problem:-) On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia <geraldmbuthia@gmail.com>wrote:
Hi Skunks,
Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily,[?] trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
Well another level of security would be to provide the date of birth or age. Among the risks involved is identity theft just last week there was a hulabaloo of people claiming they have been registered into parties without their knowledge. On 13 Jan 2013 08:38, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
@Gerald,
How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how?
Without suggesting solutions, you are simply part of the problem:-)
On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia <geraldmbuthia@gmail.com>wrote:
Hi Skunks,
Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily,[?] trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
How do you define identity theft in this context? Take the M-Pesa case for instance - what is the likelihood of identity theft happening with it? The hullabaloo on registrations into political parties w/o consent is fraud. I think identity theft is a totally different thing. On Sun, Jan 13, 2013 at 8:54 AM, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Well another level of security would be to provide the date of birth or age. Among the risks involved is identity theft just last week there was a hulabaloo of people claiming they have been registered into parties without their knowledge. On 13 Jan 2013 08:38, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
@Gerald,
How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how?
Without suggesting solutions, you are simply part of the problem:-)
On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia <geraldmbuthia@gmail.com
wrote:
Hi Skunks,
Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily,[?]trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
This information is also available at polling stations in physical copy, albeit on a decentalised scale. I dont see any major privacy issue here. On Jan 13, 2013 9:04 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
How do you define identity theft in this context?
Take the M-Pesa case for instance - what is the likelihood of identity theft happening with it?
The hullabaloo on registrations into political parties w/o consent is fraud. I think identity theft is a totally different thing.
On Sun, Jan 13, 2013 at 8:54 AM, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Well another level of security would be to provide the date of birth or age. Among the risks involved is identity theft just last week there was a hulabaloo of people claiming they have been registered into parties without their knowledge. On 13 Jan 2013 08:38, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
@Gerald,
How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how?
Without suggesting solutions, you are simply part of the problem:-)
On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia < geraldmbuthia@gmail.com> wrote:
Hi Skunks,
Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily,[?]trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
I think an added level of authentication as he mentions makes sense, even just the date of birth is enough. I might for instance not want people to know the party I register to. Whatever reason I decide for my data being widely available and open to abuse are mine especially if I'm not being asked to choose whether it be online or not. There is need to protect the data. Sent from my iPad On 13 Jan 2013, at 09:21, Alex Nderitu <nderitualex@gmail.com> wrote:
This information is also available at polling stations in physical copy, albeit on a decentalised scale. I dont see any major privacy issue here.
On Jan 13, 2013 9:04 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
How do you define identity theft in this context?
Take the M-Pesa case for instance - what is the likelihood of identity theft happening with it?
The hullabaloo on registrations into political parties w/o consent is fraud. I think identity theft is a totally different thing.
On Sun, Jan 13, 2013 at 8:54 AM, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Well another level of security would be to provide the date of birth or age. Among the risks involved is identity theft just last week there was a hulabaloo of people claiming they have been registered into parties without their knowledge.
On 13 Jan 2013 08:38, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
@Gerald,
How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how?
Without suggesting solutions, you are simply part of the problem:-)
On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia <geraldmbuthia@gmail.com> wrote:
Hi Skunks, Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily,<1E3.gif> trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
In kenya there is this exercise security guards take of having people fill in their info on a security log. They hardly ever confirm the details filled in from the physical id. Someone with ill intent can fill in stolen identification details and am sure one can see the risk that follows On 13 Jan 2013 09:35, "John Gitau" <jgitau@gmail.com> wrote:
I think an added level of authentication as he mentions makes sense, even just the date of birth is enough. I might for instance not want people to know the party I register to. Whatever reason I decide for my data being widely available and open to abuse are mine especially if I'm not being asked to choose whether it be online or not. There is need to protect the data.
Sent from my iPad
On 13 Jan 2013, at 09:21, Alex Nderitu <nderitualex@gmail.com> wrote:
This information is also available at polling stations in physical copy, albeit on a decentalised scale. I dont see any major privacy issue here. On Jan 13, 2013 9:04 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
How do you define identity theft in this context?
Take the M-Pesa case for instance - what is the likelihood of identity theft happening with it?
The hullabaloo on registrations into political parties w/o consent is fraud. I think identity theft is a totally different thing.
On Sun, Jan 13, 2013 at 8:54 AM, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Well another level of security would be to provide the date of birth or age. Among the risks involved is identity theft just last week there was a hulabaloo of people claiming they have been registered into parties without their knowledge. On 13 Jan 2013 08:38, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
@Gerald,
How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how?
Without suggesting solutions, you are simply part of the problem:-)
On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia < geraldmbuthia@gmail.com> wrote:
Hi Skunks,
Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily, <1E3.gif> trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Well, that is where alibis come in! On Sun, Jan 13, 2013 at 9:41 AM, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
In kenya there is this exercise security guards take of having people fill in their info on a security log. They hardly ever confirm the details filled in from the physical id. Someone with ill intent can fill in stolen identification details and am sure one can see the risk that follows On 13 Jan 2013 09:35, "John Gitau" <jgitau@gmail.com> wrote:
I think an added level of authentication as he mentions makes sense, even just the date of birth is enough. I might for instance not want people to know the party I register to. Whatever reason I decide for my data being widely available and open to abuse are mine especially if I'm not being asked to choose whether it be online or not. There is need to protect the data.
Sent from my iPad
On 13 Jan 2013, at 09:21, Alex Nderitu <nderitualex@gmail.com> wrote:
This information is also available at polling stations in physical copy, albeit on a decentalised scale. I dont see any major privacy issue here. On Jan 13, 2013 9:04 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
How do you define identity theft in this context?
Take the M-Pesa case for instance - what is the likelihood of identity theft happening with it?
The hullabaloo on registrations into political parties w/o consent is fraud. I think identity theft is a totally different thing.
On Sun, Jan 13, 2013 at 8:54 AM, Jimmy Thuo <jimmy.thuo@gmail.com>wrote:
Well another level of security would be to provide the date of birth or age. Among the risks involved is identity theft just last week there was a hulabaloo of people claiming they have been registered into parties without their knowledge. On 13 Jan 2013 08:38, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
@Gerald,
How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how?
Without suggesting solutions, you are simply part of the problem:-)
On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia < geraldmbuthia@gmail.com> wrote:
Hi Skunks,
Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily, <1E3.gif> trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
IEBC should have put another level of security. I just changed one number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details. Sent from my BlackBerry® smartphone provided by Airtel Kenya -----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Alibis really...maybe thats the day you were watching a movie at home alone. On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details. Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker .... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one
number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details.
Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility. On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones < skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one
number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details.
Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
Information Security cannot be taken for granted. This was a security hole. i agree they could have used maybe the date of birth in addition to the id no. Guys... consider someone picking that data (your name and ID no) making a fake ID , buying a sim card ,registering it and use it to conduct crime using it. Remember for Sim registration you just require a photo copy. Njiri John On Mon, Jan 14, 2013 at 4:23 PM, Kivuva <Kivuva@transworldafrica.com> wrote:
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility.
On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones < skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one
number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details.
Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Something small about the maps though, it looks like someone didn't key in the proper coordinates Embakasi East is in the Aberdares and Embakasi West is in Busia. Nice work though all the same. On Mon, Jan 14, 2013 at 4:55 PM, Njiri John <njirijohn@gmail.com> wrote:
Information Security cannot be taken for granted. This was a security hole. i agree they could have used maybe the date of birth in addition to the id no. Guys... consider someone picking that data (your name and ID no) making a fake ID , buying a sim card ,registering it and use it to conduct crime using it. Remember for Sim registration you just require a photo copy.
Njiri John
On Mon, Jan 14, 2013 at 4:23 PM, Kivuva <Kivuva@transworldafrica.com>wrote:
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility.
On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones < skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one
number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details.
Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Why is this so much of an issue now? We've had M-Pesa registers with all this data. We've got security desks where we fill in all this data. Is this just to bash the IEBC or is because of the way the data is publicly available online? Well, I guess we have to live with it for now, so guys, start preparing for a steep increase in fraud cases! On Mon, Jan 14, 2013 at 4:55 PM, Njiri John <njirijohn@gmail.com> wrote:
Information Security cannot be taken for granted. This was a security hole. i agree they could have used maybe the date of birth in addition to the id no. Guys... consider someone picking that data (your name and ID no) making a fake ID , buying a sim card ,registering it and use it to conduct crime using it. Remember for Sim registration you just require a photo copy.
Njiri John
On Mon, Jan 14, 2013 at 4:23 PM, Kivuva <Kivuva@transworldafrica.com>wrote:
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility.
On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones < skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one
number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details.
Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
Just going through the API, its using json/AJAX to get data from a certain file. The only security it has is to check the request origin and blocks if its not 'voter.iebc.or.ke', I don't think its sufficient security because if you can be able to spoof the origin header you can make a script that can allow you to get the entire voter register by looping through id numbers, and even have the ability to filter based on constituency polling station e.t.c. I don't know but am sure this kind of information could be worth something to someone On Tue, Jan 15, 2013 at 11:40 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
Why is this so much of an issue now? We've had M-Pesa registers with all this data. We've got security desks where we fill in all this data. Is this just to bash the IEBC or is because of the way the data is publicly available online? Well, I guess we have to live with it for now, so guys, start preparing for a steep increase in fraud cases!
On Mon, Jan 14, 2013 at 4:55 PM, Njiri John <njirijohn@gmail.com> wrote:
Information Security cannot be taken for granted. This was a security hole. i agree they could have used maybe the date of birth in addition to the id no. Guys... consider someone picking that data (your name and ID no) making a fake ID , buying a sim card ,registering it and use it to conduct crime using it. Remember for Sim registration you just require a photo copy.
Njiri John
On Mon, Jan 14, 2013 at 4:23 PM, Kivuva <Kivuva@transworldafrica.com>wrote:
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility.
On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones < skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one
number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details.
Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Wearing my CISA hat, Safaricom saw the risk of all that data lying around, and they changed their processes, the most visible being agents only recording the ID number xx xx xx xx of a transaction without a name tied into it. And this came about after increased fraud. Callers from Kamiti would call you Mr. X, of id xx, send us 50K or we will come for your children and wife. Now that has reduced. Regards, Mwendwa Kivuva, CISA On 15 January 2013 11:40, Odhiambo Washington <odhiambo@gmail.com> wrote:
Why is this so much of an issue now? We've had M-Pesa registers with all this data. We've got security desks where we fill in all this data. Is this just to bash the IEBC or is because of the way the data is publicly available online? Well, I guess we have to live with it for now, so guys, start preparing for a steep increase in fraud cases!
On Mon, Jan 14, 2013 at 4:55 PM, Njiri John <njirijohn@gmail.com> wrote:
Information Security cannot be taken for granted. This was a security hole. i agree they could have used maybe the date of birth in addition to the id no. Guys... consider someone picking that data (your name and ID no) making a fake ID , buying a sim card ,registering it and use it to conduct crime using it. Remember for Sim registration you just require a photo copy.
Njiri John
On Mon, Jan 14, 2013 at 4:23 PM, Kivuva <Kivuva@transworldafrica.com>wrote:
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility.
On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones < skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote:
IEBC should have put another level of security. I just changed one
number and got my cousins details. Its not so secure, coz I can easily impersonate her with these details.
Sent from my BlackBerry® smartphone provided by Airtel Kenya
-----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sun, 13 Jan 2013 10:06:14 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com <http://www.transworldafrica.com/> | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com <http://www.transworldafrica.com/> | Fluent in computing kenya.or.ke | The Kenya we know
So now the risk is back because all they need is your ID number....the rest they can get from the iebc site. On Tue, Jan 15, 2013 at 12:31 PM, Kivuva <Kivuva@transworldafrica.com> wrote:
Wearing my CISA hat, Safaricom saw the risk of all that data lying around, and they changed their processes, the most visible being agents only recording the ID number xx xx xx xx of a transaction without a name tied into it.
And this came about after increased fraud. Callers from Kamiti would call you Mr. X, of id xx, send us 50K or we will come for your children and wife.
Now that has reduced.
Regards, Mwendwa Kivuva, CISA On 15 January 2013 11:40, Odhiambo Washington <odhiambo@gmail.com> wrote:
Why is this so much of an issue now? We've had M-Pesa registers with all this data. We've got security desks where we fill in all this data. Is this just to bash the IEBC or is because of the way the data is publicly available online? Well, I guess we have to live with it for now, so guys, start preparing for a steep increase in fraud cases!
On Mon, Jan 14, 2013 at 4:55 PM, Njiri John <njirijohn@gmail.com> wrote:
Information Security cannot be taken for granted. This was a security hole. i agree they could have used maybe the date of birth in addition to the id no. Guys... consider someone picking that data (your name and ID no) making a fake ID , buying a sim card ,registering it and use it to conduct crime using it. Remember for Sim registration you just require a photo copy.
Njiri John
On Mon, Jan 14, 2013 at 4:23 PM, Kivuva <Kivuva@transworldafrica.com> wrote:
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility.
On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones <skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Alibis really...maybe thats the day you were watching a movie at home alone.
On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote: > > IEBC should have put another level of security. I just changed one > number and got my cousins details. Its not so secure, coz I can easily > impersonate her with these details. > Sent from my BlackBerry® smartphone provided by Airtel Kenya > > -----Original Message----- > From: Odhiambo Washington <odhiambo@gmail.com> > Sender: skunkworks-bounces@lists.my.co.ke > Date: Sun, 13 Jan 2013 10:06:14 > To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> > Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> > Subject: Re: [Skunkworks] IEBC Online Voter verification flaws > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best Regards Jimmy Thuo
If five databases with different information were to be mined, the Person that eventually puts it together definitely has something they can sell/use. Iebc registry tells them where I vote, my party, consider most of the sites with the weaknesses are government related....so imagine they have the ID's of all dead people with land, they check with once and get a little bit more, then maybe the credit reference bureau gives them your credit limit or govt hospital records when they go digital.....excusing them now just means we expect the future implementations to be poorly done. I think we make noise not so much for iebc to change NOW but anyone doing this sort of thing in the future NEEDS to think about the security aspect of things....that and scaling, redundancy etc etc Sent from my iPad On 15 Jan 2013, at 12:45, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
So now the risk is back because all they need is your ID number....the rest they can get from the iebc site.
On Tue, Jan 15, 2013 at 12:31 PM, Kivuva <Kivuva@transworldafrica.com> wrote:
Wearing my CISA hat, Safaricom saw the risk of all that data lying around, and they changed their processes, the most visible being agents only recording the ID number xx xx xx xx of a transaction without a name tied into it.
And this came about after increased fraud. Callers from Kamiti would call you Mr. X, of id xx, send us 50K or we will come for your children and wife.
Now that has reduced.
Regards, Mwendwa Kivuva, CISA On 15 January 2013 11:40, Odhiambo Washington <odhiambo@gmail.com> wrote:
Why is this so much of an issue now? We've had M-Pesa registers with all this data. We've got security desks where we fill in all this data. Is this just to bash the IEBC or is because of the way the data is publicly available online? Well, I guess we have to live with it for now, so guys, start preparing for a steep increase in fraud cases!
On Mon, Jan 14, 2013 at 4:55 PM, Njiri John <njirijohn@gmail.com> wrote:
Information Security cannot be taken for granted. This was a security hole. i agree they could have used maybe the date of birth in addition to the id no. Guys... consider someone picking that data (your name and ID no) making a fake ID , buying a sim card ,registering it and use it to conduct crime using it. Remember for Sim registration you just require a photo copy.
Njiri John
On Mon, Jan 14, 2013 at 4:23 PM, Kivuva <Kivuva@transworldafrica.com> wrote:
A creative fraudster and con-artist can do a lot with combination of Name+IDnumber. We don't need to list those risks here for it to be a possibility.
On 13 January 2013 12:09, John Doe Smith Kamau KipNg'etich Jones <skunkworks.ku@gmail.com> wrote:
Using this app: https://play.google.com/store/apps/details?id=com.maseve.iebcchecker
.... ID numbers like '123456', '1234567', '12345678', '123456789' are apparently valid IDs, hehehehehehehe
On Sunday, January 13, 2013, Jimmy Thuo <jimmy.thuo@gmail.com> wrote: > Alibis really...maybe thats the day you were watching a movie at home > alone. > > On 13 Jan 2013 10:11, <dhikims@gmail.com> wrote: >> >> IEBC should have put another level of security. I just changed one >> number and got my cousins details. Its not so secure, coz I can easily >> impersonate her with these details. >> Sent from my BlackBerry® smartphone provided by Airtel Kenya >> >> -----Original Message----- >> From: Odhiambo Washington <odhiambo@gmail.com> >> Sender: skunkworks-bounces@lists.my.co.ke >> Date: Sun, 13 Jan 2013 10:06:14 >> To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> >> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> >> Subject: Re: [Skunkworks] IEBC Online Voter verification flaws >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ______________________ Mwendwa Kivuva For Business Development Transworld Computer Channels Cel: 0722402248 twitter.com/lordmwesh www.transworldAfrica.com | Fluent in computing kenya.or.ke | The Kenya we know
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best Regards Jimmy Thuo _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
I concur with Mbuthia. This data being online is easy to scrape. One can easily create a database...and sell it to desperate parties... [?] . A solution would have been a 'credit card cvv' like number on the electors card. On Sun, Jan 13, 2013 at 9:21 AM, Alex Nderitu <nderitualex@gmail.com> wrote:
This information is also available at polling stations in physical copy, albeit on a decentalised scale. I dont see any major privacy issue here. On Jan 13, 2013 9:04 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
How do you define identity theft in this context?
Take the M-Pesa case for instance - what is the likelihood of identity theft happening with it?
The hullabaloo on registrations into political parties w/o consent is fraud. I think identity theft is a totally different thing.
On Sun, Jan 13, 2013 at 8:54 AM, Jimmy Thuo <jimmy.thuo@gmail.com> wrote:
Well another level of security would be to provide the date of birth or age. Among the risks involved is identity theft just last week there was a hulabaloo of people claiming they have been registered into parties without their knowledge. On 13 Jan 2013 08:38, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
@Gerald,
How do you suppose someone can abuse the information? What other levels of security do you propose should be used and how?
Without suggesting solutions, you are simply part of the problem:-)
On Sat, Jan 12, 2013 at 10:55 PM, gerald mbuthia < geraldmbuthia@gmail.com> wrote:
Hi Skunks,
Just checked on whether am registered http://vote.iebc.or.ke/, of which I am, after that I decided to explore on whether one can mine data by keying of other ID Numbers . You will achieve this very easily,[?]trying adding/subtracting your ID number with any number, The results will amaze you. What am trying to highlight is one level of authentication wasn't a smart move with such sensitive national data.We are in the electioneering period.This has to be corrected. We must also commend them on mapping polling stations, for many it will be a useful added on feature.
Regards Gerald.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (12)
-
Alex Nderitu -
Derrick Wesonga -
dhikims@gmail.com -
gerald mbuthia -
Jimmy Thuo -
John Doe Smith Kamau KipNg'etich Jones -
John Gitau -
Kivuva -
Mike M. -
Njiri John -
Odhiambo Washington -
thomas.kibui@gmail.com