http://www.kenyapolice.go.ke/ hacked again
Just goes to show that being hacked is not a web server issue. it is a SECURITY issue! On Wed, Jan 5, 2011 at 6:08 PM, Chips Funga <chips.funga@yahoo.com> wrote:
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On 5 January 2011 18:10, Rad! <conradakunga@gmail.com> wrote:
Just goes to show that being hacked is not a web server issue. it is a SECURITY issue!
indeed http://www.kenyapolice.go.ke/site-admin/ReadMe.txt hehe - yani wacha tuu -- Pamoja e:daudi.were@gmail.com <e%3Adaudi.were@gmail.com> skype: d.were
On Wed, Jan 5, 2011 at 6:08 PM, Chips Funga <chips.funga@yahoo.com> wrote: I love the "hacker"! He's made the site a nice comics site. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
In order for any information security breach to have impact, the victim of such a breach must value their data and information. Once data and information is assigned a value (economic or social or reputation or other forms) and risks are computed based on those values, then that data and/or information becomes an asset to be protected. I stand to be corrected but I assume that most of the data and information that our police hold is on paper (those A3 size occurrence books (OBs) written in ink). In this case an information security breach that can impact the Police today would be the loss or or un-authorized access to the warehouse or container that holds those OBs. Defacing their website today is therefore equivalent to covering the notice board in Vigilance house with a piece of paper .. .. .. value-wise .. zero .. "a fart in the wind" .. and life moves on un-perturbed. Some would say ignorance is bliss and such ignorance may have "saved" them for now BUT such ignorance eventually renders one irrelevant. The question we should be asking are.. 1. Does Kenya Police have a sustainable IT infrastructure and knowledge to manage the massive volume of information that they handle on a daily basis ? 2. Does the Kenya Police have a plan to digitize the data and information they hold or will the OBs continue to be used ? 3. When will the Kenya Police begin to capture, process and disburse information in electronic format ? The answers to this questions and many others are the ones that will begin to create "value" for communication tools like a website or a server. Otherwise for now they are only concerned about where Itere's re-organization plans.
On Thu, Jan 6, 2011 at 10:41 AM, Thomas Kibui <thomas.kibui@gmail.com>wrote:
In order for any information security breach to have impact, the victim of such a breach must value their data and information. Once data and information is assigned a value (economic or social or reputation or other forms) and risks are computed based on those values, then that data and/or information becomes an asset to be protected.
I stand to be corrected but I assume that most of the data and information that our police hold is on paper (those A3 size occurrence books (OBs) written in ink). In this case an information security breach that can impact the Police today would be the loss or or un-authorized access to the warehouse or container that holds those OBs.
Defacing their website today is therefore equivalent to covering the notice board in Vigilance house with a piece of paper .. .. .. value-wise .. zero .. "a fart in the wind" .. and life moves on un-perturbed. Some would say ignorance is bliss and such ignorance may have "saved" them for now BUT such ignorance eventually renders one irrelevant.
The question we should be asking are..
1. Does Kenya Police have a sustainable IT infrastructure and knowledge to manage the massive volume of information that they handle on a daily basis ? 2. Does the Kenya Police have a plan to digitize the data and information they hold or will the OBs continue to be used ? 3. When will the Kenya Police begin to capture, process and disburse information in electronic format ?
The answers to this questions and many others are the ones that will begin to create "value" for communication tools like a website or a server. Otherwise for now they are only concerned about where Itere's re-organization plans.
You are spot on! As much as I can tell, from what I have heard in the media, quoting Police topdogs there are no such plans to digitize Police operations. It would be interesting to hear this from the Police themselves, but not from the spokesman. Do they even have a designated IT director? That would give you an indication on where they stand. I don't know of a way to take them to task. I'd have loved to do it and let them respond to us. Perhaps the director of govt IT Directorate or something. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
I think you guys are being too hard on the mboys... Claire.
Clare, is the photo related?
On Thu, Jan 6, 2011 at 12:32 PM, Claire Njoki <clairenjoki@gmail.com> wrote:
I think you guys are being too hard on the mboys...
Claire, That guy is adorning a badge which gives his rank as Senior Sergeant. You just don't become a Senior Sergeant for nothing! There must be a reason for being "senior" and a "sergeant" :-) Reminds me of them days when whenever the police "visited" we would refer to the most bulky of them as the "coblo" (corporal), rank notwithstanding! Sasa huyu angeitwa koblo yao<tihihi> -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
@Dennis...lol I think the picture says that our police first and foremost need a gym more than they need tools to fight cyber crime. On 1/6/11, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Thu, Jan 6, 2011 at 12:32 PM, Claire Njoki <clairenjoki@gmail.com> wrote:
I think you guys are being too hard on the mboys...
Claire,
That guy is adorning a badge which gives his rank as Senior Sergeant.
You just don't become a Senior Sergeant for nothing! There must be a reason for being "senior" and a "sergeant" :-)
Reminds me of them days when whenever the police "visited" we would refer to the most bulky of them as the "coblo" (corporal), rank notwithstanding!
Sasa huyu angeitwa koblo yao<tihihi>
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Allow me to play "devil's" advocate here, The problem here does not lie with the Police Service but with the Ministry of Information and communication which should, in theory work with the public service commission to build human capital for a proper National Computing grid, as I mentioned sometime last year, for ALL Government Ministries, with specific divisions handling sensitive sectors such as Finance, Foreign Affairs, Provincial and Internal security and Defence exclusively. This would have all government websites and online business systems(that require web access - for say the Foreign Affairs Ministry) run from a central point, managed by skilled civil servants that report to their respective ministerial bosses. The scenario now is pretty ad-hoc with each Ministry handling it's own information and communications policies and budgets, and this is the reason why the go.ke domain has websites and other Information Systems ranging from categories world class to poor man's. In as much as we are a 3rd world country, fortunate enough to have an excess of skilled labour in the market we should at-least get this bit right. Catching the script-kiddy who defaced the Kenya Police website will only offer a short term solution if not make him/her popular and will not offer a long-term solution in what most members of this mailinglist and other members in the ICT fraternity in Kenya would call irresponsible computing. My 2 Cents. *Steps away from the podium and heads to a roadside cafe for matumbo fry with ugali saucer
@patrick "*Steps away from the podium and heads to a roadside cafe for matumbo fry with ugali saucer"...lol Nice post BTW, Claire. On 1/6/11, Patrick Kariuki <patrick.kariuki@gmail.com> wrote:
Allow me to play "devil's" advocate here,
The problem here does not lie with the Police Service but with the Ministry of Information and communication which should, in theory work with the public service commission to build human capital for a proper National Computing grid, as I mentioned sometime last year, for ALL Government Ministries, with specific divisions handling sensitive sectors such as Finance, Foreign Affairs, Provincial and Internal security and Defence exclusively. This would have all government websites and online business systems(that require web access - for say the Foreign Affairs Ministry) run from a central point, managed by skilled civil servants that report to their respective ministerial bosses.
The scenario now is pretty ad-hoc with each Ministry handling it's own information and communications policies and budgets, and this is the reason why the go.ke domain has websites and other Information Systems ranging from categories world class to poor man's.
In as much as we are a 3rd world country, fortunate enough to have an excess of skilled labour in the market we should at-least get this bit right. Catching the script-kiddy who defaced the Kenya Police website will only offer a short term solution if not make him/her popular and will not offer a long-term solution in what most members of this mailinglist and other members in the ICT fraternity in Kenya would call irresponsible computing.
My 2 Cents.
*Steps away from the podium and heads to a roadside cafe for matumbo fry with ugali saucer _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
My take is that im supposed to have confidence on the people who keep me secure. If they cant keep their assets secure(whether valuable or not) what does that do to my confidence that they will protect me, or my assets as well when attacked? On Thu, Jan 6, 2011 at 3:44 PM, Claire Njoki <clairenjoki@gmail.com> wrote:
@patrick
"*Steps away from the podium and heads to a roadside cafe for matumbo fry with ugali saucer"...lol
Nice post BTW,
Claire.
On 1/6/11, Patrick Kariuki <patrick.kariuki@gmail.com> wrote:
Allow me to play "devil's" advocate here,
The problem here does not lie with the Police Service but with the Ministry of Information and communication which should, in theory work with the public service commission to build human capital for a proper National Computing grid, as I mentioned sometime last year, for ALL Government Ministries, with specific divisions handling sensitive sectors such as Finance, Foreign Affairs, Provincial and Internal security and Defence exclusively. This would have all government websites and online business systems(that require web access - for say the Foreign Affairs Ministry) run from a central point, managed by skilled civil servants that report to their respective ministerial bosses.
The scenario now is pretty ad-hoc with each Ministry handling it's own information and communications policies and budgets, and this is the reason why the go.ke domain has websites and other Information Systems ranging from categories world class to poor man's.
In as much as we are a 3rd world country, fortunate enough to have an excess of skilled labour in the market we should at-least get this bit right. Catching the script-kiddy who defaced the Kenya Police website will only offer a short term solution if not make him/her popular and will not offer a long-term solution in what most members of this mailinglist and other members in the ICT fraternity in Kenya would call irresponsible computing.
My 2 Cents.
*Steps away from the podium and heads to a roadside cafe for matumbo fry with ugali saucer _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sent from my Voice Recognition Watch© -------------------------------------------------------------------- Our greatest fear is not that we are inadequate,but that we are powerful beyond measure.It is our light, not our darkness, that frightens us.There is nothing enlightened about shrinking so that other people won't feel insecure around you.As we let our own light shine, we consciously give other people permission to do the same. As we are liberated from our fear,our presence automatically liberates others.
participants (9)
-
Chips Funga -
Claire Njoki -
Daudi Were -
Dennis Kioko -
Joram Mwinamo -
Odhiambo Washington -
Patrick Kariuki -
Rad! -
Thomas Kibui