Once a hacker is successful in hacking one site , which they usually do through code injection, They stand a better chance to reach other site on the same server. Message: 3 Date: Fri, 22 Mar 2013 19:46:57 +0300 From: David Njuguna <dnjuguna@gmail.com> To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Websites hacked Message-ID: <CAHvk+7uZ6o2yHgh9O9BpzU94i4P5b02bvBktKt25uSRwKtnG=g@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" There are several layers that can get compromised. The web application is not the only one that can be penetrated and compromised. The web server, the operating system, the database server etc all offer an opportunity for penetration. On Fri, Mar 22, 2013 at 6:41 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
Point me where I am wrong, please. Which statement, so that I can clarify?
On 22 March 2013 16:26, John Gitau <jgitau@gmail.com> wrote:
Wash you are wrong on this one. Some my sites at hosted safaricom are still unreadable/unreachable.
Sent from my iPad
On 22 Mar 2013, at 15:12, Odhiambo Washington <odhiambo@gmail.com> wrote:
Nothing strange about that. When you design and host a website, the security of the apps you use should be your responsibility, I believe. The hosting provider just gives you the space and cannot audit all the code you use on your website. I believe the hosting provider only needs to ensure the general security of the server OS, the web apps, the database, etc - but that doesn't stop a n00b from using some CMS whose security model they don't understand, which can also lead to the whose server being compromised. So I'd talk of safaricom separately and just say the website xxxx.whatever has been defaced/compromised/whatever-word-here.
On 22 March 2013 15:02, Antony Kimani <kimanianthoni@gmail.com> wrote:
is it true websites hosted by safaricom have been hacked ? larrymadowo.co.ke is an example
regards Antony....
Its called distributed Metastasis. Happens a lot during advanced Penetration Testing On 3/22/13, Morris <sageauk@yahoo.com> wrote:
Once a hacker is successful in hacking one site , which they usually do through code injection, They stand a better chance to reach other site on the same server.
Message: 3 Date: Fri, 22 Mar 2013 19:46:57 +0300 From: David Njuguna <dnjuguna@gmail.com> To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Websites hacked Message-ID: <CAHvk+7uZ6o2yHgh9O9BpzU94i4P5b02bvBktKt25uSRwKtnG=g@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
There are several layers that can get compromised. The web application is not the only one that can be penetrated and compromised. The web server, the operating system, the database server etc all offer an opportunity for penetration.
On Fri, Mar 22, 2013 at 6:41 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
Point me where I am wrong, please. Which statement, so that I can clarify?
On 22 March 2013 16:26, John Gitau <jgitau@gmail.com> wrote:
Wash you are wrong on this one. Some my sites at hosted safaricom are still unreadable/unreachable.
Sent from my iPad
On 22 Mar 2013, at 15:12, Odhiambo Washington <odhiambo@gmail.com> wrote:
Nothing strange about that. When you design and host a website, the security of the apps you use should be your responsibility, I believe. The hosting provider just gives you the space and cannot audit all the code you use on your website. I believe the hosting provider only needs to ensure the general security of the server OS, the web apps, the database, etc - but that doesn't stop a n00b from using some CMS whose security model they don't understand, which can also lead to the whose server being compromised. So I'd talk of safaricom separately and just say the website xxxx.whatever has been defaced/compromised/whatever-word-here.
On 22 March 2013 15:02, Antony Kimani <kimanianthoni@gmail.com> wrote:
is it true websites hosted by safaricom have been hacked ? larrymadowo.co.ke is an example
regards Antony....
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
participants (2)
-
Gichuki John Chuksjonia -
Morris