Could this be true..... "A Rwandan hacker has hacked and exposed KBC's database, revealing 2934 account details, ie. emails and passwords. The hacker, who gives his name as Cyuzuzo A., describes himself as a 16 year old, single Rwandese with knowledge in such web languages as: PHP, Asp, SQL, HTML, Java, perl, HTML. He can speak both French and English. ] " http://4.bp.blogspot.com/-madZKQP0m_Q/UAPUugBr0wI/AAAAAAAAZpQ/11B8Fb6Bonc/s1...
KCB or KBC? the latter is of no economic value http://pastebin.com/5hN3Y9Nk On Tue, Jul 17, 2012 at 2:24 PM, Antony Mwai <antonymwai@gmail.com> wrote:
Could this be true.....
"A Rwandan hacker has hacked and exposed KBC's database, revealing 2934 account details, ie. emails and passwords. The hacker, who gives his name as Cyuzuzo A., describes himself as a 16 year old, single Rwandese with knowledge in such web languages as: PHP, Asp, SQL, HTML, Java, perl, HTML. He can speak both French and English. ] "
http://4.bp.blogspot.com/-madZKQP0m_Q/UAPUugBr0wI/AAAAAAAAZpQ/11B8Fb6Bonc/s1...
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
looks fake to me, KBC everyone is a Sheik? Oliver On Tue, Jul 17, 2012 at 2:24 PM, Antony Mwai <antonymwai@gmail.com> wrote:
Could this be true.....
"A Rwandan hacker has hacked and exposed KBC's database, revealing 2934 account details, ie. emails and passwords. The hacker, who gives his name as Cyuzuzo A., describes himself as a 16 year old, single Rwandese with knowledge in such web languages as: PHP, Asp, SQL, HTML, Java, perl, HTML. He can speak both French and English. ] "
http://4.bp.blogspot.com/-madZKQP0m_Q/UAPUugBr0wI/AAAAAAAAZpQ/11B8Fb6Bonc/s1...
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Looks like KBC - Nigeria! :-) On Tue, Jul 17, 2012 at 2:24 PM, Antony Mwai <antonymwai@gmail.com> wrote:
Could this be true.....
"A Rwandan hacker has hacked and exposed KBC's database, revealing 2934 account details, ie. emails and passwords. The hacker, who gives his name as Cyuzuzo A., describes himself as a 16 year old, single Rwandese with knowledge in such web languages as: PHP, Asp, SQL, HTML, Java, perl, HTML. He can speak both French and English. ] "
http://4.bp.blogspot.com/-madZKQP0m_Q/UAPUugBr0wI/AAAAAAAAZpQ/11B8Fb6Bonc/s1...
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
"kalamumoto" doesn't look like a password a nigerian would have. but then again,I might be wrong :-)
Now that I read well, this is about a KBC database, somewhere.. Who cares? As one skunk said, it has no monetary value! On Tue, Jul 17, 2012 at 3:41 PM, Daniel Ndeti <dantoz@gmail.com> wrote:
"kalamumoto" doesn't look like a password a nigerian would have. but then again,I might be wrong :-) _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
And here i was thinkin it was KCB... So the guy was able to discover a loop hole to access the admin pages (mabbe a default password was used) ; Then he entered the sql database using the same password and give us a print out of users who access the page and leave their email address behind ... Big WhOOPP!!! I am sure the emails are not even KBC staff - these are probably those users told to register inorder to drop their comments ..
Until today I didn't know KBC had a website and an online community for that matter...sorry for my ignorance Regards Jared Koyier On 17 July 2012 16:22, ndungu stephen <ndungustephen@gmail.com> wrote:
And here i was thinkin it was KCB...
So the guy was able to discover a loop hole to access the admin pages (mabbe a default password was used) ;
Then he entered the sql database using the same password and give us a print out of users who access the page and leave their email address behind ... Big WhOOPP!!!
I am sure the emails are not even KBC staff - these are probably those users told to register inorder to drop their comments ..
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Ndungu, Look up something called "SQL Injection" and you will see what exploit was used to access this server. This is not the work of a polished hacker, more of a "script kiddy" trolling for vulnerabilities and chalking up a personal scorecard. Nevertheless, we should be afraid, very afraid... as it is abundantly clear that we have very low or zero standards within our organizations for Information Security... Mblayo [image: logo] *Brian Munyao Longwe* | Mobile: 254715964281 http://mashilingi.blogspot.com <http://www.facebook.com/brianmunyao> Facebook<http://www.facebook.com/brianmunyao> <http://www.twitter.com/blongwe> Twitter <http://www.twitter.com/blongwe> <http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> LinkedIn<http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> Contact me: [image: Skype] blongwe Want a signature like mine? <http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16> Click here.<http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16> On Tue, Jul 17, 2012 at 4:22 PM, ndungu stephen <ndungustephen@gmail.com>wrote:
And here i was thinkin it was KCB...
So the guy was able to discover a loop hole to access the admin pages (mabbe a default password was used) ;
Then he entered the sql database using the same password and give us a print out of users who access the page and leave their email address behind ... Big WhOOPP!!!
I am sure the emails are not even KBC staff - these are probably those users told to register inorder to drop their comments ..
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
the vulnerability here is that people usually use 1 password for everything so if someone has time, you can go into many of those email accounts.....possibly FB pages and twitter... On Wed, Jul 18, 2012 at 7:48 AM, Brian Munyao Longwe <blongwe@gmail.com>wrote:
Ndungu,
Look up something called "SQL Injection" and you will see what exploit was used to access this server. This is not the work of a polished hacker, more of a "script kiddy" trolling for vulnerabilities and chalking up a personal scorecard. Nevertheless, we should be afraid, very afraid... as it is abundantly clear that we have very low or zero standards within our organizations for Information Security...
Mblayo
[image: logo] *Brian Munyao Longwe* | Mobile: 254715964281 http://mashilingi.blogspot.com <http://www.facebook.com/brianmunyao> Facebook<http://www.facebook.com/brianmunyao> <http://www.twitter.com/blongwe> Twitter <http://www.twitter.com/blongwe> <http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> LinkedIn<http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> Contact me: [image: Skype] blongwe Want a signature like mine? <http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16> Click here.<http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16>
On Tue, Jul 17, 2012 at 4:22 PM, ndungu stephen <ndungustephen@gmail.com>wrote:
And here i was thinkin it was KCB...
So the guy was able to discover a loop hole to access the admin pages (mabbe a default password was used) ;
Then he entered the sql database using the same password and give us a print out of users who access the page and leave their email address behind ... Big WhOOPP!!!
I am sure the emails are not even KBC staff - these are probably those users told to register inorder to drop their comments ..
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sent from my Voice Recognition Watch© -------------------------------------------------------------------- Our greatest fear is not that we are inadequate,but that we are powerful beyond measure.It is our light, not our darkness, that frightens us.There is nothing enlightened about shrinking so that other people won't feel insecure around you.As we let our own light shine, we consciously give other people permission to do the same. As we are liberated from our fear,our presence automatically liberates others.
It is of no monetary value but as we all know most people reuse passwords for email, twitter, Facebook, work etc On Tuesday, July 17, 2012, Odhiambo Washington wrote:
Now that I read well, this is about a KBC database, somewhere.. Who cares? As one skunk said, it has no monetary value!
On Tue, Jul 17, 2012 at 3:41 PM, Daniel Ndeti <dantoz@gmail.com<javascript:_e({}, 'cvml', 'dantoz@gmail.com');>
wrote:
"kalamumoto" doesn't look like a password a nigerian would have. but then again,I might be wrong :-) _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke <javascript:_e({}, 'cvml', 'Skunkworks@lists.my.co.ke');> ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
online banking.... and then the infor suddenly becomes of significant monetary value!! On Tue, Jul 17, 2012 at 4:33 PM, Rad! <conradakunga@gmail.com> wrote:
It is of no monetary value but as we all know most people reuse passwords for email, twitter, Facebook, work etc
On Tuesday, July 17, 2012, Odhiambo Washington wrote:
Now that I read well, this is about a KBC database, somewhere.. Who cares? As one skunk said, it has no monetary value!
On Tue, Jul 17, 2012 at 3:41 PM, Daniel Ndeti <dantoz@gmail.com> wrote:
"kalamumoto" doesn't look like a password a nigerian would have. but then again,I might be wrong :-) _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, A. Mwai
Hahahaaa.... Let me go hacking/cracking!! On Tue, Jul 17, 2012 at 4:42 PM, Antony Mwai <antonymwai@gmail.com> wrote:
online banking.... and then the infor suddenly becomes of significant monetary value!!
On Tue, Jul 17, 2012 at 4:33 PM, Rad! <conradakunga@gmail.com> wrote:
It is of no monetary value but as we all know most people reuse passwords for email, twitter, Facebook, work etc
On Tuesday, July 17, 2012, Odhiambo Washington wrote:
Now that I read well, this is about a KBC database, somewhere.. Who cares? As one skunk said, it has no monetary value!
On Tue, Jul 17, 2012 at 3:41 PM, Daniel Ndeti <dantoz@gmail.com> wrote:
"kalamumoto" doesn't look like a password a nigerian would have. but then again,I might be wrong :-) _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Regards,
A. Mwai
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
@Rad, I was thinking along the same lines. Maybe google (gmail) and fb guys should be crawling pastebin and blocking access to exposed accounts unless the user can provide the answers to security questions On Tue, Jul 17, 2012 at 2:42 PM, Antony Mwai <antonymwai@gmail.com> wrote:
online banking.... and then the infor suddenly becomes of significant monetary value!!
On Tue, Jul 17, 2012 at 4:33 PM, Rad! <conradakunga@gmail.com> wrote:
It is of no monetary value but as we all know most people reuse passwords for email, twitter, Facebook, work etc
On Tuesday, July 17, 2012, Odhiambo Washington wrote:
Now that I read well, this is about a KBC database, somewhere.. Who cares? As one skunk said, it has no monetary value!
On Tue, Jul 17, 2012 at 3:41 PM, Daniel Ndeti <dantoz@gmail.com> wrote:
"kalamumoto" doesn't look like a password a nigerian would have. but then again,I might be wrong :-) _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Regards,
A. Mwai
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Skunks Iebc should follow this trend keenly ./Cal Sent from my BlackBerry® -----Original Message----- From: Bwana Lawi <mail2lawi@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Tue, 17 Jul 2012 14:49:57 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] KBC Hacked? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (12)
-
Antony Mwai -
Brian Munyao Longwe -
Bwana Lawi -
calvinebarongo@gmail.com -
Daniel Ndeti -
Jared Koyier -
Joram Mwinamo -
Moses Njuguna -
ndungu stephen -
Odhiambo Washington -
Oliver Ndegwa -
Rad!