There s an assumption that most attacks are done externally Securing yr site from external attacks, shouldn't make u happy, it's like living in a fool s paradise
Sent from my iPhone On Aug 17, 2011, at 8:03 AM, Phillip Simbwa <[email protected]> wrote: >> Yep - little nuance > >> Do they do write-ups of how they break into, and the >> vulnerabilities/loopholes which enabled them? > >> eb > > There is no such thing as "Ethical Hacking" in the computer misuse > bill turned act! Hence documentation & making such information public > could easily excite the security organs & concerned stake holders to > the point of having lunch with you (bill is on them). > > To shade a little light on the above, search for "Ethical Hacking" any > where in the computer misuse/abuse act or the DPP website: > > The Directorate of Public Prosecution > http://www.dpp.go.ug/pespectives_cyber.php > > The Computer Act 2011 > http://ict.go.ug/index.php?option=com_docman&task=doc_download&gid=57&Itemid=61 > >> A good hack is one where I get in, document what I did to get it, expose a >> vulnerability, suggest how to plug it... that is a good hack. This is at the >> very least... > > Again, in Uganda, the math is simple; > Black/White/Grey/Ethical hacker === hacker. > And activities by such a person === hacking. > > Hence the only option left for any hacker (White/Ethical) is to remain > Anonymous & his/her exploits secret (The most important law in the > hacking community is: NEVER GET CAUGHT). > > On the flip side, the site is a joomla job and scanning for vulnerable > joomla sites & exploiting them is basic even for a script kiddie with > a little Perl knowledge. > > Aung Khant of yehg.net put together a script available here: > http://yehg.net/lab/pr0js/files.php/joomscan.pl?first_time=1# > > OWASP has a joomla vulnerability scanner (really nice): > https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project > > So, who ever did the mabira thing didn't have exceptional abilities > (probably ran a scan, followed up on the results & ka-boom). > > My 2 cents > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in any > way. _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
