On Friday 28th February 2014, I had the pleasure of attending the first ever Africahackon conference at the PWC towers in Westlands, Nairobi. This event brought together industry experts on infosec and enthusiasts like myself. In the room we had real hackers too, but the good ones; ethical hackers. The goal of this meetup was to bring awareness on the state of information security in the country and show real demos of how an exploit is done. At the beginning of the event we all had to concur that
“You can and will be hacked”. Well, some didn’t but when the event was over, we all were on the same page on that.
Dr. Bitange Ndemo was in attendance and challenged the developers in the house to take Kenya to the next level by creating super secure applications. He also talked about the events of the Mobile world conference which he had attended at Barcelona. Most of the stuff he talked about is published in this article.
Of great interest, Dr. Ndemo mentioned the need for us as Kenyan developers to work on improving our language to the best possible competences. Now that gives us two options. The first one is to develop Kiswahili to be at the same technical level as English. The challenge with this is that we would always have to play catch as we would be downstream to the changes in the English language. The second option is mastering the language of the queen so best that we can even challenge those who call it their own. More on the dynamics of language is published here.
The reason for taking either of the two options above is because “Our languages are not dynamic enough to incorporate global terms and hence makes us lag behind”, noted Ndemo. The need to develop these languages is rooted to the fact that Africa looks like pretty much the next big thing if these two reading recommendations is anything to go by.
The conference went on punctuated by occasional breaks to announce clues for a hack battle, appreciate the presence of yet another industry big wing or the so loved tea breaks. By the time it was over, at 9pm (12 hours straight) I had this blog hacked as a Demo of how WordPress sites are hacked(and got an anonymous mask for it). In addition to all that, different speakers spoke about different facets of infosec which include and not limited to:
1. Challenges faced in implementing information security
2. Reconnaissance in the development of a hack
3. Performing network discovery as part of reconnaissance
4. Black box penetration testing
5. The open web application security project
6. What to do when you have just been hacked
7. Radio Frequency(RF) attacks
8. BYOD security issues and policies
9. Bots and Botnets (Zeus)
10. Managing computer security incidents
11. ISO 27002:2005
This has nothing to do with my love of football!
I also managed to grab a few links which are worth every second spent exploring as the first steps of understanding how to hack and hence protect oneself from being hacked.
2. Nmap.org
4. Owasp.org
5. Honeynet.org
7. Sans.org
Summing up this, I wish to put it in clearly that most of the online services being implemented lack even the most basic security and this was demonstrated. Therefore, it’s going to be a matter of time before these services are put down either by a person with real motivation whether monetary or otherwise or simply a script kiddy reading tutorials from wherever. So whichever one it is, the first step would be to hack oneself because for sure
“You can and will be hacked” and that’s not a threat but just a time bomb.
1 thought on “You can and will be hacked”