Addis Ethiopia Weblog

Ethiopia's World / የኢትዮጵያ ዓለም

  • October 2021
    M T W T F S S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Archives

  • Categories

  • Recent Posts

Posts Tagged ‘Security’

የዶ/ር አህመድ ተቋም “ኢንሳ” የዓለም ዲጂታል ቴክኖሎጂ ባለሙያዎች መሳለቂያ ሆነ

Posted by addisethiopia / አዲስ ኢትዮጵያ on May 31, 2019

የውጭ አገራት ጠላፊዎች የ142 ኢንሳ ወኪሎችን ኢሜይል አድራሻዎችን እና የይለፍ (የምሥጢር) ቃላትን በቀላሉ ለመጥለፍ ችለዋል። ምክኒያቱ፦ የኢንሳ ወኪሎች አስቀድሞ ሊተገበር የሚችልና አሰትማማኝ ያልሆኑ የይለፍ ቃላትን ለመጠቀም በመምረጣቸው ነው።

ይህን መረጃ ያቀረበችልን ባለሙያ፡ አሳፋሪ ስለሆነ ክስተት እንዲህ ብላለች፦

The passwords we discovered in use by INSA were basic (and hackable) beyond belief.“

በ ኢንሳ ጥቅም ላይ የዋሉት የይለፍ ቃላት ለማመን እስኪከብድ መሰረታዊ (እና የሚጠለፉ) ናቸው።”

As the most tech-savvy people in Ethiopia, whose entire careers literally revolve around online and national security, their lack of secure passwords is absolutely shocking„

እጅግ በጣም በተራቀቀ ቴክኖሎጂ ላይ እድሜልካቸውን ለመሰማራት የመረጡና በብሔራዊ ደህንነት ላይ ያተኮሩ ኢትዮጵያውያን ባለሙያዎች አስተማማኝ ያልሆኑ የይለፍ ቃላትን መጠቀማቸው በጣም አስደንጋጭ ነው።”

ኢትዮጵያ አገራችንን እንደ ክፍት መጽሐፍ ማንም ያነባታል ማለት ነው። ምስጢር የሚባል ነገር የለንም፤ ጠላቶቻችን ሁሉ ስለ አገራችን የሚፈልጉትን መረጃ ሶፋቸው ላይ ቁጭ ብለው በቀላሉ ማግኘት ይችላሉ።

ለነገሩማ ተቋሙ በዶ/ር አብይ አህመድ ገና ተልእኮው አገራችንን ብዙ ከሆኑት የውጭ ጠላቶቿ ለመመከት ሳይሆን፥ በማህበራዊ ድረገጾች ላይ ኢትዮጵያውያንን ማሸበርና፣ የህሊና ታጋዮችን ማሸማቀቅ ነው። እውቀታችንን፣ ጊዚያችንን እና ገንዘባችንን ኢትዮጵያን ከውጭ ጠላት በመከላከል ሥራ ላይ ከማሰማራት ኢትዮጵያውያኑን እየመታንና እያዳካምን አገራችንን ለጠላት አሳልፈን ለመስጠት እንሻለን። ከቦሌ አውሮፕላን ማረፊያ የሚደርሱን መረጃዎች እንደሚጠቁሙን፡ ልዩ ፍተሻ የሚካሄድባቸው መንገደኞች ኢትዮጵያውያን እና ሌሎች አፍሪቃውያን ብቻ ናቸው፤ ነጩ ሰተት ብሎ ይገባል/ይወጣል። ምን ዓይነት ዘመን ነው?! ምን ዓይነት ከሃዲ ትውልድ ነው!?

ይህ አሁን የተከሰተው ነገር፡ ምናልባት ኢትዮጵያን የሚጠቅም አጀንዳ ስለሌላቸው ሤራቸው ይጋለጥባቸው ዘንድ የተፈጠረ በጎ ነገር ሊሆን ይችላል። ፀረኢትዮጵያ ሴራቸውማ ፈጠነም ዘገይም በሚገባ መጋለጡ የማይቀር ነው።

በነገራችን ላይ ጦር ሠራዊቱም ተመሳሳይ ክስተት ይታይበታል፤ ስለዚህ እነ አረቢያ እና ግብጽ አዲስ አበባ ድረስ፣ የሕዳሴው ግድብ ድረስ ሰተት ብለው መግባት ይችላሉ ማለት ነው። እጅግ በጣም ያሳዝናል!


Ethiopian INSA Agents Hacked: 142 Agents Chose The Predictable Password


SafetyDetective’s research lab discovered a leak online regarding the Ethiopian National Security Agency (INSA).

The hackers managed to easily scrape a few hundred of INSA agents’ email addresses and passwords, allowing them to potentially log in to INSA’s email server (and personal emails using the same credentials).

INSA notoriously monitors and intercepts all Ethiopian citizens’ communication, in an attempt to ‘safeguard the country’s information and information structures’, according to their website’s mission statement…

Political hacking is nothing new: While the fact that hackers could so easily hack a security agency – and the Ethiopian INSA especially – is alarming, what was even worse was that the passwords we discovered in use by INSA were basic (and hackable) beyond belief. Basically, they weren’t salted and hashed. While big databases usually have their data protected and encrypted (in case someone breaks in), this one didn’t and had common passwords easy to decrypt.

Just take a look for yourself: Screenshot of 42 of the 300 secure email addresses and passwords of Ethiopian INSA employees

Of the 42 passwords screenshotted above (of 300 overall), 9 of those are ‘p@$$w0rd’ – AKA, one-step above ‘password’ which we also saw 3 uses of in total (of 300). That’s really secure, security agents!

In fact, out of the 300 agent email addresses we scraped, we counted 142 uses of ‘p@$$w0rd’ (that’s almost half), and 62 passwords containing a `123’ sequence, similar to another surprising set of unchanged default passwords that were discovered by our team. It goes without saying that, even had the server not been hacked, the passwords we saw post-scraping were easily hackable.

As the most tech-savvy people in Ethiopia, whose entire careers literally revolve around online and national security, their lack of secure passwords is absolutely shocking, although major security breaches affecting ordinary citizens are nothing new.

That and the fact that, when we tried to verify the hack, we were able to use these leaked login credentials again and again.

Since the data was scraped a while ago, it now seems that these credentials no longer work, meaning INSA has either reset these passwords or changed the internal email server.

But, sensitive INSA data is still available to even the most low-level of hackers: taking the leaked usernames and using a brute-force attack on the new email server would still easily hack agents’ new passwords especially if they are as insecure and hackable as they were previously.

We suggest the agents set new, stronger passwords that are as secure as their employment requires them to be: Safety Detective’s Password Checker will allow INSA agents to strengthen their preferred passwords (other than ‘p@$$w0rd’) to prevent any further hacks.

It is recommended that databases encrypt sensitive info, then if the worst happens, attackers will be left with useless hashes.

Because all matters of national security deserve to be securely ‘password’ protected.

Source

_______________________

Posted in Curiosity, Ethiopia, Infos, Media & Journalism | Tagged: , , , , , , , , , , , , | Leave a Comment »

Your Bodies Scanned At The Airport

Posted by addisethiopia / አዲስ ኢትዮጵያ on October 23, 2008

Airport officials get X-ray vision

And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name…and his number is Six hundred & sixty-six. (Rev.13:15-18)

Just 20 years ago the full body scan was Hollywood’s view of the future. But what was science fiction has become science fact, and is coming to an airport near you.

 

Now, technology and security got to the stage where we, in effect, have to have our genitals shown, viewed by someone in another room, in the name of airport safety.

 

Once it’s introduced at airports there will then be calls for it to be introduced at sporting stadiums, there will then be calls for it to be introduced at public malls to deal with teenagers carrying knives, or even in our neighborhood.

 

Continue reading…

Posted in Curiosity | Tagged: , , , , | Leave a Comment »

 
%d bloggers like this: