The day I became a Hacker – Searching my head why I did it …(no excuses found)

I one day found myself in one of those posh upscale places in Uganda, Those places you enter and you forget you are in this dusty + floods infested Kampala. (I will have to literally kill you for me to disclose this place). Furthermore it is on one of those days l feel holier than the Pope. I had 3 devices, yes 3; to connect to the Internet. I ask this tall beautiful waitress with a weird weave (I loathe weaves but that is for another day)  for access to their “Internet”, she hands me a paper with login credentials typed.

It hit me hard, there was a big problem; the credentials only allow single sign on and yet l had two other geeky things that were Internet hungry, l could see from the look on their digital faces that they needed updates and other things that they know that they gobble from the Internet.
I again politely asked the waitress for another rap, she disarms me with a smile that made me forget she had slammed a no on me.

I pull out all the sweet words l could only falling short of telling her l’m taking her out for Valentine’s in the middle of the year. She still says no citing something to do with management policy et cetera.

Well; l coiled my small tail and said thank you for the life saving access to the Internet, l will buy social bundles for the rest. As her footsteps faded in the background, l had an eureka moment. That moment l smiled and realized l could surprise them too.

So l log in to the WiFi, dig around with my ICT jargons and find out the default gateway blah blah and l run an admin log in attempt on the web GUI. I think my other two devices had been praying too because the default admin credentials got me signed in. I could see every other device connected.
Gentlemen and Ladies; it is simple, too many bulls in the kraal is receipt for annoyingly slow Internet and quarrels with my laptop, the kind of mix l don’t want. I did the only logical thing l had to do to save a life.


Well the next few minutes saw my former good friend pacing around, calling the manager, hahaha calling l don’t wana know who as l sheepishly smiled and sipped on my dawa tea.

Soon word spread around that “the Internet is spoilt”. I felt sorry but but…. I sat there for close to 2 hours till l got a rude reminder that my bed was at home missing me. I undid the whitelist l had created, signed out and left.

I will go back again another day and wreak havoc …..

Tip: Always change default configurations for your ALL devices else someone like me will hack you

This is the cheapest and simplest hack in the book, it is as a result of poor practices by network administrators

Is this the part I pen a conclusion?

Being able to compose a tweet is said to be something smart because you don’t have a lot of “space” to  type all your so called humble thoughts. I beg to say that is being mean with words, what would some of us with a look of words do? Reason my twitter account forgot about me.

Either way, l’m still in celebration mode; it took me decades of planning on creating a blog, then l entered the procrastination phase and now l have run out of excuses – l just had to pull a NIKE on it.

I promise to whip out different topics all bundled up not as a reflection of how cracked up I’m but rather as a way of letting some words of wisdom transfer to you.

This might be short but hey why complain? Write your own J

I’m very happy my first post on my newly baked blog is about hacking (pun intended)


Is your Financial Services Mobile App a security risk?

Smart phone penetration is ever growing as each day passes. most people use smart phones for Facebook, WhatsApp, Twitter, taking pictures, the rest of the uses are negligible such as Bible Apps installed (some have never been opened since it was first installed). Among the Mobile Apps installed are those that help us access and make payments for utilities, school fees et cetera from the comfort of our sitting rooms or bedrooms.

Imagine after a long day, you are all tired, headed home around 8:00 pm and all of a sudden you pounced upon by these wrong elements of society. The goons assault you, grab your handbag or wallet; ransack through its contents, fishing out every single penny you have in there. Usually they stop here after smacking you here and there. Always remember to file a police report and if possible go for medical checkup.

I have heard of a few cases in Kenya where they ask you to walk with them to the ATM and withdraw money on your account too. This is fairly OK because there is always a withdrawal cap, worst case scenario they can detain you for a few days as they keep withdrawing your money in small amounts. Sooner or later someone is going to realize you are missing, report you missing and other processes begin.

Where was l? Lets go back to the innocent phone, everyone nearly has a Financial Mobile App installed in their phone, such Apps range from Mobile Money, E-Banking Apps, PayPal just to mention a few but you get my point?
What if that thief forces you to log in? Forces you to make a bank transfer of what ever contents you have in your actual/available (these things still confuse me) balance to some other bank number or mobile phone? I agree that most of our thugs here are not yet that tech savvy enough basing on police figures of what has been stolen.

What if some day these guys wake up and start “smartly” robbing us clean? What are the safe guards these Apps give us? Can the poor App know its faithful boss is being robbed?

All I’m giving is food for thought, exercise caution.

If the worst comes to the worst and you are very paranoid, l advise you to only download and install such Apps when you need to use it, after transacting go ahead and uninstall.

No need giving the wrong element more creative ideas to steal from you.



Backup and Disaster Recovery – do you have have a plan?

What would you do if your CEO calls you at 8:00pm on a saturday night telling you he or she cant send a critical email to the board. he summons you to office as an emergency. You enter the server room and you observe the server rack and there is no sign of life on that server in question; say the UPS malfunctioned and fried the mail server. You feel that cold sweat trickle down your back when reality hits you. Why reach that point?

Backup and recovery methods are essential to data protection and security. Any loss of data due to file corruption, virus, security or human error is a loss of time and money. Furthermore, loss of data can severely impact the success of a project, department or college or government ministry. An effective server backup and recovery plan is crucial. It can mean the difference between recovering in minutes rather than days or even after several weeks.

FACT: on average, over 40% of companies without a Disaster Recovery Plan go out of business after a major data loss. According to figures from a study conducted by the Strategic Research Corporation. They provided the top five leading causes of business continuity and disaster recovery incidents as being;

  • Hardware Failures (servers, switches, disk drives, etc) 44%.
  • Human Error (mistakes in configurations, wrong commands issued, etc) 32%
  • Software Errors (operating systems, driver incompatibility, etc) 14%
  • Viruses and Security Breach (unprotected systems are always at risk) 7%
  • Natural Disasters 3%

The human element is among the weakest links in a Backup and Disaster Recovery Policy others include threat of virus infection, hacking, server side scripting or malicious take-downs. Disaster with respect to systems and networks is a broad subject that due to numerous factors can render a service unavailable. Among the key factors to consider is security. Performing security checks or hardening or penetrative testing etc are ongoing processes that needs modification and updates. Furthermore securing any server or network is not a one off project.

This plan be be a 4 page document or a very detailed 100 page document depending on the scope. Key features of this document include;

  • Planning for  a disaster; sounds weird but yes, you need to analyze your most likely threats such as Flooding if you stay in Bwaise. have a team that is responsible for managing this recovery; team should include a variety of departments and remember senior management must be in the loop of situations. this team will help come up with both core and non-core business processes that are at risk of being affected. collect as much relevant information as you can e.g. which vendor equipment is in use, do you have a secure offsite backup location, potential risks and alot more.
  • Emergency response; what criteria do you use to aknowledge you have a disaster at hand. do you have alerts incase of a server? this determines how fast you respond.
  • Recovery Procedures; document how best you would recovery if you experience a disaster.
  • You need to test the plan, train your staff and remember to maintain the plan by routine reviews and updates as your environment changes.

No server or system or database is guaranteed 100% disaster proof or hack proof however following minimum security recommendations makes it harder to compromise any installation. The website of EC Council the institution that teaches and certifies Certified Ethical Hacking (CEH) got hacked, The US Department of Defense was hacked and they didn’t know for nearly 4 months, Microsoft reports an estimated 300,000 attempted attacks every day. In the event of a compromised system, what is important is; identification of the root cause, restoration of services as soon as possible, incident management and documentation so that there is no re-occurrence (learn from mistakes). Intervention methods include; user training on Information Security Awareness.

The key to a successful Disaster Recovery Plan is planning. A formal review of a Disaster Recovery Plan should be conducted yearly, and a quarterly Disaster Recovery Readiness Assessment Audit should be conducted as well to ensure that objectives and scope are being achieved.

If procedures are followed, it helps ensure services are restored as soon as possible in the event of service disruption due to a disaster. It is worthy of note that other processes are key to ensuring this document objectives are achieved example Database Management Policy, Application Code Management Policy, Change Management Processes Guidelines, Redundancy Backup Server Guidelines. Thus it is a collective effort to ensure business continuity.

This writeup is brief doesnt cover everything it should however give you a feel of what you can go through or when disaster strikes. Do you have a plan or policy in place? Its not too late, l can help you draft up one at a small fee, you will thank me later.

My love-hate affair with weaves

It is said and I quote “a woman’s beauty is not complete without her hair” – Ronald Eyit

Before the digital ink of the last sentence dries up, this piece: wait; does piece refer to a weave term or written article? Where was I? this is purely not about you yes you my sister reading this but rather about how l got to hate weaves. It wasn’t a one off but rather a series of bad encounters till this most recent one sealed the deal so to speak. Plus my definition of weaves includes its other cousins with catchy names like brazillian et cetera not forgetting the many colors of the rainbow they come with.

First hear me out: one beautiful day l was running late for an afternoon meeting, l ran back into the house 3 times because l kept forgetting something, l didn’t know mother nature was setting me up.

By the time l reached the stage, l found myself standing next to this beautiful young corporate lady waiting for a taxi. Everything about her was in its right place from the shoes to the handbag to her dress with the sole exception of her hair. She looked like the hot windy dry season blasts of moody  African hurricanes had done a hostile coup take over on her head, it’s like she was driven through the desert streets in a convertible and the tribes of wind took turns yanking her hair left, right ,this way, that way. The mass of hair or whatever its name morphed into l don’t know. I saw a sight so hard to un-see: I don’t know but there was something else like her hair line was starting from the middle of her head and yet l could see her forehead had “other” hair with something to do with some places having threads like she was patched up in a rush by some gigantic sawing machine. l don’t know what to call it so l will stop trying to explain just know it was baya sana. She reminded me of the shaolin monks with a pony tail of hair towards the back of their heads. Honestly speaking she caught me dead starring at her head. l found myself mumbling  a good morning Madame in the afternoon (hihi)

That was just ¼ of my ordeal that was yet to unfold. As fate would have it, we were headed the same direction thus entered the same taxi, shared the same seat then my longest journey to Ntinda started. First l was accosted by some not so welcoming smell l guess coming from her side, my sense of smell was harassed and bullied because her perfume was testosterone spiking, l think my blood sugar levels shot up. Then l got those occasional “weave slaps” on my face by her hair thanks to the wind, l once thought of faking a stop just to jump into another taxis. Then she kept throwing her head backwards  like the way l see the other women with those natural long hairs do on TV to put right their hair. By this time, my immaculately white shirt had strands of hair like our laundry got mixed up or we woke up in the same bed. What would happen if l hugged her? Wouldn’t l walk away with half her hair?? How would l explain to nani where the hair came from??? I know too many questions

It gets worse – In the midst of all this l get a WhatsApp message that the meeting had been rescheduled to the following week, l didn’t read the details – because my mind kept reading weave this, weave that. I had had enough l turned to face my tormentor only to be disarmed by a smile and a question asking me if I knew where Capital Shoppers Ntinda is located, l nearly added “they have saloons there too”. I said a prayer to filter out poison from my loud mouth least l say ungentlemanly words to an innocent looking lady, I told her l knew the place and yes as a matter of fact l was going to that very building complex too so l could walk her there. We alighted, l pointed her in the right direction and wished her a good weave day, l needed to put much ground between me and her.  She should fire her stylist – I can volunteer….

I stopped short of inviting her for dinner @ Heritage Bar & Restaurant so l could rumble away about my anti-weave bill yet to be tabled in parliament yari yari. (Their chef prepares very tasty finger licking pork skewers – you gotta pass there one of these days. Freddo Advertisement Invoice coming…).

Before you judge me; know that l don’t hate women, l only don’t agree with the hair fashion sense of some women who subscribe to the weave movement. Their taste violates the rights of other citizens; the right to seeing pleasant optical nourishments without shedding a sad tear. You remember that Nigerian woman whose weave fell off during the long jump event??? Aya – I can see you wishing to jump on me an strangle me up with a barbed wire but hold your fire siste l’m angry but still love you with or without a weave.

Nothing puts a wide smile on my face on any given day than seeing a lady rocking a natural afro

DISCLAIMER: l have never put on a weave or ever convinced anyone to go for it. I can bet my lunch on that.