[OWASP-South Africa] Membership survey results and more

Jordan Forssman jordanforssman at gmail.com
Fri May 30 05:55:53 UTC 2014

Heartbleed was a vulnerability specific to OpenSSL which is rarely
used in the financial services industry. So you would pretty much be
safe if your systems are not using it.

That being said, identifying whether or not you have any systems using
OpenSSL is a larger task. You can start here: http://heartbleed.com.
If you have any systems integrated with 3rd party solutions, you'll
also want to check the status of those parties. Most organizations
have long since published their status but you can always ask.

Here's another handy resource: https://filippo.io/Heartbleed/

I remember the hack against the police website. If I recall correctly
it was executed proof of concept style (allegedly) in an attempt to
expose the site's insecurity.

Other than that, I have only seen details surrounding more
consumer-targeted attacks. General phishing campaigns targeting some
of the banks and LOTS of malware, but the latter is often independent
of geolocation.

In terms of trends, there is a real emergence of "Threat Groups" that
include state-sponsored actors, organized crime groups, hacktivists,
and "APT for hire" (basically out of work engineers & security folks
who have turned to the dark side.)

The organized crime groups are generally more involved with less
targeted, broad-based attacks aimed at harvesting financial details
and installing ransomware.

The remaining groups are less obvious & generally more focused. It
would be interesting to try understand the impact in South Africa.
Often these groups are after intellectual property, code, trade
secrets, etc. With the emergence of China & India as the biggest
competitors to South African companies in the new scramble for entry
into Africa's emerging markets, this is likely to become an area of

What we are likely to see with these types of groups, focusing on SA
companies, is access to information regarding business operations,
financing, customers, logistical operations, etc, for the purposes of
gaining competitive advantage.

It would be very interesting to see the footprint of these types of
activities in South Africa. Unfortunately, a Google search for "honey
pot South Africa" only pulls up a list of B&Bs! Perhaps this would be
a good starter project for the refreshed OWASP SA Chapter?

I was recently reviewing the status of Information Protection laws in
SA, in the context of the financial services as I was recently shocked
to find some providers had little-zero protection policies. I found
that the Protection of Personal Information (POPI) Act was signed into
law on Nov 27th last year and, pending the announcement, companies
will have 1 year to comply.

I think this will be a tough challenge for a lot of SA companies
initially, but will provide the impetus for a more consolidated
security industry and perhaps result in the development of a more
open-platform for security folks in SA to share their experiences and
facilitate knowledge-transfer within the industry.


> On May 29, 2014, at 19:58, timogoosen <timogoosen at runbox.com> wrote:
> Hash: SHA1
> What makes you think that you havn't been affected by heartbleed?
> Hack reports of South Africa: At some point somebody hacked the SA
> Police's website. I think it happened last year.  They stole the
> personal information of thousands of people apparently.
> Hack attempts happen all the time in South Africa.  You might just not
> always be aware of it.  South Africa is made up mostly of small
> businesses as opposed to the USA for example which is made up of
> mostly big corporations.  Small businesses are big targets for hackers
> with financial gain in mind and they will be very subtle when attacking.
> Very few companies in South Africa monitor their logs of their servers.
> Monitoring logs is a difficult thing to do. Interesting presentation
> which is somewhat related: www.youtube.com/watch?v=RmHUO4EZ4_0
>> On 05/25/2014 06:33 PM, Brett Russell wrote:
>> Hi All,
>> I have been back from a nice long break for 2 weeks now, so I am
>> finally up to date with my emails, time to catch up on OWASP as
>> well.
>> To those that completed the membership survey, thank you, here are
>> the results: https://www.surveymonkey.com/results/SM-WK6DCNP/
>> If you would like to complete the survey still, here is the link:
>> https://www.surveymonkey.com/s/695PDWN.
>> <https://www.surveymonkey.com/s/695PDWN>
>> It has been a busy couple of weeks from a security perspective.
>> eBay made the news for the wrong reasons with a hack exposing 145
>> million (yes million) users names, passwords, address's etc.  There
>> is still some fallout from the Heartbleed incident going around to
>> this day as well, and will continue for a while. If you don't think
>> web security is important for your company, just ask Gregg
>> Steinhafel, former CEO of Target who lost his job over a similar
>> security breach (maybe he should have joined OWASP, he might still
>> have his job).
>> What is not clear to me at the moment is what South Africa is like?
>> We (Paycorp Group) were not effected by Heartbleed at all, and
>> thankfully, haven't been the target of any major hack attempts (I
>> am holding my wooden desk as I say this). So I have 2 questions:
>> 1. Does anyone know of a reliable source of hacking attempts or
>> hack reports in South Africa?
>> 2. Does anyone have any personal experience of a hack attempt
>> (successful or not) that they would be willing to share so we can
>> start to get a better picture of what is happening here. Otherwise,
>> if you were for example affected by the Heartbleed bug, what was
>> the impact and fallout?
>> Last thing, the mail robots have done their thing and the mailing
>> list has been pruned to only active address's, so please feel free
>> to send emails to the OWASP South Africa mailing address
>> (owasp-southafrica at lists.owasp.org
>> <mailto:owasp-southafrica at lists.owasp.org>) or simply reply to this
>> email.
>> Kind Regards, Brett Russell OWASP South Africa Chapter Leader
>> _______________________________________________ OWASP-SouthAfrica
>> mailing list OWASP-SouthAfrica at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-southafrica
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> NThSyI/WrPSTPuzBWVsSgi/3yyGxXwfjsuWdggbEHkY6Nrb9Ffvf8Q+gofzytaMg
> 5JqS475tq/RavZwDfMdBUlDK/b9yWuhpd9yopPbO28Mg+w6OWUveCmerIdMpuDSO
> p8S1f0G2FywfJZRQmsJm/uH3yVksEgzB9v0+x7sHB7tijzNtpLgRx1ucVJTBqlmp
> MdFDalSe0ykmnwdkU6c1q34Uq+tv/cdouNQzIf26f/0D9iohs+dg/Cv9gFBCsP8g
> BxHFLEloi3kKGLJRhglLSOuUr8bI9ERlTJ5KDaet7T5KpdM5pe+E40LiMSn0JCyP
> kVhmEUaAijWLWFBamlybCkEK/5ilYjHfzVaa+W5PCu+Goyhk34NAES7kqTrTjaXY
> si8li0Klrm5hKy8YbMDVMKQKEqgGFm8ST9Mwy4iBCV0x/KTa0JkzD2rJ7AFKqRuY
> pIetgb1kxX2upKPbiZ9gkBkLfhd/5OxUm0CRaYN1tQ7lhNb9gfLWt3i0v6+b5xYl
> rJU9CJoM3uK8xAzR+rocSqKPFJo+Jc74ovQYciYfw3xfb6YUIB07/ThNGNJS/c0G
> zexKgS1nvz5tbAkgzQoUeTULfnnUPG9iEtP3svMqOYwZ0SNo6OeUjzcWrH5fvJE4
> =yG6r
> _______________________________________________
> OWASP-SouthAfrica mailing list
> OWASP-SouthAfrica at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-southafrica

More information about the OWASP-SouthAfrica mailing list