[OWASP-South Africa] Membership survey results and more

Brett Russell brett.russell at owasp.org
Thu Jun 12 07:08:10 UTC 2014

Hi All,

Thanks to those of you that replied on the Heartbleed bug (but please send
your replies to the list for the benefit of all and not directly to me in
future). Tim made an excellent point which I would like to share:

*"Hack reports of South Africa: At some point somebody hacked the SA
Police's website. I think it happened last year.  They stole the personal
information of thousands of people apparently. Hack attempts happen all the
time in South Africa.  You might just not always be aware of it.  South
Africa is made up mostly of small businesses as opposed to the USA for
example which is made up of mostly big corporations.  Small businesses are
big targets for hackers with financial gain in mind and they will be very
subtle when attacking. Very few companies in South Africa monitor their
logs of their servers."*

Two things that stand out for me from this:
1. Even if your website is not hacked, that does not mean you are not
effected. We live in a global and online community and it is only through
community based organizations like OWASP and others that we can truly
tackle security and privacy issues. It is no longer good enough to just
protect our own back yards as we have a vested interest in protecting our
neighbours yard as well.
2. South Africa (and Africa in general) is different in the way we live and
work, and so we need to tackle the issues that we see here differently as
well. Exactly how we can achieve this, I am not entirely sure yet, but that
is why we need to have the conversations.

On a related note, Secure Johannesburg will be held on the 23rd of
September, and I suggested to ISC2 that we (OWASP) join the event
as partners. I am speaking at the event anyway, and I think it would help
to get more exposure to the local OWASP chapter. I would like your opinions
please so let me know if there are any objections.

Kind regards,

OWASP South Africa

On Sun, May 25, 2014 at 8:33 PM, Brett Russell <brett.russell at owasp.org>

> Hi All,
> I have been back from a nice long break for 2 weeks now, so I am finally
> up to date with my emails, time to catch up on OWASP as well.
> To those that completed the membership survey, thank you, here are the
> results: https://www.surveymonkey.com/results/SM-WK6DCNP/
> If you would like to complete the survey still, here is the link:
> https://www.surveymonkey.com/s/695PDWN.
> <https://www.surveymonkey.com/s/695PDWN>
> It has been a busy couple of weeks from a security perspective. eBay made
> the news for the wrong reasons with a hack exposing 145 million (yes
> million) users names, passwords, address's etc.  There is still some
> fallout from the Heartbleed incident going around to this day as well, and
> will continue for a while. If you don't think web security is important for
> your company, just ask Gregg Steinhafel, former CEO of Target who lost his
> job over a similar security breach (maybe he should have joined OWASP, he
> might still have his job).
> What is not clear to me at the moment is what South Africa is like? We
> (Paycorp Group) were not effected by Heartbleed at all, and thankfully,
> haven't been the target of any major hack attempts (I am holding my wooden
> desk as I say this). So I have 2 questions:
> 1. Does anyone know of a reliable source of hacking attempts or hack
> reports in South Africa?
> 2. Does anyone have any personal experience of a hack attempt (successful
> or not) that they would be willing to share so we can start to get a better
> picture of what is happening here. Otherwise, if you were for example
> affected by the Heartbleed bug, what was the impact and fallout?
> Last thing, the mail robots have done their thing and the mailing list has
> been pruned to only active address's, so please feel free to send emails to
> the OWASP South Africa mailing address (owasp-southafrica at lists.owasp.org)
> or simply reply to this email.
> Kind Regards,
> Brett Russell
> OWASP South Africa Chapter Leader


Kind Regards,
Brett Russell
OWASP South Africa Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-southafrica/attachments/20140612/bc30d6e7/attachment.html>

More information about the OWASP-SouthAfrica mailing list