advertisement

Ownai, the new Tengai experiences brief downtime, some suspect another hack

advertisement

A few hours ago we mentioned how Tengai, Econet’s online classifieds which was hacked some months ago had been brought back online as Ownai.

advertisement

Shortly after this ,Ownai became inaccessible, with visitors to the URL ownai.co.zw being directed to a page carrying a 504 Gateway Timeout error message. Usually, this is diagnosed as a network error between servers, but because of the history that Tengai had with security breaches, some people assumed that this could be another attack.

Some of the comments shared so far have said,

advertisement

Is it just me or this website has a certificate error? webmaster needs to up his game a little bit, these unnecessary errors can be avoided.

Your connection is not private
Attackers might be trying to steal your information from http://www.ownai.co.zw (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

One reader called Mbuzi has said,

and its down again? ” 504 Gateway Time-out nginx ” These guys are not serious

Another reader, Macd Chip had this to say,

This is not good! I was going to say this is a good start for econet to employ all those students that they got involved in training at Muzinda Hub.
They graduated them as IT Specialist, but what picture does it give when you are being trained by people who cannot even to maintain the their own website running for 24hrs.

l would say its a great opportunity for econet to show that they did actually trained the best by employing some of the students, but not now. This is more than embarrassing to say the least.

They have leaders with vision, but lack the technical hands to carry the vision forward.

The site is back up again, and while we don’t know if this was another attack on the platform, there are some possibilities that can considered here. Sure, this could have been a Denial of Service (DoS) attack or a DDoS (Distributed Denial of Service) attack, but perhaps the Ownai team was still configuring the platform.

After all, the relaunch of the site didn’t come through any official announcements which means they might not be fully geared to take on a lot of traffic.

Besides, if it had been attacked, as was the case last time, the entity behind would have likely taken credit for their work, just like what Anonymous Zimbabwe, the previous attacker group did.

Whatever the explanation though, Tengai Ownai has just gotten a glimpse of the sort of expectations regarding web security that were set after the previous attack that grounded it for months.


Quick NetOne, Telecel, Africom, And Econet Airtime Recharge

If anything goes wrong, click here to enter your query.


WhatsApp Discussions

Click to join a Techzim WhatsApp group:
https://chat.whatsapp.com/DhJIODAb9nSCqaB6fl4syL

If you find the group full, please notify us on +263 715 071 199 and we'll update the link.


32 thoughts on “Ownai, the new Tengai experiences brief downtime, some suspect another hack

  1. As someone involved in the service, I know that the official launch has yet to happen. They are still conducting final tests internally to prepare the site to launch publicly. Guess Techzim are struggling to find proper stories these days.

    1. And you are the one to talk? Considering the sloppy crap you dished us the first time, you should hold your piece. I think you created a rubbish site again and are just hiding behind a finger.Tss official launch my *ass.

    2. Why go live if y’all not ready? Dont hide behind ‘techzim’ leak. Makaita load/stress testing? What is your expected audience? coz if its a subset of Techzim’s audience and that still crashes your site?

    3. the story said brief downtime, why so defensive Econet insider or you are paid by the master to troll comments here that don’t reflect badly on your bosses.

      hahahahahaha, um #As someone involved in the service, you say you are involved then next line your explanation is #They are still conducting final tests. You need to do your job properly Zim has high unemployment you might just join the statistic.

    4. You all have some high and mighty, holier than thou attitude. Yet you are a greedy lot,maximising on high margins, smuggling lines into the black market to sell for $100+ during the hard times and most recently undercutting the existing ecommerce ecosystem by zero-rating your packets.

      Unfortunately your “high” salaries do not equate to competencensure for all reasons highlighted by peers in the industry.
      “We are testing”
      Laughable

    5. The job of the press is to report something before or as it happens. So unlike you techzim is actually doing their job

  2. “Besides, if it had been attacked, as was the case last time, the entity behind would have likely taken credit for their work, just like what Anonymous Zimbabwe, the previous attacker group did.”

    That isn’t a rule. Sometimes a DDOS is a precursor to another attack.

    You also don’t even have to be a genius to pinpoint if it is a DDOS attack. So its either they know and won’t say or worse… they don’t know.

  3. Ownai hasn’t launched yet. Spoke to Econet and they’re still conducting tests on the platform before going live to the public – they didn’t let me know the exact date sadly. I’m curious how techzim heard about ownai given no official announcement from econet. Good scoop lol

  4. On issues of Security, econet insiders should not be loud. In case they be embarrassed even further. I have discovered that in terms of cyber security we are a bit Lax, and we mostly don’t do pen-testing on our platforms.We are just quick to customize open source which every one has access to its coding.I wont even mention on running updates daily.a Zero day attack in less that 1 hour? even on a SSL, then heart-bleed is a suspect on their certificates.
    Its high time we prioritize Security.A company should at least have a systems security analyst.Finally we can apply.Our relevance now is slowly getting into picture.Any assistance on doing pen tests for your environs, I am here

  5. Inside information claims site is now hosted in Econet environment instead of ZOL after first attack.The Econet Security team is said to have been running penetration tests and brought the system online to identify weaknesses. This is the time TechZim may have come across the system.

    1. Then the security team is dumb

      Then the people managing the project is equally dumb

      Who publishes a website that isnt production ready and is still being tested? This isnt even Beta.

      The fact that people can access the URL already makes it public. It is already in production. You think people hold back to wait for some launch party with people drinking cocktails and patting each other’s backs?

      If its not ready, simply do not publish it!

  6. it was probably a test, you know once beaten twice shy. that is why there was no press release. Leak information to see what would happen.

    unless those guys in IT at Econet are now so used to colluding to get out of trouble that they were blind to the attack and the ones that will follow when its official. Incompetence should be spelt with a E for Econet.
    E-ncompetence

    Security is slack a at Econet, zviripachena.

    I hope this does not reflect badly on the Infrastructure supplier Liquid Telecoms that now connects all things Econet and now sells hosting, and payment solutions.

      1. We at one point were considering running a ftp site within the company dmz network. l installed CrushFTP on a Ubuntu server with NOTHING on it and put it live to monitor the respond from would be hackers monitoring it via WildFire https://www.paloaltonetworks.com/products/technologies/wildfire.html

        Within minutes we were being hit by scans and everything and within hours the Chinese were on us. After a day we pulled the cable and reconsidered the decision.

        By the way, we have a yearly pen testing done on our network and randomly whenever we put up a new service and not sure how secure it looks from outside the world.

  7. I honestly believe this was leaked intentionally to Techzim to generate a respond, keep it online for few hours then disconnect it.
    If its not officially launched, as in this case, there is no room for public to complain. How do we kno there was even production data on it!

    I have seen Boeing and Airbus test flying their planes(Boeing flew their Dreamliner from US to Ethiopia https://www.youtube.com/watch?v=XQUBo1mMzlA ) with no passenger aboard to make sure everything is in shape.

    1. Your analogy with the airbus test flights is misplaced. The argument isn’t about testing (at least from my end)

      My point is that having the website publicly available (even for testing) is inherently an actual launch. Not the ceremony they refer to.

      That already shows lack of depth on their part. What should be public should not be the result or impact of their testing. It can be anything from a redirection to a splash page.

      We should not be privy to a non-production ready system.

      If they are truly testing, then there is also the risk of an error leaking the internals of the system.

      1. Someone leaked this…

        Personally l will still test it out without production on public, obviously after doing internal security testing before official launch.

  8. Yes, there is mediocrity on the Econet side, but quoting the unfounded allegations leveled by Macd Chip into an official article also shows mediocrity on the part of Techzim or some hidden agenda. Is Techzim trying to tarnish Econet because it does not fund or participate in their workshops? We may never know

    1. Its awareness being raised by Techzim, let the public be judges wether techzim is tarnishing econet or not.

      One of my favourity security blog is krebonsecurity. The guy does release unofficial infor he get every where even on darknet.

      1. You said the site was developed by Muzinda graduates, that’s not correct, it was developed by Liquid Thought from South Africa http://www.liquidthought.co.za/ I know Techzim is aware of this, but they went on to quote you in their article, does it not show some sinister motive on their part?

        1. I said graduates from Muzinda…

          Read again, is it that hard understand. Ngatinyorei nechiShona kana kuhwisisana kuri kunetsa.

          1. Dude, “graduates from Muzinda” or “Muzinda graduates”, same thing bro. My point is it was not developed by anyone from Muzinda and TechZim was not supposed to quote your spew, which you obviously cooked up to look knowledgeable. Liquid Thought is a South African company contracted for the job, it has no Link to Liquid Telecoms or Econet.

          2. If you hav read my post thoroughly, you would have noticed l was so critical of econet approach on this especially when they claim to be training experts.

            Problem yamunayo maZimba you think through emotions and everyone is holdìng a hammer ready to strike a nail.

            There is no grey area, either you are supporting or not supporting, which is very danger approach.

            People hate econet and take sides, either you support econet or not. This causes a polarised environment which we find ourselves in.

            All my comments are my own opinion, never a claim of being fountain of knowledge, just opinion nothing more.

        2. What sinister motive it was a display of contents in the comments section unless they should vhange them to suit what you want to hear. Whicj anounts to muzzling the press.

Comments are closed.