lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050322182828.19328.qmail@web52603.mail.yahoo.com>
From: f0rtify at yahoo.com (Scott)
Subject: Looking for a pro-bono white hat...

Hi all,

I work for a non-profit organization here in the US. 
Over the last four years, we have engaged a technology
firm to build a large, custom Apache/PHP-based
application for us that has CRM-type features.

Recently, we found that one of our servers had been
rooted.  We have cleaned up most of the resulting
mess, but unfortunately, we haven't figured out what
vector(s) the attackers used to gain access to our
system.  The application is fairly large and it has
not undergone any sort of security audit.

We're a 501(c)3 nonprofit, which means that we're poor
and we do not have any money to spend on security
testing. :-(

In my dream world, I'd like to find a white hat with a
verifiable reputation (so I can try to sell the idea
of "letting hackers try to break into our servers" to
our management) who would be willing to donate a
couple of hours in attempting to validate our site's
security.  Other than giving you "good karma", we
could probably write you an acknowledgement letter for
an in-kind donation as well (which, if you live in the
US and if your accountant agrees, might be usable as a
tax deduction).

I don't really want to advertise the details of our
insecure site to the whole list, so more details are
available on request.  (If you can include any info
about the organization you work for, that would be
appreciated, since it would help me avoid disclosing
any details to script kiddies.)

Thanks!
Scott



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ