Full Disclosure mailing list archives
Looking for a pro-bono white hat...
From: Scott <f0rtify () yahoo com>
Date: Tue, 22 Mar 2005 10:28:27 -0800 (PST)
Hi all, I work for a non-profit organization here in the US. Over the last four years, we have engaged a technology firm to build a large, custom Apache/PHP-based application for us that has CRM-type features. Recently, we found that one of our servers had been rooted. We have cleaned up most of the resulting mess, but unfortunately, we haven't figured out what vector(s) the attackers used to gain access to our system. The application is fairly large and it has not undergone any sort of security audit. We're a 501(c)3 nonprofit, which means that we're poor and we do not have any money to spend on security testing. :-( In my dream world, I'd like to find a white hat with a verifiable reputation (so I can try to sell the idea of "letting hackers try to break into our servers" to our management) who would be willing to donate a couple of hours in attempting to validate our site's security. Other than giving you "good karma", we could probably write you an acknowledgement letter for an in-kind donation as well (which, if you live in the US and if your accountant agrees, might be usable as a tax deduction). I don't really want to advertise the details of our insecure site to the whole list, so more details are available on request. (If you can include any info about the organization you work for, that would be appreciated, since it would help me avoid disclosing any details to script kiddies.) Thanks! Scott __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Looking for a pro-bono white hat... Scott (Mar 22)