Dear Friends Brief intro befor coming to question
I am part of vast majority of this group ( silient spectators ) , made a few posts although not from this mail id . been a unix ,perl ,cms developer for most of my career , now I am involed as lead deveoper for one of largest banking sites. My client is worried that someone will hack into their new site ( banking site ,security integerity etc etc ) Even though we carried out a penetration test by a specialist team from Argentina and Isreal there is really nothing in the report except known vulnarabilites like sql injection ,cross script attack and how to prevent them , would have been happy if they were identified. Basically a crap report running into thousands of pages virtually meaningless/Even after the report came out he (client ) was asking me to try to break into the application. Mostly there can be only 2 ways to hack into a system ( correct me if I am wrong ) 1) Basically the system admin is an idiot or 2) Some thusfar unknown vulnarabilty which is exploited Most of us would be fascinated if someone says they hacked into something ( Ankit fadia ) , atleast eager to find out what they did,which they probably will never tell or nothing might have happenned ( like tcs.com hack in techcrunch ) Every often we can read in newspapers about hacking festivals in colleges where something was hacked in under X hours and prizes distributed by Mr X ( I wish this is as simple ) Enough background ,now the question 1) I want to setup a server where commonly used tools will be available ( a simple linux box with apache + one DB + one cms + what ever the machine config can support ), users will get appropriate access including shell + whatever , even root if that’s required. 2) Users can freely experiment without any fear of anything ( no fear of internals for students & no legal action whatsoever. This is a outright promise 3) Subject to small fee ( not for profitabilty but for maintanence ) , collecting fee may not be a good idea afterall /Any sponsors for servers & bandwidth? 4) Anyone who are really sucessful in their experiments must be willing to share their experiences , anonymously also welcome. 5) T&C to be decided and agreed Do you think this a good enough idea to be implemented ? +usual disclaimer as my cats have apprently learned to type I am in no way responsible for anything including content of this email and any flame war that might happen . Nor my employer has any relation to this mail . this mail is in good faith and is meant to help students and programming community at large. _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
