1. this mail does not belong on this list - we as a community believe that security is a process best served by open sourcing the software.
2. further we as a community of hackers feel insulted that we are confused with crackers 3. and finally we believe that the only effective way to test proprietary software is to hire a million monkeys and put them on a million keyboards, and we wish to assure you that there are no monkeys available on this list. On Monday 24 May 2010 01:16:07 Perl Programmer wrote: > Dear Friends > > Brief intro befor coming to question > > I am part of vast majority of this group ( silient spectators ) , made a > few posts although not from this mail id . > > been a unix ,perl ,cms developer for most of my career , now I am involed > as lead deveoper for one of largest banking sites. > > My client is worried that someone will hack into their new site ( banking > site ,security integerity etc etc ) > > Even though we carried out a penetration test by a specialist team from > Argentina and Isreal there is really nothing in the report except known > vulnarabilites like sql injection ,cross script attack and how to prevent > them , would have been happy if they were identified. Basically a crap > report running into thousands of pages virtually meaningless/Even after the > report came out he (client ) was asking me to try to break into the > application. > > > > Mostly there can be only 2 ways to hack into a system ( correct me if I am > wrong ) > > 1) Basically the system admin is an idiot or > > 2) Some thusfar unknown vulnarabilty which is exploited > > > > Most of us would be fascinated if someone says they hacked into something ( > Ankit fadia ) , atleast eager to find out what they did,which they probably > will never tell or nothing might have happenned ( like tcs.com hack in > techcrunch ) > > Every often we can read in newspapers about hacking festivals in colleges > where something was hacked in under X hours and prizes distributed by Mr X > ( I wish this is as simple ) > > > > Enough background ,now the question > > 1) I want to setup a server where commonly used tools will be > available ( a simple linux box with apache + one DB + one cms + what ever > the machine config can support ), users will get appropriate access > including shell + whatever , even root if that’s required. > > 2) Users can freely experiment without any fear of anything ( no fear > of internals for students & no legal action whatsoever. This is a outright > promise > > 3) Subject to small fee ( not for profitabilty but for maintanence ) , > collecting fee may not be a good idea afterall /Any sponsors for servers & > bandwidth? > > > > 4) Anyone who are really sucessful in their experiments must be > willing to share their experiences , anonymously also welcome. > > > > 5) T&C to be decided and agreed > > > > > > > > Do you think this a good enough idea to be implemented ? > > +usual disclaimer as my cats have apprently learned to type I am in no way > responsible for anything including content of this email and any flame war > that might happen . Nor my employer has any relation to this mail . this > mail is in good faith and is meant to help students and programming > community at large. > _______________________________________________ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > -- regards kg http://livejournal.com/lawgon _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
