Ola pessoal, esta fundacao esta procurando profissionais de alta segurança de
servidor, web e dados em linux para uma consultoria.
Indispensavel ingles fluente.
Abstract da proposta abaixo com info de contato.
-------- Messaggio Originale -------- Oggetto: Open Call (RFP) for Telematics
Security Consulting Services
Data: Tue, 15 May 2007 16:27:27 +0200
Da: rufo guerreschi <[EMAIL PROTECTED]>
A: fiorella de cindio, Marco Bodrato, Marco Calamari, coughlan, Stefano
Maffulli, "lv.mancini", Rebecca Mercuri, "Benj. Mako Hill" , Todd Davies, Samir
Mehta , Mazin Ramadan , Henry Poole , Fabrizio Capobianco, Giovani Spagnolo
kindly forward this Open Call to security consultants that you think may be
both interested and capable to perform the following required services.
Open Call (RFP) for
Telematics Security Consulting Services
Dear prospective consultant,
please find below an RFP for consulting services to help us devise a model of
collective security that can be replicated by all providers of telematic
services using exclusively FLOSS software.
We have allocated 1500-2500 euros for this activity. Also, as part of the
contract we may devise ways to publicly recognize the chosen consultant's
contribution within the foundation website, or its technical advisory board.
At least part of this activity need to be performed before June 5th, as we will
be confronting criticism by many experts during a public event.
Please, send proposal before May 18th. Proposal can be very short, mentioning a
number of hours to be performed and any relevant work done.
The Telematics Freedom Foundation (TFF) is working on a system architecture and
hosting requirements for its web service, do2gether.org, that wants to
establish a model by which the actual nature, and therefore security and
privacy characteristics, of a telematics service can be democratically
controlled by its users.
We have devised draft Download Agreements and Hosting Requirements that should
guarantee, to a very very high level, to a user of a such service, that the
software and hardware on the machine providing the service are what the service
provider says they are.
We are assuming that the user is running on his PC (installed or on a live CD)
a off-the-shelf and properly configured high-security flavor of Gnu/linux and
basic FLOSS web browser. The client should preferably use a (modified if
necessary) widely available web broswer such as Firefox or Opera.
We are assuming that physical access security to server cages is "perfect". The
only remote connection to the servers is by users of the web service through a
web browser. All administration will be done in-person in front of the servers.
We have full control on the Live CD for the clients, as well as all the
software on the web server and the other servers on the cage. All software need
to be available under a FLOSS license, or at least their code should be
audit-able (and compilable) by any user on request.
What kind of FLOSS software can be installed on both the client and the server
to best prevent man-in-the-middle attacks? To what degree can we prevent them?
Can 512-bit encryption be put in place? Is that crackable by governments,
militaries or well other well-funded and equipped entities?
How can we prevent (and to what degree) that the user may think they are using
The Server, while instead they have been redirected to a fraudulent server?
How can we best prevent (and to what extent?) intrusion in the servers?
How can we best detect (and to what extent?) intrusion in the servers and track
what such intrusion caused?
(Optional) Can we (and how) prevent that people with illegal access to the
users web traffic with his ISP can discover that they have access The Server?
(Optional) To what extent can we prevent denial-of service attacks?
If interested, call me for any questions at +39 335 7545620
*********** END FORWARDED MESSAGE ***********
PSL-Brasil mailing list
Regras da lista: