Ola pessoal, esta fundacao esta procurando profissionais de alta segurança de servidor, web e dados em linux para uma consultoria. Indispensavel ingles fluente. Abstract da proposta abaixo com info de contato.
abs, Giovani Spagnolo -------- Messaggio Originale -------- Oggetto: Open Call (RFP) for Telematics Security Consulting Services Data: Tue, 15 May 2007 16:27:27 +0200 Da: rufo guerreschi <[EMAIL PROTECTED]> A: fiorella de cindio, Marco Bodrato, Marco Calamari, coughlan, Stefano Maffulli, "lv.mancini", Rebecca Mercuri, "Benj. Mako Hill" , Todd Davies, Samir Mehta , Mazin Ramadan , Henry Poole , Fabrizio Capobianco, Giovani Spagnolo Please, kindly forward this Open Call to security consultants that you think may be both interested and capable to perform the following required services. Thanks, Rufo Guerreschi ---------------------- Open Call (RFP) for Telematics Security Consulting Services Dear prospective consultant, please find below an RFP for consulting services to help us devise a model of collective security that can be replicated by all providers of telematic services using exclusively FLOSS software. BUDGET We have allocated 1500-2500 euros for this activity. Also, as part of the contract we may devise ways to publicly recognize the chosen consultant's contribution within the foundation website, or its technical advisory board. TIMELINE At least part of this activity need to be performed before June 5th, as we will be confronting criticism by many experts during a public event. Please, send proposal before May 18th. Proposal can be very short, mentioning a number of hours to be performed and any relevant work done. BACKGROUND The Telematics Freedom Foundation (TFF) is working on a system architecture and hosting requirements for its web service, do2gether.org, that wants to establish a model by which the actual nature, and therefore security and privacy characteristics, of a telematics service can be democratically controlled by its users. We have devised draft Download Agreements and Hosting Requirements that should guarantee, to a very very high level, to a user of a such service, that the software and hardware on the machine providing the service are what the service provider says they are. We are assuming that the user is running on his PC (installed or on a live CD) a off-the-shelf and properly configured high-security flavor of Gnu/linux and basic FLOSS web browser. The client should preferably use a (modified if necessary) widely available web broswer such as Firefox or Opera. We are assuming that physical access security to server cages is "perfect". The only remote connection to the servers is by users of the web service through a web browser. All administration will be done in-person in front of the servers. EXPECTED SERVICES We have full control on the Live CD for the clients, as well as all the software on the web server and the other servers on the cage. All software need to be available under a FLOSS license, or at least their code should be audit-able (and compilable) by any user on request. What kind of FLOSS software can be installed on both the client and the server to best prevent man-in-the-middle attacks? To what degree can we prevent them? Can 512-bit encryption be put in place? Is that crackable by governments, militaries or well other well-funded and equipped entities? How can we prevent (and to what degree) that the user may think they are using The Server, while instead they have been redirected to a fraudulent server? How can we best prevent (and to what extent?) intrusion in the servers? How can we best detect (and to what extent?) intrusion in the servers and track what such intrusion caused? (Optional) Can we (and how) prevent that people with illegal access to the users web traffic with his ISP can discover that they have access The Server? (Optional) To what extent can we prevent denial-of service attacks? If interested, call me for any questions at +39 335 7545620 ------------------------------ Rufo Guerreschi [EMAIL PROTECTED] cell/sms +393357545620 skype: rguerreschi http://www.telematicsfreedom.org http://blog.telematicsfreedom.org *********** END FORWARDED MESSAGE ***********
_______________________________________________ PSL-Brasil mailing list PSL-Brasil@listas.softwarelivre.org http://listas.softwarelivre.org/mailman/listinfo/psl-brasil Regras da lista: http://twiki.softwarelivre.org/bin/view/PSLBrasil/RegrasDaListaPSLBrasil
