Ola pessoal, esta fundacao esta procurando profissionais de alta segurança de 
servidor, web e dados em linux para uma consultoria.
Indispensavel ingles fluente.
Abstract da proposta abaixo com info de contato.

Giovani Spagnolo

-------- Messaggio Originale -------- Oggetto: Open Call (RFP) for Telematics 
Security Consulting Services
Data: Tue, 15 May 2007 16:27:27 +0200
Da: rufo guerreschi <[EMAIL PROTECTED]>
A: fiorella de cindio, Marco Bodrato, Marco Calamari, coughlan, Stefano 
Maffulli, "lv.mancini", Rebecca Mercuri, "Benj. Mako Hill" , Todd Davies, Samir 
Mehta , Mazin Ramadan , Henry Poole , Fabrizio Capobianco, Giovani Spagnolo

kindly forward this Open Call to security consultants that you think may be 
both interested and capable to perform the following required services.

Rufo Guerreschi

Open Call (RFP) for  
Telematics Security Consulting Services 

Dear prospective consultant,

please find below an RFP for consulting services to help us devise a model of 
collective security that can be replicated by all providers of telematic 
services using exclusively FLOSS software.

We have allocated 1500-2500 euros for this activity. Also, as part of the 
contract we may devise ways to publicly recognize the chosen consultant's 
contribution within the foundation website, or its technical advisory board.

At least part of this activity need to be performed before June 5th, as we will 
be confronting criticism by many experts during a public event. 
Please, send proposal before May 18th. Proposal can be very short, mentioning a 
number of hours to be performed and any relevant work done.

The Telematics Freedom Foundation (TFF) is working on a system architecture and 
hosting requirements for its web service, do2gether.org, that wants to 
establish a model by which the actual nature, and therefore security and 
privacy characteristics, of a telematics service can be democratically 
controlled by its users. 
We have devised draft Download Agreements and Hosting Requirements that should 
guarantee, to a very very high level, to a user of a such service, that the 
software and hardware on the machine providing the service are what the service 
provider says they are.
We are assuming that the user is running on his PC (installed or on a live CD) 
a off-the-shelf and properly configured high-security flavor of Gnu/linux and 
basic FLOSS web browser. The client should preferably use a (modified if 
necessary) widely available web broswer such as Firefox or Opera.
We are assuming that physical access security to server cages is "perfect". The 
only remote connection to the servers is by users of the web service through a 
web browser. All administration will be done in-person in front of the servers.

We have full control on the Live CD for the clients, as well as all the 
software on the web server and the other servers on the cage. All software need 
to be available under a FLOSS license, or at least their code should be 
audit-able (and compilable) by any user on request.

What kind of FLOSS software can be installed on both the client and the server 
to best prevent man-in-the-middle attacks? To what degree can we prevent them?
Can 512-bit encryption be put in place? Is that crackable by governments, 
militaries or well other well-funded and equipped entities?
How can we prevent (and to what degree) that the user may think they are using 
The Server, while instead they have been redirected to a fraudulent server?
How can we best prevent (and to what extent?) intrusion in the servers?
How can we best detect (and to what extent?) intrusion in the servers and track 
what such intrusion caused?

(Optional) Can we (and how) prevent that people with illegal access to the 
users web traffic with his ISP can discover that they have access The Server?
(Optional) To what extent can we prevent denial-of service attacks?

If interested, call me for any questions at +39 335 7545620

Rufo Guerreschi
cell/sms +393357545620
skype: rguerreschi

*********** END FORWARDED MESSAGE *********** 

PSL-Brasil mailing list
Regras da lista: 

Responder a