acho que vale sim... Primeiro porque eh uma no-profit. Segundo porque eh uma consultoria que nao requer implementacao, somente redaçao de um (ou mais)documento(s) guia que responda no minimo aos requisitos citados e permita (ou de sugestao de como melhor adaptar) o procedimento tecnico relatado. E contando que quem faz esse tipo de trabalho *com certeza* nao trabalha 1 mes full-time pra fazer isso.... acredito que o pagamento eh mais do que justo.
abs, giovani >*********** REPLY SEPARATOR *********** > >On 16/05/2007 at 9.51 Pablo Sánchez wrote: >We have allocated 1500-2500 euros for this activity. > >Isso lá vale algo? Digo... estão pagando isso para consultor em segurança >aí fora? :-/ Achei que valorizassem mais esse tipo de profissional. > > >2007/5/16, Giovani Spagnolo < [EMAIL PROTECTED]>: >Ola pessoal, esta fundacao esta procurando profissionais de alta segurança >de servidor, web e dados em linux para uma consultoria. >Indispensavel ingles fluente. >Abstract da proposta abaixo com info de contato. > >abs, >Giovani Spagnolo > > >-------- Messaggio Originale -------- Oggetto: Open Call (RFP) for >Telematics Security Consulting Services >Data: Tue, 15 May 2007 16:27:27 +0200 >Da: rufo guerreschi <[EMAIL PROTECTED]> >A: fiorella de cindio, Marco Bodrato, Marco Calamari, coughlan, Stefano >Maffulli, "lv.mancini", Rebecca Mercuri, "Benj. Mako Hill" , Todd Davies, >Samir Mehta , Mazin Ramadan , Henry Poole , Fabrizio Capobianco, Giovani >Spagnolo > >Please, >kindly forward this Open Call to security consultants that you think may >be both interested and capable to perform the following required services. > > >Thanks, >Rufo Guerreschi > > >---------------------- >Open Call (RFP) for >Telematics Security Consulting Services > > >Dear prospective consultant, > > >please find below an RFP for consulting services to help us devise a model >of collective security that can be replicated by all providers of >telematic services using exclusively FLOSS software. > > >BUDGET >We have allocated 1500-2500 euros for this activity. Also, as part of the >contract we may devise ways to publicly recognize the chosen consultant's >contribution within the foundation website, or its technical advisory >board. > > >TIMELINE >At least part of this activity need to be performed before June 5th, as we >will be confronting criticism by many experts during a public event. >Please, send proposal before May 18th. Proposal can be very short, >mentioning a number of hours to be performed and any relevant work done. > > >BACKGROUND >The Telematics Freedom Foundation (TFF) is working on a system >architecture and hosting requirements for its web service, do2gether.org, >that wants to establish a model by which the actual nature, and therefore >security and privacy characteristics, of a telematics service can be >democratically controlled by its users. >We have devised draft Download Agreements and Hosting Requirements that >should guarantee, to a very very high level, to a user of a such service, >that the software and hardware on the machine providing the service are >what the service provider says they are. >We are assuming that the user is running on his PC (installed or on a live >CD) a off-the-shelf and properly configured high-security flavor of >Gnu/linux and basic FLOSS web browser. The client should preferably use a >(modified if necessary) widely available web broswer such as Firefox or >Opera. >We are assuming that physical access security to server cages is >"perfect". The only remote connection to the servers is by users of the >web service through a web browser. All administration will be done >in-person in front of the servers. > > >EXPECTED SERVICES >We have full control on the Live CD for the clients, as well as all the >software on the web server and the other servers on the cage. All software >need to be available under a FLOSS license, or at least their code should >be audit-able (and compilable) by any user on request. > > >What kind of FLOSS software can be installed on both the client and the >server to best prevent man-in-the-middle attacks? To what degree can we >prevent them? >Can 512-bit encryption be put in place? Is that crackable by governments, >militaries or well other well-funded and equipped entities? >How can we prevent (and to what degree) that the user may think they are >using The Server, while instead they have been redirected to a fraudulent >server? >How can we best prevent (and to what extent?) intrusion in the servers? >How can we best detect (and to what extent?) intrusion in the servers and >track what such intrusion caused? > > >(Optional) Can we (and how) prevent that people with illegal access to the >users web traffic with his ISP can discover that they have access The >Server? >(Optional) To what extent can we prevent denial-of service attacks? > > >If interested, call me for any questions at +39 335 7545620 > > > >------------------------------ >Rufo Guerreschi >[EMAIL PROTECTED] >cell/sms +393357545620 >skype: rguerreschi >http://www.telematicsfreedom.org >http://blog.telematicsfreedom.org > > >*********** END FORWARDED MESSAGE *********** > >_______________________________________________ >PSL-Brasil mailing list >[EMAIL PROTECTED] >http://listas.softwarelivre.org/mailman/listinfo/psl-brasil >Regras da lista: >http://twiki.softwarelivre.org/bin/view/PSLBrasil/RegrasDaListaPSLBrasil
_______________________________________________ PSL-Brasil mailing list PSL-Brasil@listas.softwarelivre.org http://listas.softwarelivre.org/mailman/listinfo/psl-brasil Regras da lista: http://twiki.softwarelivre.org/bin/view/PSLBrasil/RegrasDaListaPSLBrasil
