PDA

View Full Version : [other] Offensive security for activists?



Syndicalist
July 21st, 2011, 03:16 AM
Hello. I am representing a group that is working towards the fellowship of all humanity, while working to expose racist hate groups......Please let me know if this is not the appropriate place for this as I am new here.

We need the assistance of somebody who can make sure that our websites are secure and our identities are not being exposed by counter hackers.....somebody who would otherwise generally be able to view restricted content in our website (run on our own private servers, granting full legal permission). Compensation is possible but we appreciate any help anyone could offer for free.

The second thing we need is very similar to the first. We just need to test our security.


If this sounds like something you would like to help out with, please contact me.

Dangertux
July 21st, 2011, 03:27 AM
Hello. I am representing a group that is working towards the fellowship of all humanity, while working to expose racist hate groups......Please let me know if this is not the appropriate place for this as I am new here.

We need the assistance of somebody who can make sure that our websites are secure and our identities are not being exposed by counter hackers.....somebody who would otherwise generally be able to view restricted content in our website (run on our own private servers, granting full legal permission). Compensation is possible but we appreciate any help anyone could offer for free.

The second thing we need is very similar to the first. We just need to test our security.


If this sounds like something you would like to help out with, please contact me.

This probably isn't a suitable place for this. Particularly considering from the description you gave you still appear (despite good intentions), to be condoning circumventing the security measures of "racist hate groups" systems. At least that is the way I took your post, if I am wrong please correct me.

As far as the request for penetration testing. That is not something that comes cheaply, not even a little bit. I am sure some may be willing to help, however more reputable consultants are going to want a LOT of information up front. Things you should be prepared to produce are.

-- Written Contract defining the scope of the test, and all parameters of the test.
-- Legal documentation proving that you or whomever is authorizing the test can do so under law.
-- Full proof of identity and ownership of the systems in question. This may include incorporation documents, domain registration documents, valid government issued identification , and anything else the consultant may feel is necessary to protect their rights under law.

If you have specific questions about security of Linux servers, this might be a great place to ask. Probably not the best place to recruit penetration testers. In fact, Internet forums in general are not the best place to do that.

You have to consider the implications of a penetration test. A consultant hired (or pro bono) to do this type of test has to be trustworthy. Things to note from your point of view.

-- Is the consultant certified (LPT, Check, Crest, CISSP, CEH , CAP etc.)
-- Is the consultant discrete and confidential , this is very important due to the sensitive nature of your operations.
-- Does the consultant know what they are doing? Can they provide a sample pen test report (most will and can)

Generally speaking it is best to hire a known, well established consultancy. Additionally if you hire an actual firm as opposed to a single individual that firm will help place you with staff that better suits your needs. Adequately qualified, as opposed to potentially underqualified. Every penetration test is different, and the most important part of it IMO is pairing the right testers with the right client.

Also -- Despite a successful audit; there is a chance that your systems still may become compromised. Especially when dealing with sensitive topics like the one you mentioned. You should go to great lengths in your own lives to establish good physical security habits.

cariboo907
July 21st, 2011, 03:40 AM
This is an Ubuntu Support forum, we don't condone the type of activity you are requesting.

I would suggest you contact someone local to see if they will do what you want.

Thread closed.