whitehat to test a security config

To: debian-security@lists.debian.org
Subject: whitehat to test a security config
From: alex black <enigma@turingstudio.com>
Date: Mon, 31 Oct 2005 19:59:59 -0800
Message-id: <[🔎] 5c69840f54112c46968c22cfc3d3d632@turingstudio.com>

hi,

(never posted here before, only watched the announcements: if thistopic is inappropriate for this list I apologize in advance)

I'm looking for (preferably) a company, or individual, to attempt tobreach a standard config I have created to deploy client applicationsin production. It is intentionally a minimal config which is tightlylocked down and audited daily.

I've never had a security incident with a machine I've managed withdebian (I (heart) debian), though I've seen plenty of ssh bruteforceattempts and other script-kiddie and slightly more sophisticatedattacks - but never a skilled artisan really trying to get in ;)


I would provide:

	-an IP address
	-a username & password

I would want:

	-an attack based on knowing the IP address _only_
	-an attack knowing the IP + username & password I provide

-a report on findings, with a limited overview of techniques and toolsused.

Please send any questions & proposals to me off-list:enigma@turingstudio.com


Please include "whitehat:" in the subject :)

thanks,

_alex


--
alex black, founder
the turing studio, inc.

510.666.0074
root@turingstudio.com
http://www.turingstudio.com

2600 10th street, suite 635
berkeley, ca 94710

Reply to:

Follow-Ups:
- Re: whitehat to test a security config
  - From: Bernd Eckenfels <ecki@lina.inka.de>
- Re: whitehat to test a security config
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>

Prev by Date: Re: [SECURITY] [DSA 879-1] New gallery packages fix privilege escalation
Next by Date: clamav 0.84-2.sarge.5 in stable-proposed-updates, but not in security
Previous by thread: Bug#337624: All local users can view the webcalendar password from the debconf info
Next by thread: Re: whitehat to test a security config
Index(es):
- Date
- Thread