Dear Friends
Brief intro befor coming to question
I am part of vast majority of this group ( silient spectators ) , made a
few posts although not from this mail id .
been a unix ,perl ,cms developer for most of my career , now I am involed
as lead deveoper for one of largest banking sites.
My client is worried that someone will hack into their new site ( banking
site ,security integerity etc etc )
Even though we carried out a penetration test by a specialist team from
Argentina and Isreal there is really nothing in the report except known
vulnarabilites like sql injection ,cross script attack and how to prevent
them , would have been happy if they were identified. Basically a crap
report running into thousands of pages virtually meaningless/Even after the
report came out he (client ) was asking me to try to break into the
application.
Mostly there can be only 2 ways to hack into a system ( correct me if I am
wrong )
1) Basically the system admin is an idiot or
2) Some thusfar unknown vulnarabilty which is exploited
Most of us would be fascinated if someone says they hacked into something (
Ankit fadia ) , atleast eager to find out what they did,which they probably
will never tell or nothing might have happenned ( like tcs.com hack in
techcrunch )
Every often we can read in newspapers about hacking festivals in colleges
where something was hacked in under X hours and prizes distributed by Mr X (
I wish this is as simple )
Enough background ,now the question
1) I want to setup a server where commonly used tools will be available
( a simple linux box with apache + one DB + one cms + what ever the machine
config can support ), users will get appropriate access including shell +
whatever , even root if that?s required.
2) Users can freely experiment without any fear of anything ( no fear
of internals for students & no legal action whatsoever. This is a outright
promise
3) Subject to small fee ( not for profitabilty but for maintanence ) ,
collecting fee may not be a good idea afterall /Any sponsors for servers &
bandwidth?
4) Anyone who are really sucessful in their experiments must be
willing to share their experiences , anonymously also welcome.
5) T&C to be decided and agreed
Do you think this a good enough idea to be implemented ?
+usual disclaimer as my cats have apprently learned to type I am in no way
responsible for anything including content of this email and any flame war
that might happen . Nor my employer has any relation to this mail . this
mail is in good faith and is meant to help students and programming
community at large.