[ISN] Hacking for Charity

From: InfoSec News (alerts@private)
Date: Mon Aug 27 2007 - 00:33:46 PDT


http://www.darkreading.com/document.asp?doc_id=132333

By Kelly Jackson Higgins
Senior Editor
Dark Reading 
August 23, 2007

A new organization called ihackcharities.org is recruiting skilled 
hackers to do volunteer work for nonprofit charitable organizations. 
(No, not to hack them.)

Ihackcharities.org is the brainchild of professional hacker and author 
Johnny Long, who founded the organization last month after a trip to 
Uganda with his wife to assist an organization helping widows and 
orphans of HIV/AIDS in that country. Long says the organization, which 
recently gained 501(c)(3) tax-exemption status, already has its first 
project underway -- building (and securing) a Website for a Ugandan song 
and dance group called Predestined that writes music and songs that 
raise awareness and funds for HIV/AIDS efforts.

Long says he wanted to apply the skills of the hacking community to 
charitable organizations that lack that expertise. And security 
researchers who volunteer for the organization get the fringe benefit of 
professional references and some resume-building experience, he says.

The organization initially hopes to build Websites for needy nonprofits, 
but Long says he hopes to expand that to broader communications projects 
in areas like long-haul networking. "Right now we're looking at Websites 
because we can market them as an easy deliverable." The goal is to hand 
off the Website and its operations and maintenance to the charity.

The Hacker Foundation helped get ihackcharities.org off the ground with 
nonprofit status as well as other support, Long says. And so far, 
volunteers have mostly been split between traditional IT programmers and 
developers and security experts, he says.

"The idea was to target the hacker community in general because there 
are so many skills" there, he says. But the project team for Predestined 
is made up of more than hackers. There's a Web developer, three 
programmers, a couple of technical writers, a search-engine optimization 
expert, and about three code reviewers that will handle the security 
side, as well as Long.

He admits vetting the volunteers is "one of the sketchier" parts of the 
job, and he's recruited mostly experts he knows in the hacker world. 
"The way we're doing this now is working on a non-production server."

"As we do larger sites, we're going to have to do more validation of 
volunteers, and have people [hackers] cough up their real names. There 
needs to be a trust there," Long says. "We have to be careful. 
Especially with sites that are doing payment processing or handling 
sensitive information."

The main types of security work the projects will include are best 
coding practices, vulnerability assessment, black-box testing, and 
pre-production code review, he says.

Long says he prefers having the group work with charities with which it 
has a personal relationship, as he does with the Ugandan Action for 
Empowerment organization behind Predestined. "That way, there's someone 
personally involved in the charity so we have an idea of what it's about 
behind the scenes," he says. "We don't want to be a clearinghouse for 
charities who want free Websites."


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/



This archive was generated by hypermail 2.1.3 : Mon Aug 27 2007 - 00:41:53 PDT