Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/23/2007
09:42 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Hacking for Charity

New organization looking for a few good hackers to assist nonprofits - gratis

A new organization called ihackcharities.org is recruiting skilled hackers to do volunteer work for nonprofit charitable organizations. (No, not to hack them.)

Ihackcharities.org is the brainchild of professional hacker and author Johnny Long, who founded the organization last month after a trip to Uganda with his wife to assist an organization helping widows and orphans of HIV/AIDS in that country. Long says the organization, which recently gained 501(c)(3) tax-exemption status, already has its first project underway -- building (and securing) a Website for a Ugandan song and dance group called Predestined that writes music and songs that raise awareness and funds for HIV/AIDS efforts.

Long says he wanted to apply the skills of the hacking community to charitable organizations that lack that expertise. And security researchers who volunteer for the organization get the fringe benefit of professional references and some resume-building experience, he says.

The organization initially hopes to build Websites for needy nonprofits, but Long says he hopes to expand that to broader communications projects in areas like long-haul networking. "Right now we're looking at Websites because we can market them as an easy deliverable." The goal is to hand off the Website and its operations and maintenance to the charity.

The Hacker Foundation helped get ihackcharities.org off the ground with nonprofit status as well as other support, Long says. And so far, volunteers have mostly been split between traditional IT programmers and developers and security experts, he says.

"The idea was to target the hacker community in general because there are so many skills" there, he says. But the project team for Predestined is made up of more than hackers. There's a Web developer, three programmers, a couple of technical writers, a search-engine optimization expert, and about three code reviewers that will handle the security side, as well as Long.

He admits vetting the volunteers is "one of the sketchier" parts of the job, and he's recruited mostly experts he knows in the hacker world. "The way we're doing this now is working on a non-production server."

"As we do larger sites, we're going to have to do more validation of volunteers, and have people [hackers] cough up their real names. There needs to be a trust there," Long says. "We have to be careful. Especially with sites that are doing payment processing or handling sensitive information."

The main types of security work the projects will include are best coding practices, vulnerability assessment, black-box testing, and pre-production code review, he says.

Long says he prefers having the group work with charities with which it has a personal relationship, as he does with the Ugandan Action for Empowerment organization behind Predestined. "That way, there's someone personally involved in the charity so we have an idea of what it's about behind the scenes," he says. "We don't want to be a clearinghouse for charities who want free Websites."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3200
PUBLISHED: 2021-05-18
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
CVE-2021-32305
PUBLISHED: 2021-05-18
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
CVE-2020-20951
PUBLISHED: 2021-05-18
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
CVE-2020-23861
PUBLISHED: 2021-05-18
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
CVE-2020-24740
PUBLISHED: 2021-05-18
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage