http://www.darkreading.com/document.asp?doc_id=132333
By Kelly Jackson Higgins
Senior Editor
Dark Reading
August 23, 2007
A new organization called ihackcharities.org is recruiting skilled
hackers to do volunteer work for nonprofit charitable organizations.
(No, not to hack them.)
Ihackcharities.org is the brainchild of professional hacker and author
Johnny Long, who founded the organization last month after a trip to
Uganda with his wife to assist an organization helping widows and
orphans of HIV/AIDS in that country. Long says the organization, which
recently gained 501(c)(3) tax-exemption status, already has its first
project underway -- building (and securing) a Website for a Ugandan song
and dance group called Predestined that writes music and songs that
raise awareness and funds for HIV/AIDS efforts.
Long says he wanted to apply the skills of the hacking community to
charitable organizations that lack that expertise. And security
researchers who volunteer for the organization get the fringe benefit of
professional references and some resume-building experience, he says.
The organization initially hopes to build Websites for needy nonprofits,
but Long says he hopes to expand that to broader communications projects
in areas like long-haul networking. "Right now we're looking at Websites
because we can market them as an easy deliverable." The goal is to hand
off the Website and its operations and maintenance to the charity.
The Hacker Foundation helped get ihackcharities.org off the ground with
nonprofit status as well as other support, Long says. And so far,
volunteers have mostly been split between traditional IT programmers and
developers and security experts, he says.
"The idea was to target the hacker community in general because there
are so many skills" there, he says. But the project team for Predestined
is made up of more than hackers. There's a Web developer, three
programmers, a couple of technical writers, a search-engine optimization
expert, and about three code reviewers that will handle the security
side, as well as Long.
He admits vetting the volunteers is "one of the sketchier" parts of the
job, and he's recruited mostly experts he knows in the hacker world.
"The way we're doing this now is working on a non-production server."
"As we do larger sites, we're going to have to do more validation of
volunteers, and have people [hackers] cough up their real names. There
needs to be a trust there," Long says. "We have to be careful.
Especially with sites that are doing payment processing or handling
sensitive information."
The main types of security work the projects will include are best
coding practices, vulnerability assessment, black-box testing, and
pre-production code review, he says.
Long says he prefers having the group work with charities with which it
has a personal relationship, as he does with the Ugandan Action for
Empowerment organization behind Predestined. "That way, there's someone
personally involved in the charity so we have an idea of what it's about
behind the scenes," he says. "We don't want to be a clearinghouse for
charities who want free Websites."
Received on Mon Aug 27 02:33:46 2007