Thanks to God from 28/10/2008 up to 28/11/2008 we are able to offer EU$30 ($90.000 colombian pesos) for each vulnerability found and fixed in SIVeL 1.0cp2 (development version).
If you belong to an organization that documents infractions to Humanitarian international Law or Human Rights Violations with development versions of SIVeL, we invite you to donate for this public invitation, in order to increase the reward offered. If you are developer or interested in information security we invite you to look for bugs in the security of SIVeL, by experimenting on the test installation for this call; by doing your own installation, following the recommendations for the operation environment (see http://sivel.sourceforge.net/instalacion.html ), or by auditing the PHP sources in the public domain available in the CVS. To report a vulnerability please have in mind: * You must find the bug. * Each bug must be replicable in the test installation. You can check the form that don't require authentication: https://sivel1.pasosdeJesus.org/consulta_web.php ; as well as other modules that shouldn't allow modification of information as user sivel1 with password sivel1: https://sivel1.pasosdeJesus.org/index.php ; or as administrator adminsivel1 --same password. This installation operates on the recommended execution platform (OpenBSD distribution adJ 4.3pre, web server with SSL in chroot, PostgreSQL with authentication and hardened PHP) and uses data from Banco De Datos de Violencia Política, DH y DIH del CINEP http://www.nocheyniebla.org * Your report should explain the methodology that you used to find the bug and propose a solution in the source code available at the CVS repository (branch HEAD) http://sivel.cvs.sourceforge.net/sivel/ (examples of previous auditories are available in the sources of SIVeL in the directory doc). * To report a vulnerability please subscribe your email address to the non moderated list sivel-desarrollo https://lists.sourceforge.net/lists/listinfo/sivel-desarrollo and send there your public domain report (by reporting a vulnerability in that list you confirm that your contribution is in the public domain). To see the archives of that list please subscribe to sourceforge.net. * Your report will be evaluated and answered in the same list, and if we are able to reproduce it, we will give you the monetary compensation personally or via PayPal or a bank transfer. * The data about yourself that you don't want to publish in the list (for example your name), can be sent to Vladimir Támara Patiño [EMAIL PROTECTED] or by writing to Cr 5 #33A-08, Bogotá, Colombia (if you need to send encrypted information you can use the PGP public key available at http://www.geocities.com/v-tamara/vtamara-pgp.txt ). We thank your interest in this public call, its most recent version is available at: http://sivel.sf.net/call.html. We invite you to distribute it without changes.
