AFAIK there is no undergoing project for C2 level auditing. The best way to get something done like that would be sourceforge or sourcexchange or a place like that.
If they need auditing, try to ask them WHAT should be audited. It would be an easy task to use PAM (= Pluggable Authentification Module) and add logging to that.
And ask them if there NT servers are C2 certified. The funny thing, against any other claim, it isn't (NT 3.5x is certified, but only if it has no disk drive and no network connection...).
If they allow NT, they should allow the use of a more secure OS (like Linux), too. Otherwise, they should remove all of their NT machines.
Really certifying for level C2 costs lots of money, and I'm afraid no one will do that for now (for what reason, anyway?).
As a non-US-resident I thought for a long time I could just shake my head at this issue and ignore it otherwise. Man, was I wrong. Through EU-law we're here even in germany infected with this "every thought is intellectual property"-virus, too.
Patents are evil for lots of reasons. Here are a few of them that spring into mind:
1. Companies could use patents to stop OSS from working.
2. If something is good, a lot of effort ist wasted to find something to work around a patent.
3. Progress can be halted or stopped for a very long time.
4. Third world is stopped from closing the gap in working knowledge.
5. If everything belongs to someone, nothing belongs to the public, in spite of the fact that most ideas are not made on isolated islands. We all get our ideas from the society we live in - do we really have the right to prevent the public from using this ideas?
6. Patents are expensive. If you really have a good idea, chances are that you can't use them. Patents are for big companies only.
These are only some of the reasons why we have to fight this evil. It has an impact on our lives. So even if you are a non-US-resident like me, join the fight!
Well, email has it problems, but face-2-face communication isn't easy, too. This is underestimated very often.
It seems that email is often too harsh, because the "normal" way of social control does not work. But this social control often is there because someone is the chef, and because agreeing to someone's else sayings has something to do with the figures on my paycheck...
In "normal" companies the decision-makers are often not the same people that are competent enough to make this decision. And often we struggle to agree with them because this will push our career up. Ever wondered why companies do not often use the technical optimal solution?
The nice thing in OSS: this kind of social engineering does not work quite the same way. We listen to Linus because most of us agreed that he is competent enough to make a decsision - not because he is good at playing career-games most adult people are wasting their time with.
That is, the technical best solutions are discussed in an open atmosphere by people willing to archieve something other than climbing the social ladder.
This is: to me, even the flame wars will do us better than the I-agree-with-you-because-you-pay-me. And it seems: OSS has shown this already.
There is a "german" translation for geek, but no, it is not entirely german...
Its computerfreak that comes closest, and it can even be understood by english speakers as well.
This shows well that there are no new words in german: we'll almost always glue a few old words together to get a new one (like the famous Donaudampfschifffahrtsgesellschaftskapitän) or just use the foreign word.
To make it worse, even the term hacker is often used when we try to name geeks or nerds.
A staff member of the SuSE team told me that the source for IRIS FailSafe will be GPL'ed. And if you take a look at http://www.heise.de/newsticker/data/odi-26.02.00-0 01/ you will notice that the c't magazine writes the same, so that this info has a high probability...
The social or the psychological reasons for hacking haven't been discussed very much. We all have a sense that a hacker (in a sense of 'computer freak, addicted to programming') is a special person. This isn't true. We all want to believe this (me too, I was a long-time member of the Chaos Computer Club in Hamburg).
A friend of mine did a study on this - he wanted to know the difference between a "normal" person and a computer freak. He found none - except that computer freaks have a tendency to hate the telephone...
I've just started a web site about the psychology of software development (http://www.devtopics.de). If you read the chapter about motivation you'll find that this applies to hackers, too, though it isn't aimed at them (maybe I should add another unfinished chapter - sigh).
There are not much female hackers for a very simple reason: women are aimed at reaching goals, they don't have the time or the nerve to play around just to find something (and sometimes nothing) out. Hackers are people think that reality is a game were you have to find the rules and were you can go farther by cheating...
Slashdot Mirror
If they need auditing, try to ask them WHAT should be audited. It would be an easy task to use PAM (= Pluggable Authentification Module) and add logging to that.
And ask them if there NT servers are C2 certified. The funny thing, against any other claim, it isn't (NT 3.5x is certified, but only if it has no disk drive and no network connection...).
If they allow NT, they should allow the use of a more secure OS (like Linux), too. Otherwise, they should remove all of their NT machines.
Really certifying for level C2 costs lots of money, and I'm afraid no one will do that for now (for what reason, anyway?).
Patents are evil for lots of reasons. Here are a few of them that spring into mind:
1. Companies could use patents to stop OSS from working.
2. If something is good, a lot of effort ist wasted to find something to work around a patent.
3. Progress can be halted or stopped for a very long time.
4. Third world is stopped from closing the gap in working knowledge.
5. If everything belongs to someone, nothing belongs to the public, in spite of the fact that most ideas are not made on isolated islands. We all get our ideas from the society we live in - do we really have the right to prevent the public from using this ideas?
6. Patents are expensive. If you really have a good idea, chances are that you can't use them. Patents are for big companies only.
These are only some of the reasons why we have to fight this evil. It has an impact on our lives. So even if you are a non-US-resident like me, join the fight!
This gives the term social engineering a complete new meaning...
It seems that email is often too harsh, because the "normal" way of social control does not work. But this social control often is there because someone is the chef, and because agreeing to someone's else sayings has something to do with the figures on my paycheck...
In "normal" companies the decision-makers are often not the same people that are competent enough to make this decision. And often we struggle to agree with them because this will push our career up. Ever wondered why companies do not often use the technical optimal solution?
The nice thing in OSS: this kind of social engineering does not work quite the same way. We listen to Linus because most of us agreed that he is competent enough to make a decsision - not because he is good at playing career-games most adult people are wasting their time with.
That is, the technical best solutions are discussed in an open atmosphere by people willing to archieve something other than climbing the social ladder.
This is: to me, even the flame wars will do us better than the I-agree-with-you-because-you-pay-me. And it seems: OSS has shown this already.
Its computerfreak that comes closest, and it can even be understood by english speakers as well.
This shows well that there are no new words in german: we'll almost always glue a few old words together to get a new one (like the famous Donaudampfschifffahrtsgesellschaftskapitän) or just use the foreign word.
To make it worse, even the term hacker is often used when we try to name geeks or nerds.
A staff member of the SuSE team told me that the source for IRIS FailSafe will be GPL'ed. And if you take a look at http://www.heise.de/newsticker/data/odi-26.02.00-0 01/ you will notice that the c't magazine writes the same, so that this info has a high probability...
A friend of mine did a study on this - he wanted to know the difference between a "normal" person and a computer freak. He found none - except that computer freaks have a tendency to hate the telephone...
I've just started a web site about the psychology of software development (http://www.devtopics.de). If you read the chapter about motivation you'll find that this applies to hackers, too, though it isn't aimed at them (maybe I should add another unfinished chapter - sigh).
There are not much female hackers for a very simple reason: women are aimed at reaching goals, they don't have the time or the nerve to play around just to find something (and sometimes nothing) out. Hackers are people think that reality is a game were you have to find the rules and were you can go farther by cheating...