StrongWebmail CEO offers prize for hacking his account
Friday, June 5, 2009
Three weeks ago, StrongWebmail.com offered $10,000 to the first person to break into CEO Darren Berkovitz's StrongWebmail email account. Yesterday, hackers figured out how to beat the company at its own game.
StrongWebmail uses telephone authentication from Telisign to give webmail users another layer of security in addition to a username and password. Customers enter a secret code that gets phoned to them when they want to log into the site.
To make the point about StrongWebmail's extra layer of security, Berkovitz provided his email account username and password for anyone to see.
However, web security expert Lance James and two other researchers figured out how to hack into the account, according to IDG News Service, which checked the hack by confirming details from Berkovitz's account.
The hackers used a man-in-the-middle attack - a program that waits for the user to login and then takes control of the user's browser.
Berkovitz told IDG News that he would have to confirm that the hackers complied by the contest rules before awarding the prize. "If someone did it, we'll kind of put our heads down," he said.
Related News:
FBI: Law firms and PR agencies high on hacker target lists - 11.18.2009
Using complex email scams, cyber criminals are increasingly targeting sensitive information held by law firms and public relations companies, according to an FBI advisory released earlier this month.
Phishing email takes numerous forms - 11.17.2009
The practice of impersonating authoritative websites and sources in order to convince victims to divulge personal information - known as phishing - has come a long way from the Nigerian "419" scams that popularized the technique in the public mind. Modern phishing is becoming increasingly dangerous in part because attacks can come from a variety of sources.
Email filtering technology working overtime, but spam won't go quietly - 11.16.2009
While modern email filtering systems can block 95 to 99 percent of spam messages, according to Tech Target, mountains of unsolicited email are still delivered every day, accounting for the vast majority of all emails sent.
Phishing scam targets investors, spoofs finance agency - 10.9.2009
The Financial Industry Regulatory Agency (FINRA), an independent regulator of brokerages, is warning investors that they may be targeted by a phishing scam through emails claiming to come from the agency.
Phishing scammers leak Windows Live Hotmail passwords to web - 10.6.2009
Hackers posted thousands of passwords from Windows Live Hotmail email accounts to a website over the weekend, in what Microsoft said was the result of a phishing campaign targeting the free webmail service.
|
