After launching a contest challenging hackers to break into its Web mail system, StrongWebmail.com must award the $10,000 prize a few days after launching the contest.
This was their challenge:
“StrongWebmail.com is offering $10,000 to the first person that breaks into our CEO’s email account…and to make things easier, we’re giving you his username and password. There’s just one catch: to access a StrongWebmail.com email account, the account’s owner must receive a verification call on his pre-registered phone number. So even though you have our CEO’s username and password, you still have some work to do because you don’t have access to his telephone.”
This was the result:
A team of hackers managed to hack into StrongWebmail CEO Darren Berkovitz’s Web mail account, using what’s known as a cross-site scripting (XSS) attack, the company confirmed Monday. “They did it using an XSS script that took advantage of a vulnerability in the backend webmail program,” StrongWebmail said in a statement.
Apparently, the hackers found the Web flaw within a minute, and then spent about six hours perfecting their attack.
StrongWebmail said it was “not deterred” by the contest’s quick conclusion and would be launching a new competition once this bug was fixed.
To their credit, StrongWebmail has a link to this article on their home page, which also touts “The most secure email accounts on the planet.”
To read more of the PCWorld article, click here.