Saturday, June 6, 2009

Firm Welshes On Hacker Challenge


"Ethical hackers are claiming a $10,000 prize for successfully breaking into the webmail account of the chief exec of StrongWrongWebmail after the firm issued a `hack us if you can` challenge.

"StrongWrongWebmail runs a callback verification system so that, in theory, even if someone obtains a user's login details they can't read email from the account without also having access to the phone associated with a particular account. Logins into StrongWrongWebmail from previously unused machines need this secondary form of confirmation.

"The US start-up was so confident of its claims that its Darren Berkovitz published his account name and password in laying down a $10K challenge to hackers to break into his account and find out his schedule for 26 June.

"StrongWrongWebmail confirmed that the data obtained was correct, but are holding off in paying out the prize because they are yet to be convinced the Ruff and co stuck to competition rules.

"The group of researchers maintain they played fair and used a cross-site scripting (XSS) vulnerability to access the target account after first registering an account of their own with the service..."


More at The Register...

No comments: