Wednesday, June 10, 2009

Exclusive interview with StrongWebMail's $10,000 hacker

If you haven't been living under a rock, you would of heard that webmail security company "StrongWebmail" issued a $10,000 hacking challenge to prove the security of their product. If any hacker could get into the CEO's email account and read the task list off his exchange calendar they would win $10,000. To make it even more exciting/rediculous he posted his username and password: CEO/Mustang85

The product works that any time an unauthorized person needs to access or change the password for an account it uses the phone system for two factor authentication with voice or txt message. Well Lance and co. wasn't challenged by any of that and relied on a simple XSS attack and some trickery to prove the prize was his.

Lance being an old friend of mine agreed to do an exclusive interview yesterday on with all of the technical details and controversy.

1 comment:

JV said...

Excellent interview Greg... simply amazing.