Hackers claim $10,000 prize for breaking into webmail

The maker of a voice-based authentication software got what it asked for when it challenged hackers to break into its webmail site. To sweeten the deal, Telesign dangled a US$10,000 prize in front of those who were trying to break into the company's StrongWebmail.com site. Hackers were asked to report back on the June 26 calendar entry of company CEO Darren Berkovitz.

The StrongWebmail site uses Telisign's telephone authentication system as an additional layer of security to protect its users. In addition to the standard username and password to login to the site, a two-factor authentication system is implemented by customers entering a secret code transmitted via a telephone call which they have to key in for access.

Unfortunately, Secure Science Chief Scientist Lance James and his team managed to break in all the same. Highlighting the difficulty of iron-clad web security, James noted, "We found multiple cross-site attacks that allow us to attack other users." He did point out that they have to first register an account before being able to launch the attack, though. While Berkovitz has confirmed that the details from his account were correct, the company will have to investigate in order to ensure that the contest rules were followed before dispensing the cash prize.

For more on this story:
- check out this article at Network World

Related Articles:
Just launched IE 8 successfully hacked
Mifare Classic RFID successfully hacked
MacBook Air 'PWNED' in 2 minutes flat