Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security

Submission + - SPAM: Hackers claim $10K prize for StrongWebmail breakin 2

alphadogg writes: Telesign, a provider of voice-based authentication software, challenged hackers to break into its StrongWebmail.com Web site late last week. The prize: $10,000. On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry. The hackers, led by Secure Science Chief Scientist Lance James and security researchers Aviv Raff and Mike Bailey, provided details from Berkovitz's calendar to IDG News Service. In an interview, Berkovitz confirmed those details were from his account. However, Berkovitz could not confirm that the hackers had actually won the prize. He said he would need to check to confirm that the hackers had abided by the contest rules, adding, "if someone did it, we'll kind of put our heads down," he said.
Link to Original Source

Comment Re:Distribute? (Score 1) 84

1) You make a purchase, inject javascript into your address. The administrator goes to the website to print shipping labels. Now you control the administrator.

2) You log in. Later that day, you're visiting evil.com, which loads the site in the background, with payload, and slurps data off of it.

Comment Re:Epic fail (Score 2, Informative) 84

A much more serious issue- in the control panel for their web application scanning service was published yesterday.

http://skeptikal.org/2009/05/epic-failure-from-mcafee.html

This XSS is cool, but it's not news. I've been documenting McAfee web vulnerabilities for a year now. Rest assured, there are many more, some of which will be published later this week.

Slashdot Top Deals

Money isn't everything -- but it's a long way ahead of what comes next. -- Sir Edmond Stockdale

Working...