Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Submission + - SPAM: Hackers claim $10K prize for StrongWebmail breakin 2

alphadogg writes: Telesign, a provider of voice-based authentication software, challenged hackers to break into its Web site late last week. The prize: $10,000. On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry. The hackers, led by Secure Science Chief Scientist Lance James and security researchers Aviv Raff and Mike Bailey, provided details from Berkovitz's calendar to IDG News Service. In an interview, Berkovitz confirmed those details were from his account. However, Berkovitz could not confirm that the hackers had actually won the prize. He said he would need to check to confirm that the hackers had abided by the contest rules, adding, "if someone did it, we'll kind of put our heads down," he said.
Link to Original Source

Comment Re:Distribute? (Score 1) 84

1) You make a purchase, inject javascript into your address. The administrator goes to the website to print shipping labels. Now you control the administrator.

2) You log in. Later that day, you're visiting, which loads the site in the background, with payload, and slurps data off of it.

Comment Re:Epic fail (Score 2, Informative) 84

A much more serious issue- in the control panel for their web application scanning service was published yesterday.

This XSS is cool, but it's not news. I've been documenting McAfee web vulnerabilities for a year now. Rest assured, there are many more, some of which will be published later this week.

Slashdot Top Deals

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman