Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Claim $10K Prize For StrongWebmail Breakin

Posted by Soulskill on from the worth-their-while dept.

alphadogg writes "Telesign, a provider of voice-based authentication software, challenged hackers to break into its StrongWebmail.com Web site late last week. The prize: $10,000. On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry. The hackers, led by Secure Science Chief Scientist Lance James and security researchers Aviv Raff and Mike Bailey, provided details from Berkovitz's calendar to IDG News Service. In an interview, Berkovitz confirmed those details were from his account. However, Berkovitz could not confirm that the hackers had actually won the prize. He said he would need to check to confirm that the hackers had abided by the contest rules, adding, 'if someone did it, we'll kind of put our heads down.'"

3 of 193 comments (clear)

  1. The Catch by LSDelirious · · Score: 5, Informative

    from StrongWebmail's Site

    There's just one catch: to access a StrongWebmail.com email account, the account's owner must receive a verification call on his pre-registered phone number. So even though you have our CEO's username and password, you still have some work to do because you don't have access to his telephone. If you do manage to be the first person to break into his email account, there's $10,000 in it for you - just register below to get started. Good luck!

    So they have to hack the phone company's system too, or find a way to clone his cellphone, so they can intercept the call and approve access? They might be cool with having their own systems hacked, but it sounds like they are now involving a phone company, which might not be too thrilled to be a part of their little game - the only way around that I can see is to hack the StrongWebmail system to change the "pre-registered" phone number....

    and who the hell wants an email account you have to approve via phone call every time you login?!? What if your phone is lost/broken/dead/no reception/etc.. then you have no way in

    --
    Slavery is the legal fiction that a person is property; A Corporation is the legal fiction that property is a person.
  2. Re:Full Details by LSDelirious · · Score: 5, Informative

    Official Contest Rules, Terms, and Conditions

    --
    Slavery is the legal fiction that a person is property; A Corporation is the legal fiction that property is a person.
  3. Re:Hu? by jesseck · · Score: 5, Informative

    While I agree that social engineering is a very legit way to hack a system, the terms of the challenge ( link here state that "You may not work with an employee, partner, or owner of StrongWebmail.com or any of its affiliates or partners to accomplish the email hack." Since this was StrongWebmail's contest, they make the rules. Even if the rules prevent a common method of hacking from taking place. On the other hand, people are quite often the weak link... by preventing the contestants from using this "easy" entry point (say, a janitor or secretary), they can test the technical system itself.