(WEB HOST INDUSTRY REVIEW) — In an effort to promote the voice-based identification technology sold by its parent company, Telesign, email hosting provider StrongWebmail (www.strongwebmail.com) challenged hackers to break into the company’s webmail system for a $10,000 reward – doling out the prize within days.
According to an IDG News Service report, hacking team Secure Science managed to infiltrate the webmail account of StrongWebmail’s chief executive officer Darren Berkovitz – albeit, they were provided his email address and password. They managed to crack the added layer of voice-based identification technology by using a cross-site scripting (or XSS) attack, exposing a weakness in the back-end webmail program, StrongWebmail said.
Launching the contest at the end of May, StrongWebmail is now especially secure because it requires a special password that is telephoned to the user before email can be accessed.
Secure Science chief scientist Lance James and fellow hackers Aviv Raff and Mike Bailey told IDG that they took advantage of a common flaw on the web server, using it to run malicious scripts in the victim’s browser, essentially taking control of it. StrongWebmail is pleased to have found the bug so quickly and plans on launching a new competition once this bug was fixed in an effort to create “the most secure e-mail in the world,” according to the company.
Berkovitz told IDG in an email that the bug used by the hackers was actually in the Rackspace (www.rackspace.com) webmail software used to power StrongWebmail, not in the Telesign authentication system. He hopes the next contest will test the Telesign technology it intended to challenge in the first place.
