Tweet
http://www.crn.com/security/21790016...OSKH0CJUNN2JVN
More like...wait, someone wasn't supposed to win this contest!
More like...wait, someone wasn't supposed to win this contest!
An e-mail security start-up is red in the face and a crafty hacker and his team are 10 grand richer after an unhackable e-mail account was cracked.
StrongWebmail launched a contest earlier this month urging hackers to attempt to crack into its CEO's StrongWebmail account. The company was so confident it put a cool $10,000 up for the first one to successfully access the account. To make the break a little easier, the company even provided the CEO's username and password.
StrongWebmail works like this: To get into an account, the account owner must receive a verification call on his or her phone after putting in his or her username and password. That call -- which only goes to the account owner's phone -- provides a code to gain access into the e-mail account. The phone authentication is supposed to be the strongest line of defense. Essentially, if someone tries to log into a user's account without permission, he or she won't receive the phone call with the code. Also, if someone is trying to fraudulently log into an account, the account's owner will receive an authentication phone call.
StrongWebmail launched a contest earlier this month urging hackers to attempt to crack into its CEO's StrongWebmail account. The company was so confident it put a cool $10,000 up for the first one to successfully access the account. To make the break a little easier, the company even provided the CEO's username and password.
StrongWebmail works like this: To get into an account, the account owner must receive a verification call on his or her phone after putting in his or her username and password. That call -- which only goes to the account owner's phone -- provides a code to gain access into the e-mail account. The phone authentication is supposed to be the strongest line of defense. Essentially, if someone tries to log into a user's account without permission, he or she won't receive the phone call with the code. Also, if someone is trying to fraudulently log into an account, the account's owner will receive an authentication phone call.
Comment