Learning from the StrongWebmail Hack
A Web-based mail provider is paying out $10,000 after a hacker responded to its challenge and broke into its CEO’s account. We think an important lesson stands to be learned.
It’s the kind of story you can’t help but smile at: A cocky company issues a global challenge for anyone to break into its bulletproof security system. It offers up login info, boldly worded statements, and a reward it’s confident no one can win. Hours later, someone does.
The StrongWebmail Hack
The company is StrongWebmail (not to be confused with Strongbad E-Mail). The Web-based mail provider bills itself as having “the most secure e-mail accounts on the planet” — and yes, that slogan makes the irony even sweeter.
StrongWebmail posted the challenge in late May, saying it’d pay $10,000 to any hacker who could get into CEO Darren Berkovitz’s account. The company touted its telephone verification system as the impenetrable force no one could conquer. In fact, the site’s home page still eggs potential hackers on:
If you click through the prompts, the site taunts you:
“To finish login, enter the verification number you just received via the automated phone call. Oh wait, you didn’t get the phone call – WE DID. Guess you can’t log into our email account. Bummer.”
Bummer indeed — for StrongWebmail, anyway. Two guys from Secure Science cracked the “most secure” system in the world by using a simple cross-site scripting attack. The hackers tell IDG News Service it took them only about a minute to find the flaw, then a matter of hours to “perfect” their attack.
Kind of reminds you of the genius from LifeLock who gained fame by flaunting his social security number in commercials, insisting his company’s protection was so strong that no one could steal his identity. His identity was stolen last May.
The StrongWebmail Lesson
So what’s the lesson here? If you want global humiliation that shatters the very essence of your company’s brand, just issue a cocky challenge online. Make it appear as if it’s absolutely impossible to achieve the task you describe. Be as dramatic and overly confident as possible. Then, sit back and wait.
On that note, the eSarcasm headquarters are 100% protected from tasty homemade pies. Seriously — anyone attempting to deliver freshly prepared baked goods to our offices will fail. It cannot be done. You’d be wasting your time to even try.
Keep up with JR Raphael on Twitter (@jr_raphael) or via jrstart.com.
Like this story? Tweet it!
Get fresh geek humor delivered daily: RSS | E-Mail | Twitter | Widgets
