[dundee] Hacking human gullibility
Robert Ladyman
it at file-away.co.uk
Fri Mar 5 06:13:40 UTC 2010
"Bailey employed a similar trick last year, when he and two other ethical
hackers claimed a $10,000 prize for breaking into the email account of
StrongWebMail CEO Darren Berkovitz.
The XSS, or cross-site scripting, vulnerability they identified could only be
exploited if the victim clicked on a link while logged in to his account. The
solution: They sent him an email with the subject line "we think we've already
won this contest," with the attack link in the body. Berkovitz took the bait,
and they won the prize."
Ho ho.
http://www.theregister.co.uk/2010/03/04/social_penetration/
--
Robert Ladyman
File-Away Limited, 32 Church Street, Newtyle
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk
More information about the dundee
mailing list