[dundee] Hacking human gullibility

Robert Ladyman it at file-away.co.uk
Fri Mar 5 06:13:40 UTC 2010


"Bailey employed a similar trick last year, when he and two other ethical 
hackers claimed a $10,000 prize for breaking into the email account of 
StrongWebMail CEO Darren Berkovitz.
The XSS, or cross-site scripting, vulnerability they identified could only be 
exploited if the victim clicked on a link while logged in to his account. The 
solution: They sent him an email with the subject line "we think we've already 
won this contest," with the attack link in the body. Berkovitz took the bait, 
and they won the prize."

Ho ho.

http://www.theregister.co.uk/2010/03/04/social_penetration/
-- 

Robert Ladyman
File-Away Limited, 32 Church Street, Newtyle
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk




More information about the dundee mailing list