Ouch! Hacker-free e-mail gets hacked
Did you hear the one about the hacker-free e-mail service that was so confident about its enhanced security measure that it offered up $10,000 to anyone who could hack into it?
Here's the part that's really crazy, though. There was initially some question as to whether or not the team of three hackers who got in would be allowed to collect the $10,000 because - get this! - they may not have followed the rules of the contest.
Rules? For hackers? Since when do e-mail hackers follow rules? E-mail hackers hack - by any means possible. What makes it worse is that the way that the team of hackers were able to infiltrate was by sending the company's CEO an e-mail that "exploited an XSS flaw to take control of the account," according to a blog post on the Zero Day blog.
It's really kind of an egg-on-face moment for the company. There's a lesson here, though: if you're going to put your money where your mouth is on something that can make or break your whole business model with the click of the mouse, take extraordinary steps to make sure that it can't be broken. If you're going to pitch a hacker-free e-mail service, you should probably get a few hackers to put it through some tests before you start issuing press releases for a $10,000 challenge.
If I were the CEO, I'd be offering those three hackers a job right about now - just as soon as I write that check for $10,000.