They were confident, They posted a challenge on their website for everybody to try and hack their CEO mail, and they provided his username and password.
This is not the news, The news is , they lost it.
Aviv Raff, Lance James and Mike Bailey successfully hacked the CEO email using persistent cross-site scripting (XSS), by sending an email to the company's CEO, which exploited an XSS flaw when it was opened and took control of the account.
{Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities as of 2007.[1] Often during an attack "everything looks fine" to the end-user[2] who may be subject to unauthorized access, theft of sensitive data, and financial loss}Wikipedia
No comments:
Post a Comment