Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Don't TRY to hit me... Hit me! InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Don't TRY to hit me... Hit me!

Published: 2009-06-05
Last Updated: 2009-06-05 19:01:28 UTC
by Tom Liston (Version: 1)
0 comment(s)

Remember that scene in the Matrix where Neo does that "come 'n get me" hand wave thing at Agent Smith?  Generally speaking, there's a really good reason you NEVER do stuff like that.  When you get to thinkin' you're all cool and start taunting people, an ass-whoopin' usually follows.  And, without fail, a few splendid cinematic moments later, Keanu is laying on the ground, bleedin', after having been used to rearrange the masonry in a subway tunnel.

Obviously having never learned the "taunting->ass-whoopin'" connection, the folks over at StrongWebmail decided to throw down against the collective badness of the Internet and, apparently, got their butts handed to them in a paper bag.  Our friends over at El Reg are reporting that their "Hack our CEO's webmail account" contest ended... well.. pretty much like you would expect.

Here's some free marketing advice to any security company contemplating a "Hack Us If You Can" contest: DON'T.  There is no upside to these things, people.  If no one hacks you, it likely only proves that no one cares... and if your contest turns out the way that StrongWebmail's did, you can kiss $10K bucks and your reputation goodbye all in one fell swoop.

Update: Mike Bailey, one of the trio of researchers involved in popping the account, has put up a blog entry that doesn't say much, but confirms the hack.

--
Tom Liston - Handler On Duty - InGuardians, Inc.

Keywords:
0 comment(s)
Diary Archives