StrongWebmail
Apparently StrongWebmail didn’t hear about how well the whole “Unbreakable” thing worked out for Oracle. Or maybe we all naively think that advertising your product/service as “hack-proof” and being prompted hacked right aftwards is bad for PR. In fact, no one would have probably heard of this company if they weren’t so easily hacked after launching their contest. Either way, Lance James, Aviv Raff, and Mike Bailey owned them up quick n’ good, finding an XSS vulnerability within a few minutes and getting then perfecting their attack over the next 6 hours.
StrongWebmail is quoted as promising to relaunch a new competition after they fix the identified XSS vulnerability and “won’t rest until we have created the most secure e-mail in the world.” Let’s hope they keep true to their plans to fully employ the entire information security industry.