Go Back   Android Forums > Android Carriers > Virgin Mobile

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

Like Tree2Likes
  • 1 Post By rcsrich
  • 1 Post By MacFett

test: Reply
 
LinkBack Thread Tools
Old September 18th, 2012, 05:50 AM   #1 (permalink)
Senior Member
Thread Author (OP)
 
Join Date: Jun 2012
Posts: 652
 
Device(s): LG-VM696: CM9, XT1049: 4.2.2, GT-P6210MAYXAR: CM10, CWM6
Carrier: Not Provided

Thanks: 182
Thanked 214 Times in 162 Posts
Default [ARTICLE] Virgin Mobile accounts are easy to hack

Wired.com - Virgin Mobile Shrugs as Coder Warns Accounts Are Easily Hijacked
Virgin Mobile Shrugs as Coder Warns Accounts Are Easily Hijacked | Threat Level | Wired.com

More details:
http://kev.inburke.com/kevin/open-season-on-virgin-mobile-customer-data/

ktb83 is offline  
Last edited by ktb83; September 18th, 2012 at 06:36 AM.
Reply With Quote
sponsored links
Old September 18th, 2012, 06:21 AM   #2 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: T-Mobile USA

Thanks: 1,152
Thanked 1,437 Times in 925 Posts
Default

We already knew VM USA's security was terrible. Where's that other thread...
__________________
Forum Rules & Guidelines & Zero Tolerance Policy
Agree with a post? Hit Like! Someone help you? Hit Thanks!
See a naughty post or a thread in the wrong area? Hit Report!
Petrah is offline  
Reply With Quote
Old September 18th, 2012, 06:38 AM   #3 (permalink)
Senior Member
Thread Author (OP)
 
Join Date: Jun 2012
Posts: 652
 
Device(s): LG-VM696: CM9, XT1049: 4.2.2, GT-P6210MAYXAR: CM10, CWM6
Carrier: Not Provided

Thanks: 182
Thanked 214 Times in 162 Posts
Default

Quote:
Originally Posted by Petrah View Post
We already knew VM USA's security was terrible. Where's that other thread...
It is clearly bad. I wouldn't have guessed it was this bad!

Rate-limiting relying only on cookies? WTF?
ktb83 is offline  
Reply With Quote
Old September 18th, 2012, 08:41 AM   #4 (permalink)
Senior Member
 
Join Date: Jun 2012
Location: Virginia, USA
Posts: 771
 
Device(s): Samsung GS3 stock, Nexus 7 stock, Nook Color CM 10.1,
Carrier: T-Mobile

Thanks: 125
Thanked 120 Times in 101 Posts
Default

Quote:
Originally Posted by Petrah View Post
We already knew VM USA's security was terrible. Where's that other thread...
Yeah- and now every idiot in the world knows just how poor their security is.

Yay.
rcsrich is offline  
Reply With Quote
Old September 19th, 2012, 09:54 AM   #5 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: T-Mobile USA

Thanks: 1,152
Thanked 1,437 Times in 925 Posts
Default

Quote:
Originally Posted by ktb83 View Post
It is clearly bad. I wouldn't have guessed it was this bad!

Rate-limiting relying only on cookies? WTF?

Any company that asks for your pin number in emails, on Facebook, or on Twitter is bad. We tried to warn everyone before (in another thread) but no one would listen.
Petrah is offline  
Reply With Quote
Old September 19th, 2012, 09:57 AM   #6 (permalink)
Senior Member
 
Join Date: Jun 2012
Posts: 1,458
 
Device(s): Samsung Galaxy Nexus HSPA+, Nook HD+, HP Touchpad w/ CM10 and Nook Color (previously rooted)
Carrier: T-Mobile

Thanks: 123
Thanked 484 Times in 301 Posts
Default

I find it interesting I've been unable to get to the "My Account" page on the VM website since yesterday.
mogelijk is offline  
Reply With Quote
Old September 19th, 2012, 10:23 AM   #7 (permalink)
Member
 
Join Date: Mar 2011
Location: New York City
Posts: 128
 
Device(s): Samsung Galaxy S3
Carrier: Virgin Mobile

Thanks: 57
Thanked 16 Times in 16 Posts
Default

Quote:
Originally Posted by mogelijk View Post
I find it interesting I've been unable to get to the "My Account" page on the VM website since yesterday.
I still can. I did get a "service overload, try again" page. Try refresh the page.


I wouldn't be surprised if the hacking has begun.
hchen42 is offline  
Reply With Quote
Old September 19th, 2012, 10:38 AM   #8 (permalink)
Senior Member
 
Join Date: Jun 2012
Location: Virginia, USA
Posts: 771
 
Device(s): Samsung GS3 stock, Nexus 7 stock, Nook Color CM 10.1,
Carrier: T-Mobile

Thanks: 125
Thanked 120 Times in 101 Posts
Default

Quote:
Originally Posted by hchen42 View Post
I still can. I did get a "service overload, try again" page. Try refresh the page.


I wouldn't be surprised if the hacking has begun.
Excellent! Uh, I mean bogus...
hchen42 likes this.
rcsrich is offline  
Reply With Quote
Old September 19th, 2012, 10:47 AM   #9 (permalink)
Senior Member
 
Join Date: Jun 2012
Location: Virginia, USA
Posts: 771
 
Device(s): Samsung GS3 stock, Nexus 7 stock, Nook Color CM 10.1,
Carrier: T-Mobile

Thanks: 125
Thanked 120 Times in 101 Posts
Default

...and still no reply from VM as to if they will fix the issue. Classy.
rcsrich is offline  
Reply With Quote
Old September 22nd, 2012, 10:21 PM   #10 (permalink)
Senior Member
 
MacFett's Avatar
 
Join Date: Mar 2011
Location: Sietch Tabr
Gender: Male
Posts: 3,144
 
Device(s): Nexus 4 (CM 10.1 RC4) & ASUS Eee Transformer (Revolver ROM)
Carrier: T-Mobile

Thanks: 357
Thanked 718 Times in 544 Posts
Default

Quote:
Originally Posted by Petrah View Post
Where's that other thread...
Ta-dah! Do you divulge your PIN to VM customer care?

I specifically do not keep a card on file with VMU because of this.
Petrah likes this.
__________________
Sign up for dropbox and we each get a bonus 500megs

"The world is indeed comic, but the joke is on mankind," H.P. Lovecraft 1890-1937
MacFett is offline  
Reply With Quote
sponsored links
Old September 23rd, 2012, 08:53 AM   #11 (permalink)
Member
 
Join Date: May 2012
Location: Virginia
Posts: 376
 
Device(s): Nexus 4,GSM GNex
Carrier: Not Provided

Thanks: 7
Thanked 62 Times in 49 Posts
Default

Someone in the comments noted that they disallow PINs with the same digit repeated 3 times. For anyone else similarly pedantic, that reduces the combinations by 35,919.
aurora40 is offline  
Reply With Quote
Old September 23rd, 2012, 10:42 AM   #12 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: T-Mobile USA

Thanks: 1,152
Thanked 1,437 Times in 925 Posts
Default

Quote:
Originally Posted by aurora40 View Post
Someone in the comments noted that they disallow PINs with the same digit repeated 3 times. For anyone else similarly pedantic, that reduces the combinations by 35,919.
Doesn't matter. A piece of software can sit there and guess numbers at lightening speed. Only someone who didn't know what they're doing is going to sit there and manually try to guess a 6 digit pin number.


Try any 6 digit number combination here: How Secure Is My Password?
Petrah is offline  
Reply With Quote
Old September 23rd, 2012, 12:47 PM   #13 (permalink)
Member
 
Join Date: May 2012
Location: Virginia
Posts: 376
 
Device(s): Nexus 4,GSM GNex
Carrier: Not Provided

Thanks: 7
Thanked 62 Times in 49 Posts
Default

Quote:
Originally Posted by Petrah View Post
Doesn't matter. A piece of software can sit there and guess numbers at lightening speed. Only someone who didn't know what they're doing is going to sit there and manually try to guess a 6 digit pin number.
I didn't suggest a 6 digit PIN was secure. I was simply curious how many of the 1,000,000 combos were excluded by the restriction that you not have 3 of the same digit in a row.

I'm aware of how quickly a computer can programatically walk through 1,000,000 numbers, as I wrote a quick one-liner to come up with the 35,919 number vs try to recall my days in Discrete Mathematics as an undergrad.

With the article from the OP using a 1-sec per try, that would save about 9 1/2 hours.
aurora40 is offline  
Last edited by aurora40; September 23rd, 2012 at 12:50 PM.
Reply With Quote
Old September 23rd, 2012, 03:41 PM   #14 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: T-Mobile USA

Thanks: 1,152
Thanked 1,437 Times in 925 Posts
Default

My boyfriend is a programmer by trade (works his business from our home)... I honestly dunno how you guys do that math. Just looking at it makes my head implode.
Petrah is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Carriers > Virgin Mobile
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 01:15 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.