1. Check out our companion app, Forums for Android! Download from Google Play

[ARTICLE] Virgin Mobile accounts are easy to hack

Discussion in 'Virgin Mobile' started by ktb83, Sep 18, 2012.

  1. ktb83

    ktb83 Well-Known Member
    Thread Starter
    93

    Jun 10, 2012
    653
    212
    93

    Advertisement

  2. Petrah

    Petrah Psychotic Female
    333

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL
    We already knew VM USA's security was terrible. Where's that other thread...
     
  3. ktb83

    ktb83 Well-Known Member
    Thread Starter
    93

    Jun 10, 2012
    653
    212
    93
    It is clearly bad. I wouldn't have guessed it was this bad!

    Rate-limiting relying only on cookies? WTF?
     
  4. rcsrich

    rcsrich Well-Known Member
    93

    Jun 22, 2012
    772
    119
    93
    Proudly working for the Man since 2001
    Virginia, USA
    Yeah- and now every idiot in the world knows just how poor their security is.

    Yay.
     
  5. Petrah

    Petrah Psychotic Female
    333

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL

    Any company that asks for your pin number in emails, on Facebook, or on Twitter is bad. We tried to warn everyone before (in another thread) but no one would listen.
     
  6. mogelijk

    mogelijk Well-Known Member
    213

    Jun 8, 2012
    1,905
    647
    213
    I find it interesting I've been unable to get to the "My Account" page on the VM website since yesterday.
     
  7. hchen42

    hchen42 Well-Known Member
    38

    Mar 15, 2011
    137
    16
    38
    New York City
    I still can. I did get a "service overload, try again" page. Try refresh the page.


    I wouldn't be surprised if the hacking has begun.
     
  8. rcsrich

    rcsrich Well-Known Member
    93

    Jun 22, 2012
    772
    119
    93
    Proudly working for the Man since 2001
    Virginia, USA
    Excellent! Uh, I mean bogus... :mad:
     
  9. rcsrich

    rcsrich Well-Known Member
    93

    Jun 22, 2012
    772
    119
    93
    Proudly working for the Man since 2001
    Virginia, USA
    ...and still no reply from VM as to if they will fix the issue. Classy.
     
  10. MacFett

    MacFett Well-Known Member
    223

    Mar 28, 2011
    3,236
    740
    223
    Male
    Worshipping Cthulhu
    Sietch Tabr
  11. aurora40

    aurora40 Well-Known Member
    53

    May 20, 2012
    376
    62
    53
    Virginia
    Someone in the comments noted that they disallow PINs with the same digit repeated 3 times. For anyone else similarly pedantic, that reduces the combinations by 35,919.
     
  12. Petrah

    Petrah Psychotic Female
    333

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL
    Doesn't matter. A piece of software can sit there and guess numbers at lightening speed. Only someone who didn't know what they're doing is going to sit there and manually try to guess a 6 digit pin number.


    Try any 6 digit number combination here: How Secure Is My Password?
     
  13. aurora40

    aurora40 Well-Known Member
    53

    May 20, 2012
    376
    62
    53
    Virginia
    I didn't suggest a 6 digit PIN was secure. I was simply curious how many of the 1,000,000 combos were excluded by the restriction that you not have 3 of the same digit in a row.

    I'm aware of how quickly a computer can programatically walk through 1,000,000 numbers, as I wrote a quick one-liner to come up with the 35,919 number vs try to recall my days in Discrete Mathematics as an undergrad.

    With the article from the OP using a 1-sec per try, that would save about 9 1/2 hours.
     
  14. Petrah

    Petrah Psychotic Female
    333

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL
    My boyfriend is a programmer by trade (works his business from our home)... I honestly dunno how you guys do that math. Just looking at it makes my head implode.
     

Share This Page

Loading...