1. Download our Official Android App: Forums for Android!

[ARTICLE] Virgin Mobile accounts are easy to hack

Discussion in 'Virgin Mobile' started by ktb83, Sep 18, 2012.

  1. ktb83

    ktb83 Android Enthusiast
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    653
    Joined:
    Jun 10, 2012

    Jun 10, 2012
    653
    212
    93

    Advertisement

  2. Petrah

    Petrah Psychotic Female
    Rank:
    None
    Points:
    333
    Posts:
    4,086
    Joined:
    Jun 13, 2011

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL
    We already knew VM USA's security was terrible. Where's that other thread...
     
  3. ktb83

    ktb83 Android Enthusiast
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    653
    Joined:
    Jun 10, 2012

    Jun 10, 2012
    653
    212
    93
    It is clearly bad. I wouldn't have guessed it was this bad!

    Rate-limiting relying only on cookies? WTF?
     
  4. rcsrich

    rcsrich Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    772
    Joined:
    Jun 22, 2012

    Jun 22, 2012
    772
    119
    93
    Proudly working for the Man since 2001
    Virginia, USA
    Yeah- and now every idiot in the world knows just how poor their security is.

    Yay.
     
  5. Petrah

    Petrah Psychotic Female
    Rank:
    None
    Points:
    333
    Posts:
    4,086
    Joined:
    Jun 13, 2011

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL

    Any company that asks for your pin number in emails, on Facebook, or on Twitter is bad. We tried to warn everyone before (in another thread) but no one would listen.
     
  6. mogelijk

    mogelijk Android Expert
    Rank:
     #128
    Points:
    213
    Posts:
    1,905
    Joined:
    Jun 8, 2012

    Jun 8, 2012
    1,905
    647
    213
    I find it interesting I've been unable to get to the "My Account" page on the VM website since yesterday.
     
  7. hchen42

    hchen42 Well-Known Member
    Rank:
    None
    Points:
    38
    Posts:
    137
    Joined:
    Mar 15, 2011

    Mar 15, 2011
    137
    16
    38
    New York City
    I still can. I did get a "service overload, try again" page. Try refresh the page.


    I wouldn't be surprised if the hacking has begun.
     
  8. rcsrich

    rcsrich Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    772
    Joined:
    Jun 22, 2012

    Jun 22, 2012
    772
    119
    93
    Proudly working for the Man since 2001
    Virginia, USA
    Excellent! Uh, I mean bogus... :mad:
     
  9. rcsrich

    rcsrich Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    772
    Joined:
    Jun 22, 2012

    Jun 22, 2012
    772
    119
    93
    Proudly working for the Man since 2001
    Virginia, USA
    ...and still no reply from VM as to if they will fix the issue. Classy.
     
  10. MacFett

    MacFett Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    3,236
    Joined:
    Mar 28, 2011

    Mar 28, 2011
    3,236
    740
    223
    Male
    Worshipping Cthulhu
    Sietch Tabr
  11. aurora40

    aurora40 Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    376
    Joined:
    May 20, 2012

    May 20, 2012
    376
    62
    53
    Virginia
    Someone in the comments noted that they disallow PINs with the same digit repeated 3 times. For anyone else similarly pedantic, that reduces the combinations by 35,919.
     
  12. Petrah

    Petrah Psychotic Female
    Rank:
    None
    Points:
    333
    Posts:
    4,086
    Joined:
    Jun 13, 2011

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL
    Doesn't matter. A piece of software can sit there and guess numbers at lightening speed. Only someone who didn't know what they're doing is going to sit there and manually try to guess a 6 digit pin number.


    Try any 6 digit number combination here: How Secure Is My Password?
     
  13. aurora40

    aurora40 Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    376
    Joined:
    May 20, 2012

    May 20, 2012
    376
    62
    53
    Virginia
    I didn't suggest a 6 digit PIN was secure. I was simply curious how many of the 1,000,000 combos were excluded by the restriction that you not have 3 of the same digit in a row.

    I'm aware of how quickly a computer can programatically walk through 1,000,000 numbers, as I wrote a quick one-liner to come up with the 35,919 number vs try to recall my days in Discrete Mathematics as an undergrad.

    With the article from the OP using a 1-sec per try, that would save about 9 1/2 hours.
     
  14. Petrah

    Petrah Psychotic Female
    Rank:
    None
    Points:
    333
    Posts:
    4,086
    Joined:
    Jun 13, 2011

    Jun 13, 2011
    4,086
    1,468
    333
    Female
    Annoying my X-Husband
    Hanover Park, IL
    My boyfriend is a programmer by trade (works his business from our home)... I honestly dunno how you guys do that math. Just looking at it makes my head implode.
     

Share This Page

Loading...