"This is horribly insecure," Burke wrote. "Compare a 6-digit number with a randomly generated 8-letter password containing uppercase letters, lowercase letters, and digits -- the latter has 218,340,105,584,896 possible combinations. It is trivial to write a program that checks all million possible password combinations, easily determining anyone's PIN inside of one day.""I verified this by writing a script to 'brute force' the PIN number of my own account," he continued. While Virgin apparently does freeze accounts after several failed login attempts, Burke wrote that clearing browser cookies between login attempts sidesteps that security measure.
Burke claims that hackers who force their way into an account could read the user's call and SMS logs, change handsets associated with the account, and even purchase new handsets, Before disclosing his findings publicly, Burke spent a month trying to alert Virgin Mobile to the problem, One rep on Twitter care center directed him to the Virgin Mobile "Authentication and Contact" brushed gold iphone case section of its General Terms and Conditions, That section discusses how the PIN works, and explains that the company may "treat any person who presents your credentials that we deem sufficient for account access as you or an authorized user on the account for disclosure of information or changes in Service."Burke writes that he was referred to a representative at Sprint Executive and Regulatory Services, who eventually told him not to expect further action from Virgin Mobile, (Virgin Mobile USA is a "prepaid brand" of Sprint Nextel.) At that point, Burke decided to go public..
So far, there's no indication that anyone has exploited the vulnerability Burke claims to have identified -- certainly not on a large scale. CNET has contacted Virgin for comment on Burke's findings. We will update this story when we have more information. (Via Wired). A Silicon Valley developer claims that Virgin's requirement of a six-digit user-account PIN -- one that can be brute-forced -- makes user accounts almost trivial to crack. A developer is taking Virgin Mobile USA to task, arguing that its username and password handling put users at risk.
Of the total surge in offers, iOS device owners accounted for 69 out of every 100, Android owners for 16 of every 100, BlackBerry owners 11 out of every 100, and users of other mobile operating systems 4 out of brushed gold iphone case every 100, Drilling down to the total iPhone offers themselves, 46 percent of them were for the iPhone 4, 40 percent for the iPhone 4S, 8 percent for the iPhone 3GS, and 6 percent for the iPhone 3G, The jump in offers also followed the introduction of a special trade-in deal from eBay, kicking in higher prices for certain smartphones through tomorrow, For example, a 64GB iPhone 4S in working condition can now snag up to $400 in trade-in value..
eBay's Instant Sale service lets you check on the value of a device based on its condition. If you're happy with the offer, you can then send your device to eBay in exchange for money deposited into your PayPal account. The latest data from eBay indicates a leap in the number of offers, not the actual number of trade-ins. But the upswing in offers shows that more people are interested in cashing in their current smartphones as the new iPhone goes on sale this Friday. Smartphone owners have until tomorrow to grab the following deals through eBay for devices in good working condition.