Lost+Found: Touchtone injection, hacking lessons and PIN problems
Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: how to hack like Bobby Tables' mother, hacking lessons, another fancy attack map, a PIN glitch, and the former potentially most secure PIN in the world.
- Indian security researcher Rahul Sasi says that he managed to persuade a bank's touch-tone phone system to divulge customers' PINs. The mother of little Bobby Tables would be proud.
- Know thine enemy – PentesterLab offers a range of hacking lessons to download – complete with vulnerable VMs.
- A six-digit PIN can provide secure access protection – unless anyone can try out all 999,999 possible combinations, which has happened on the web site of US mobile telephony provider Virgin Mobile. As there was no brute-force protection, it would have been simple to order mobile phones or set up call forwarding on behalf of someone else.
- An analysis has shown that the most rarely used, and therefore most "secure" PIN is – or at least was – 8068.