Cloud brute-force attack cracks Google users' phone numbers in minutes A researcher has exposed a flaw in Google's authentication systems, opening it to a brute-force attack that left users' mobile numbers up for grabs. The security hole, discovered by a white-hat hacker operating under the handle Brutecat, left the phone numbers of any Google user who'd logged in open to exposure. The issue was …
You could only transfer if it was on the same EXCHANGE. Where I grew up it was probably 50-60 miles from the boundary of the area code, so it didn't have any effect on any of this. The city's exchange covered the city and two contiguous suburbs. There was a small town with about 2000 people (now over 20,000) that everyone now would consider a "suburb" since it is contiguous but back then it was a couple miles of farmland away. It was served by a rural exchange that covered about a quarter of the county including that small town.
So if the same situation applied today you might think you lived in one big city since you'd have to travel 3-4 miles to find any farmland but if you were in the right spot on the boundary between the "big city" and "small town" literally moving ACROSS THE STREET would mean having to get a new number!
These were land lines. No bank account or payment systems attached, paper bills were issued by phone company.
No fraud possible just by telephone number unless fraudster issued a 'good looking paper bill', and accepted cash at
a known account at a bank using phone company's name.
Most were paid by direct debit bank to bank automatically.
"They also had a check if you're hitting the endpoint from a dead center IP but I was able to overcome this by using a bot guard token from JavaScript."
Just goes to show you should always use off-centre IP addresses rather than dead centre ones
< I'm assuming they meant "Data Centre" IP addresses >
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
