on 28-02-2015 08:50
Talk Talk have admitted that some customers accounts have been 'hacked'.
The information stolen included names, addresses, phone numbers and TalkTalk account numbers. The company was confident that no sensitive or payment data went astray in the hack.
The theft of data was unearthed when TalkTalk investigated a sudden rise in complaints from customers about scam calls between October and December 2014 'Only a few thousand accounts were affected'!!
It made interesting reading to see Talk Talk admitting that the attackers got at some of TalkTalk's internal systems via a third-party that also had access to its network. Legal action is now being taken against this unnamed third party.
http://www.bbc.com/news/technology-31656613
I am no expert....but does this ring warning bells with anyone? 
Veritas Numquam Perit
 
					
				
		
on 01-03-2015 09:06
on 01-03-2015 09:06
 
					
				
		
on 01-03-2015 12:18
on 01-03-2015 12:18
As somebody who works in computer security, I am becoming sick and tired of hearing these almost daily reports in the media about companies being "hacked", and the pathetic excuses they give afterwards.
Let me tell you that it is NOT at all difficult, relatively speaking, in a corporate environment, to protect against 99.999% of "hacking" attempts.
If, (and only if), a company is specifically targetted by a powerful group, (government agency, or the like), do I have any sympathy with them. That is the 0.001% which is virtually impossible to defend yourself against.
Almost every other "hacking" scandal begins with sheer pig-headed ignorance about anything remotely to do with IT, and a view that "the customer doesn't matter".
NO amount of care afterwards, dedicated help phone lines, apologies, etc, does ANYTHING to help the individuals affected.
It's just the same as when people bring me a broken hard disk and tell me that their life's work is on it, and that they'll pay any price to get it back. My first question is always, "why is it so valuable NOW, and yet a couple of weeks ago, you would have begrudged even paying 50p for a blank disc to make a copy on to???".
The way these stories are presented in the mainstream news, (and even in some of the IT industry press), is that large companies are fighting an uphill battle. Maybe they are - a battle against their own stupidity - but from a tecnical point of view, it is still childsplay for anyone skilled in tbe art to keep customer data safe. If you want people skilled in the art, employ them, and pay then a decent wage. That's the problem, nobody wants to hire and pay for, genuinely knowledable IT staff these days. They just hire thickos who walk out of university with some kind of IT degree, and only come to the likes of me when everything stops working.
Whilst there has certainly been an increase in the number of so called "hackers" on-line these days, don't worry yourselves, most of them are not particularly skilled, they're just the dropouts who either didn't make it through the four years at uni, or did, and never got a job anyway. As such, they're limited to hacking in to things that have got rubbish security anyway.
The analogy would be like moving to an area with a high rate of crime, and then finding that 99% of the theives are only capable of robbing from houses where people have left their doors open. Shut your door, and you cut out most of the risk. If you go one step further and, shock, horror, actually put a lock on the door, you can once again be 99.999% confident that you'll only get broken in to if you're a definite target, not by a casual passer-by.
Most people have absolutely NO clue just how "wide open" most of the computers on the internet are. It's amasing that we don't see 100 times the number of "hacking" stories in the press. Do you know WHY we don't? Because anyone skilled enough to be a "real" hacker, firstly is generally intellegent enough to realise that it's morally wrong, and secondly because they can use that knowledge to earn a lot of money in a decent job, (the jobs are there if you look hard enough). Illegal computer use doesn't pay, it's not economical. So unless you have a strong motivation, (I.E. the government or another government is paying you), you keep away from it.
So to sum up, I feel NO sympathy for these STUPID companies that leave their systems wide open. I feel INSULTED when they want my sympathy, claiming to be the victim, when it is really their customers or whoever has had their data stolen who are the real victims, and will CONTINUE to be, long after the telephone help lines have been shut down. Finally, I don't accept ANYTHING as being adequate to compensate people affected for something that was caused by sheer corporate arogance, and a head in the sand attitude.
Companies KNOW the risks and obligations they have when taking our private information. Any that, in this day and age, fail to keep it secure, should loose their status as a limited company, and the directors banned from sitting on another board.
Please, everyone, stop being so complacent and thinking that these irresponible institutions are "doing all they can". Most of them have been AVOIDING doing ANYTHING useful for a long time.
(Before anybody feels compelled to tell me I am wrong on a technical level about preventing unauthorised computer use in a corporation, please be ready to defend your views with technical arguments for this).
 
					
				
		
on 01-03-2015 12:31
on 01-03-2015 12:31
on 01-03-2015 12:51
on 01-03-2015 12:51
I don't think anyone would feel 'compelled' to tell you that you are wrong in general (I have no idea about the technical issues)
However... of course we are all concerned which is why I posted this in the first place and why there has been so many posts on here recently about the O2 data leak...
The difference is....Talk Talk admitted it and acted reasonably quickly....even giving customers a dedicated help line.....
O2 on the other hand ?.......
Veritas Numquam Perit
on 01-03-2015 13:01
on 01-03-2015 13:01
I know only the basics of keeping my own data secure. I expect companies and organisations to do the same. Evidently they don't but to just sit back and treat it as no big deal is to my mind criminally negligent. I have no doubt telephoneuser is correct in his well written post but these companies need to take full responsibility for their shortcomings.
on 01-03-2015 13:03
on 01-03-2015 13:03
on 01-03-2015 13:05
on 01-03-2015 13:05
on 01-03-2015 14:11
on 01-03-2015 15:49
As others have said much more eloquently, this is a very interesting post that, if true, is a damning indictment of the business community.
However, when I read "Almost every other "hacking" scandal begins with sheer pig-headed ignorance about anything remotely to do with IT, and a view that "the customer doesn't matter"." I have to stand back and ask myself if this can possibly be fair comment? And what about the statement "They just hire thickos who walk out of university with some kind of IT degree..."? What is the basis for that assessment of the quality of graduates being produced in the UK or the universities/colleges from which they are emerging into the real world of business and commerce.
I am sure that some companies are totally profit focussed to the exclusion of all else, but surely that in itself would require them to take IT matters seriously.
Finally, lastly and in conclusion the sentences I really liked were "Please, everyone, stop being so complacent and thinking that these irresponible institutions are "doing all they can". Most of them have been AVOIDING doing ANYTHING useful for a long time." If that last remark is true (and how frghtening that would be) then please help us to shake of our complacency by posting a list of the names of such companies with relevant evidence to prove that they have indeed deliberately and wilfully "avoided doing anything useful" so that we can better decide whether we should be doing business with them.
You have certainly drawn attention to a serious state of affairs that will leave many of us very concerned indeed.
on 01-03-2015 16:34
@Anonymous
My basis for the assessment of IT graduates in this country is the hours of time I've spent re-writing programs that these so-called "experts" have produced, by following the guidance from their text books, without any real clue as to how a computer actually works.
Even better than me posting a list of companies who are not taking IT seriously, why don't you do a quick check of the front-line web-facing servers of companies YOU do business with, (just do an http HEAD request, nothing illegal there), make a note of the software they are running, then check using basic resources such as google, as to whether that software has any known vulnerabilities?
I'd bet dollars to doughnuts you'll find something vulnerable within half an hour.
 
					
				
				
			
		
