cancel
Showing results for 
Search instead for 
Did you mean: 

Talk Talk Stolen Data

Cleoriff
Level 94: Supreme
  • 122357 Posts
  • 824 Topics
  • 7457 Solutions
Registered:

Talk Talk have admitted that some customers accounts have been 'hacked'.

The information stolen included names, addresses, phone numbers and TalkTalk account numbers. The company was confident that no sensitive or payment data went astray in the hack.

The theft of data was unearthed when TalkTalk investigated a sudden rise in complaints from customers about scam calls between October and December 2014  'Only a few thousand accounts were affected'!!

It made interesting reading to see Talk Talk admitting that the attackers got at some of TalkTalk's internal systems via a third-party that also had access to its network. Legal action is now being taken against this unnamed third party.

http://www.bbc.com/news/technology-31656613

I am no expert....but does this ring warning bells with anyone? slight_frown

Veritas Numquam Perit

Girl in a jacket
Message 1 of 51
3,079 Views
50 REPLIES 50

Anonymous
Not applicable

@Anonymous wrote:

@Anonymous

 

My basis for the assessment of IT graduates in this country is the hours of time I've spent re-writing programs that these so-called "experts" have produced, by following the guidance from their text books, without any real clue as to how a computer actually works.

 

 

Even better than me posting a list of companies who are not taking IT seriously, why don't you do a quick check of the front-line web-facing servers of companies YOU do business with, (just do an http HEAD request, nothing illegal there), make a note of the software they are running, then check using basic resources such as google, as to whether that software has any known vulnerabilities?

 

I'd bet dollars to doughnuts you'll find something vulnerable within half an hour.


Thanks for the response @Anonymous .   OK - I am not a "techy" - wouldn't know how to do a HEAD request if my life depended on it.   I am just interested in the topic you raised, in such a dramatic way, as one of the millions who rely heavily on the help and advice of "experts".

Having seen the volume of updates and security patches that are offered to me, not just for my computer's operating system, but for most of the other software I use, I might cynically wonder if there is any such thing as software that has NO vulnerabilities?   I suspect the answer  to that is "yes of course there is -- until someone finds its weaknesses".   

You soundly castigate businesses for how they deal with such issues, but I cannot help but think that much of the blame would just as well lie with the software designers/developers/producers (sorry don't know the correct terminology) , and perhaps hardware desiugners too, who produce the systems and programs in the first place? 

Anyway, a most interesting subject about which I can see you feel passionately and I wish you well in your endeavours to highlight it and perhaps bring about some changes not least in the education of IT professionals and consumers as well.

 

Message 21 of 51
717 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

Don't you ever question why all these companies request so much information? I know I do.

 

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 22 of 51
717 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

As for the HEAD request.....? Well moving on.

 

HTTP is the set of rules (TCP/IP) used by the internet which uses codes and certain things to retrieve and transmit files. Although generally these aren't seen by an average user. If you are curious you can use Developer mode in your Browser to see what is happening to the data getting passed back and forth.

 

Some websites use tracking cookies which are instrically linked to the use of the website and report the data back to a company like Webroots, who record the data. Ports are often to used to collect more user data about the user.

 

If a "hacker" was able to exploit the information unknown to the company or its' users, who knows how any information is being stolen or sold for profit. There's 2 types of hackers, blackhat and whitehat hackers. This goes beyond the scope of my knowledge or am I able to comfortably confirm the information. 

 

 

 

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 23 of 51
714 Views

Anonymous
Not applicable

Hi @anticpated   I know used to know a little bit about HTML in the days when i was responsible for managing our departmental intranet, so I know that HEAD is a HTML tag and some important info is put there.  But that was all so long ago............

 

Message 24 of 51
709 Views

Anonymous
Not applicable

@Anonymous wrote:

Having seen the volume of updates and security patches that are offered to me, not just for my computer's operating system, but for most of the other software I use, I might cynically wonder if there is any such thing as software that has NO vulnerabilities?   I suspect the answer  to that is "yes of course there is -- until someone finds its weaknesses".   

 


Errr, OpenBSD pretty much hits the mark for no vulnerabilities, if it's installed by a reasonably competent person.

 

It might be beyond the average home user, but for a corporation with an IT department, no.

 

Of course, that's just the first step, there is no point in installing a decent OS and then plonking an idiot in front of the server.

 

But to answer your direct question, yes, an OS without a continual flood of vulnerabilities does exist, (and it's free for the taking).

Message 25 of 51
702 Views

Anonymous
Not applicable

@anticpated wrote:

As for the HEAD request.....? Well moving on.

 

 


Just to clarify...  I was asked to backup my claim that companies don't generally have a clue about IT.  The easiest, and least technical thing that came to mind was that loads of corporate websites are running on massively outdated systems, that are well known to unethical hackers.  You and anybody else can quite freely check this yourself.  With zero technical knowledge you can search google for "http head request online" and find websites that let you poke around other websites and find information about their setup.  Look up THAT info on google and you can maybe begin to deduce how on the ball their IT staff are.

 

It was just an off the cuff example of a way the man in the street can test the theory himself.  An experiment you can do at home.  More fun than me posting a list of dumb companies I've previously done work for, and then getting sued for libel Evil

Message 26 of 51
698 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

I'm aware that you if were able crack a network password or at least a websites password, you can dump the contents from the server into a nice convenient text file and start hacking away.

 

Many people on here or in general don't know about BSD, Linux, Unix or Windows Server terminals. So unless someone from a company actually does and is employed in a full capacity rather than a third party contractor then many companies could save money in the long term.

 

Clearly you are well versed in these things. I am aware of them although not to the extent of being able to fully use any of them.

 

Oh the HEAD thing was a joke.

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 27 of 51
689 Views

Anonymous
Not applicable

@Anonymous wrote:

@Anonymous wrote:

Having seen the volume of updates and security patches that are offered to me, not just for my computer's operating system, but for most of the other software I use, I might cynically wonder if there is any such thing as software that has NO vulnerabilities?   I suspect the answer  to that is "yes of course there is -- until someone finds its weaknesses".   

 


Errr, OpenBSD pretty much hits the mark for no vulnerabilities, if it's installed by a reasonably competent person.

 

It might be beyond the average home user, but for a corporation with an IT department, no.

 

Of course, that's just the first step, there is no point in installing a decent OS and then plonking an idiot in front of the server.

 

But to answer your direct question, yes, an OS without a continual flood of vulnerabilities does exist, (and it's free for the taking).


Thanks @Anonymous .  I am better informed if none the wiser - but then that's why people like me need people like you!!  Cheers!  

Message 28 of 51
683 Views

Anonymous
Not applicable

@anticpated wrote:

Many people on here or in general don't know about BSD, Linux, Unix or Windows Server terminals. So unless someone from a company actually does and is employed in a full capacity rather than a third party contractor then many companies could save money in the long term.

 


I don't really understand your comment, I'm afraid.

 

My point was that any company storing personal information electronically has the ability to do that in a secure way.  I've tried to back that viewpoint up with responses to questions, and never claimed that the customers or average person in the street needs to understand IT to a specialised degree.

 

Surely ALL companies holding personal data electronically should feel a responsibility to hire at least one IT specialist?  Or is that too much to ask?  And if the specialist you hire turns out to be an idiot, well maybe the company in question should have dug a bit deeper in to their corporate pockets, instead of picking up a YTS kid and expecting to pay him the minimum wage.

 

I've seen people working in server rooms who admit to being nervous of making any changes because they simply have no idea of how the thing works.

 

In general, no matter what you read or are told, your private information is NOT handled anywhere near as securely as you would imagine.  Normally, this is out of ignorance of the risks, and how the equipment works.

 

If you think ignorance is a good excuse, given that the people running the IT department are supposedly specialists in their field, then you can't really complain when your information is compromised.

Message 29 of 51
681 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

Yes however my point is much of this information has to be digested in an easier to follow way than the mentioning things like operating systems like the above mentioned. Mentioning things like HTTP Header requests or GET/POST operands for Perl/PHP is rather pointless on a mobile telephone forum.

 

I agree companies should pay stricter attention to security although Stuxnet and the OpenSSL exploit are two great examples how ignorance is not bliss. Whether companies keep costs down by relying on the minimum of expertise or people who are not really that qualified to do a job is another story altogether.

 

I'm a great advocate of privacy however not naive to think people won't cut corners and cry wolf later when the sludge hits the fan metraphorically speaking.

 

You brought up many valid points however with the greatest of respect, you can maybe dumb the terminology down so the kid at the back of class can understand as well. Bouncy

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 30 of 51
665 Views