Talk Talk are also now AOL - not good !

We have been hacked once already this year. My cousin had to change her account details with the bank 3 times over a 2 month period because of an account with TalkTalk (TV/BB).

Seems they are the cheapest for a reason.

We are looking to switch at the moment.

Thought Marco had gone into the broadband business there.. Aol not aos.lol
My daughter has been with them for years

Seems like the prudent thing to do, if not inconvenient, is to have a bank account with no money in it any one time but to have money put in on standing orders just before each direct debit comes out.

Or to pay using on-line virtual credit cards (which do cost to upload money to) which can be deleted and new ones generated whenever you need to.

Now imagine that Talk Talk are forced to keep a log of all the sites you visit and how that could be hacked - isn't that part of plan by Terresa May?

But I guess if you have nothing to hide.....

Listening to the news it seems that this attack is very serious with potentially the bank account details of 4 million customers at risk. Talk Talk say they have also received a ransom demand !

I got an email earlier saying this:



We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:








•
Names







•
Addresses







•
Date of birth







•
Phone numbers







•
Email addresses







•
TalkTalk account information







•
Credit card details and/or bank details








We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.






Great! - Time to move to another supplier.

I'm not sure how that will help to be honest. Talk Talk get hacked so seriously that this time they have to do something about it. Meanwhile other service providers pay lip service to their own security, you jump to them and they're next to get hacked...

And US and UK governments tell us how it's a national security threat if our data IS encripted so they can't read it??

I guess smaller providers are more likely to be able to apply proper encription of customer data as they'll have smaller systems to deal with.

You guess wrong. Enterprise security is not exclusively within the capabilities of the big players, but they are more likely to have the necessary technical capabilities and have a clear understanding of the reputational damage that this kind of issue causes and are therefore prepared to make the necessary ongoing investments to protect their assets. I know what lengths we go to because I work for one of them, but I have to say that any business is at risk of data loss due to mistakes, zero day exploits and failure to adapt to the ever changing nature of security threats.

Multilayer security, regular testing, situational awareness, strong policies, a strong culture of security aspect awareness, compliance checking are as important as any technical aspects.

You guess wrong. Enterprise security is not exclusively within the capabilities of the big players, but they are more likely to have the necessary technical capabilities and have a clear understanding of the reputational damage that this kind of issue causes and are therefore prepared to make the necessary ongoing investments to protect their assets. I know what lengths we go to because I work for one of them, but I have to say that any business is at risk of data loss due to mistakes, zero day exploits and failure to adapt to the ever changing nature of security threats.

Multilayer security, regular testing, situational awareness, strong policies, a strong culture of security aspect awareness, compliance checking are as important as any technical aspects.

I was thinking more in terms of lumbering beurocracy in large companies and a smaller company more able to enact a security policy as part of it's way of competing with big companies because they can't maybe compete on price.

Seems at least one person has gone public about having £600 spent online since the hack - might be coincidence of course, given the numbers hacked v the number of people being victims of card fraud in general - probably not that unlikely for the two to overlap within a 3 day timescale.

Still, hopefully everyone using Talk Talk has at least cancelled cards or told their bank to put a hold on transactions?

I guess smaller providers are more likely to be able to apply proper encription of customer data as they'll have smaller systems to deal with.

Presumably applying encryption is just a policy choice, company size regardless. Once it is introduced, surely it makes no difference whether it applies to say a thousand accounts or millions of them if it's part of the system?

Seems at least one person has gone public about having £600 spent online since the hack - might be coincidence of course, given the numbers hacked v the number of people being victims of card fraud in general - probably not that unlikely for the two to overlap within a 3 day timescale.

Still, hopefully everyone using Talk Talk has at least cancelled cards or told their bank to put a hold on transactions?

Banks haVe been told to look out for unusual behaviour apparently although how most will do that I dont know. It is a worrying time for folk who cannot just cancel everything especially at a weekend. if they do that then bills get refused etc and you face even more misery. It is one of the major problems with WWW applications.malso they may well be foreign and outwith jurisdictions(some say Russia)

It would be nice to see all govts come together on this kind of thing and execute any hackers they find :eyebrows: That would teach the smeggers

Actually you need the lumbering security to stop your agile developers and product teams from doing stupid s**t like pushing an app into production without ensuring that the security design is compliant with all customer data handling requirements, security policies and design standards and that you go regular pen tests, maintain situational awareness, monitor intrusion detection tools etc.
Believe me, they are a massive pain in the arse but I know they are there for the greater good :)

Presumably applying encryption is just a policy choice, company size regardless. Once it is introduced, surely it makes no difference whether it applies to say a thousand accounts or millions of them if it's part of the system?

Yep, but something as simple as encryption is not that much help. The system needs to read the data, so the system has to have the keys to the encryption, so if the system is compromised then the attacker has the keys as well. Encryption is fine to protect your laptop from theft, but not much use if they kidnap you along with it.

http://imgs.xkcd.com/comics/security.png

With new law just around the corner, it will be legal for intelligence agencies to tap into any of your digital devices anyway, even upload software onto your smart phone, or laptop to control camera's, microphones etc, so, eventually, we wont have any privacy, or secure details anyway!:doh:
A...

Cancel your broadband and sell you gear folks... Run to the hills its the only safe place....or is it?

With new law just around the corner, it will be legal for intelligence agencies to tap into any of your digital devices anyway, even upload software onto your smart phone, or laptop to control camera's, microphones etc, so, eventually, we wont have any privacy, or secure details anyway!:doh:
A...

Actually in a less flippant mode yes it is possible for you laptop mic and web cam to be used by prying eyes.
If like me youdont use these then go into devi e manager and disable both.

Actually in a less flippant mode yes it is possible for you laptop mic and web cam to be used by prying eyes.
If like me youdont use these then go into devi e manager and disable both.

Why would you imagine that would make any difference? Its not as if they are unplugged.

You would need to gain control remotely of the whole pc to switch them back on.

You would need to gain control remotely of the whole pc to switch them back on.


Yep, but look at how many PC's are part of bot-nets without their owners knowing. All it would need is get a trojan of some sort installed, and there seems to be many vectors where that can be done, then it just needs a privilege escalation exploit, and your machine is under full remote control.

Thats a pretty extreme scenario and the more likely one was in the one being discussed where a program or malware can access your webcam and internal microphone(which many dont even know they have). Obviously Ive got other security measures that help protect the pc etc, but if you are connected to the WWW then some risk is inevitable . It just seems like an easy option if like me you never use it to disable it entirely. any programs Ive tried cannot find a webcam which of course was my point.

More secure would be to remove the device drivers and disable the device in the BIOS.....

More secure would be to remove the device drivers and disable the device in the BIOS.....

... or a blob of blue tac over both - even quicker :lol:

Here is the latest:



We know it’s been a worrying and frustrating time since Wednesday’s cyber attack on our website. We’re doing everything we can to get to the bottom of what happened as soon as possible and to keep you updated. Our investigations are currently showing the following:







•
The number of customers affected and the amount of data potentially stolen is smaller than originally thought. Our website was attacked, but our core systems weren’t and remain secure.










•
On its own, none of the data that may have been accessed could be used to leave you financially worse off.










•
We don’t store unencrypted credit or debit card data on our site, so any card details which may have been accessed have the 6 middle digits blanked out. For example, it would appear as 012345XXXXXX6789. This means it can’t be used for financial transactions.










•
No My Account passwords have been accessed.










•
No banking details were taken that you won’t already be sharing with people when you write a cheque or give to someone so they can pay money into your account.











We will continue investigating and promise to keep you updated as we know more. In the meantime, we strongly encourage that you:

lot of fuss over nothing then.

It could be a damage limitation press release from the public relations legal team.

It could be a damage limitation press release from the public relations legal team.

that was what I thought as soon as I read it... it was getting too much press so they stuck the brakes on to cool the water. But hopefully it's true as the truth will out if it isn't and that won't be good for them in the future.

They should just stick all the details on 40/80 track floppy discs. Hack that...! lol

It would be nice to see all govts come together on this kind of thing and execute any hackers they find :eyebrows: That would teach the smeggers

Can it be called hacking if it's a backdoor isntalled, insisted on by governments to get around encription so they can survielle everyone? That would just be walking through a door left open and is the FAULT of governments coming together.

Can it be called hacking if it's a zero-day security fault which has been hushed up so that GCHQ can expolit it to their advantage, meanwhile criminals also use knowledge of it to access customer data? Again, these are CAUSED by governments coming together

What about hackers who reveal government corruption by exposing their wrong doing? No hackers = no keeping the security services or governments and ministers in check. Governments coming together to cover-up their own corruption and lies... no thanks!

Try people for their intent and actions as proven by a court of law, it's all in place already.

It could be a damage limitation press release from the public relations legal team.

Which is what the public relations legal team would do immediately upon finding the above to be completely true.

Actually in a less flippant mode yes it is possible for you laptop mic and web cam to be used by prying eyes.
If like me youdont use these then go into devi e manager and disable both.

You'd have to do more than that - install switches on their power or data cables.

That's the daft thing about that capability AGAIN! Any real terrorist or serious Mafiosi will physically hack their own devices - therefore the only people they can really listen in on is innocent people, people they want to blackmail (e.g. with exposure of their porn watching habits - that's real, and were plans to do so with some prominent Islamic cleric in the US) or small-time criminals - all of which it is ostensibly illegal to use such blanket surveillance for without a warrant (a warrant which will then allow much better individual targetting of suspects).

You'd have to do more than that - install switches on their power or data cables.

That's the daft thing about that capability AGAIN! Any real terrorist or serious Mafiosi will physically hack their own devices - ).

If they are competent then yes, but the vast majority of them are not. The Islamists, in particular, make some astonishing schoolboy errors.

The whole point is to make it difficult. If a malware got in it would just find no camera connected and most likely move on. I have a program that doesnt allow any changes to the pcs bios etc without my input which makes it harder and both malware and virus active programs scanning. The browser is also primed to not go where it may be dangerous. It was just another free option that may help even if its just peace of mind.
If some really determined genious really wants in then they will probably get in but they are few and far between and unlikely to target my pc... Ameteurs etc are although unlikely more likely

I've never had a PC with a microphone or a webcam. What are you people, millionaires?

I've never had a PC with a microphone or a webcam. What are you people, millionaires?

Lol! Most laptops come with then now. This is my only one..last 2 laps didnt. Takes a good pic actually. The microphone isnt obvious and i didnt know it had one but apparently if you have an inbuilt vid cam then at least one microphone is there as well. Im not into video calling so apart from trying it out once or twice it has been disabled. I check every now and then that its not been reconnected...lol...i dont go to strange places but the security i have in place stops accidents...worth losing a few secs here and there. I was once moved to a fake site which was a duplicate of the one i wanted to buy a camera on. Got stiffed for £400...bastards. Fortunately i paid it with a credit card and eventually got it back but it ruined xmas for me and taught me to take more care

I've never had a PC with a microphone or a webcam. What are you people, millionaires?

Pretty much any laptop after 2010 has them as standard.

If they are competent then yes, but the vast majority of them are not. The Islamists, in particular, make some astonishing schoolboy errors.

"They" "Them" .. who are these mythical creatures you imagine?

Normal human beings make astonishing errors, those who are the very petty criminals who might carry out some very very small me-too actions because of some particular outlook on life (homophobia, right-wing nationalists, religious nuts etc etc) that I spoke of. So far, any violence or acts carried out by any one of that ilk has fallen way way way below the radar because there is too much info being collected - and this when some have even been singled out as specific threats! Instead of getting warrants to target them individually, mass surveillance was relied upon... and it failed! Meanwhile the methods of mass surveillance continue to put millions of ordinary people at risk of hacking attacks like this one, causing them real harm.

Schoolboys do make errors it's true but a lot of clever hacking is done by schoolboys. The breaking news in the Talk Talk story is that a 15 year old schoolboy from Northern Ireland has been arrested:

http://www.bbc.co.uk/news/uk-34643783

A different technology which would protect people financially in these attacks is the likes of Bitcoin - money is pushed to the reciever anonymously rather than having to provide all your financial details so that they and anyone who obtains them can request money from your bank, the bank normally complying.

If the will was there, a regulated version could easily take over from direct debits and card payments.

"Schoolboys do make errors it's true but a lot of clever hacking is done by schoolboys. The breaking news in the Talk Talk story is that a 15 year old schoolboy from Northern Ireland has been arrested:

http://www.bbc.co.uk/news/uk-34643783

if they've caught him then he's obviously made an error... ;)

The thing about crime is that you only ever hear about the criminals they catch. The smart ones are sat on a beach somewhere making ten percent.

You wonder why these, quite clearly, intelligent people don't channel their 'technical creativity' towards helpful and constructive purposes, rather than the opposite... :rolleyes:

If said teenager is guilty as indicated, then he needs a right good kick up the boz!

Marco.

You wonder why these, quite clearly, intelligent people don't channel their 'technical creativity' towards helpful and constructive purposes, rather than the opposite... :rolleyes:

If said teenager is guilty as indicated, then he needs a right good kick up the boz!

Marco.

Aye and no broadband peivilages for a week :rolleyes:

Id jaol him for 20 years...that ll teach them