The frightening truth...

[Raffles]

The world, as we know it, could be ended by a kid still in short pants.

www.bbc.co.uk/news/uk-34643783

I know it's early stages in the investigation, but we all know of kids that can work their way around a computer as if it is another limb, and they can't all be 'nice' and innocent.

The 'genie' is out of the bottle, and I doubt we can get it back in. How old is the technology that supports the 'red button' that world leaders carry around... is there a 10 year old on his XBox that's hacked in and thinks 'I wonder what this will do?'  

Just something to help you sleep better tonight!  

PS... and just on queue my connection went down! 

[glen]

Oct 26, 2015 20:12:59 GMT Raffles said:

The world, as we know it, could be ended by a kid still in short pants.

www.bbc.co.uk/news/uk-34643783

I know it's early stages in the investigation, but we all know of kids that can work their way around a computer as if it is another limb, and they can't all be 'nice' and innocent.

The 'genie' is out of the bottle, and I doubt we can get it back in. How old is the technology that supports the 'red button' that world leaders carry around... is there a 10 year old on his XBox that's hacked in and thinks 'I wonder what this will do?'  

Just something to help you sleep better tonight!  

PS... and just on queue my connection went down! 

BOOM!!!!

[charliehorse]

The most frightening bit of that story in my mind is this

"The company said it did not know how much of their customer information had been encrypted"

So Talk Talk has no idea how much of the personal data it holds on file about its customers is encrypted, or more worryingly, not encrypted.
Good grief, no wonder a kid of 15 can hack in to their system using what is reported to be a very old and well known about exploit (SQL injection)
Taken from www.bbc.co.uk/news/business-34635583

"The company first indicated that the "sustained" attack was a DDoS, a distributed denial of service attack where a website is bombarded with waves of traffic.
That did not seem to explain the loss of data, and later TalkTalk indicated that there had also been what is known as an SQL injection.
This is a technique where hackers gain access to a database by entering instructions in a web form. It is a well known type of attack and there are relatively simple ways of defending against it.
Many security analysts were stunned by the idea that any major company could still be vulnerable to SQL injection. "

Someone in there IT department is in for the shaft.

[MrDJ]

and already one person (if not more) has had her bank account emptied of thousands by a cold call claiming to be from talk talk.
the gullible lady let them access her computer remotely.

[lisburnvapes]

On a more positive note, if it turns out that it was a 15 yo boy in his bedroom, then at least Talk Talk have been alerted to the frailty of their security and the hackers aren't in fact a more sinister criminal group

[letsavit]

40 quid a month I pay talk talk, hopefully they will hire this kid and sack there IT manger.

[sydsut]

Oct 26, 2015 20:53:51 GMT letsavit said:

40 quid a month I pay talk talk, hopefully they will hire this kid and sack there IT manger.

There's  nothing as effective as poacher turning gamekeeper.

[letsavit]

Oct 26, 2015 22:02:49 GMT sydsut said:

Oct 26, 2015 20:53:51 GMT letsavit said:

40 quid a month I pay talk talk, hopefully they will hire this kid and sack there IT manger.

There's  nothing as effective as poacher turning gamekeeper.

They do cut deals with some, especially so when they get into goverment data etc. Deal is 20 years or work for us...lol

[Deleted]

www.talktalk.co.uk/community/laughter_1.html

See I've found the page, look it's there

[TJ]

I'm with talktalk, do you reckon they will hack into my accounts and pay off my overdraft and credit cards

[mart166]

It's a slightly different subject, but these companies are useless. 3 times last week I tried booking Ryanair flights (who I've used lots of times), 3 frustrated calls to Ryanair, the only response was either book it online, which I couldn't or we'll take booking on phone but will cost double, 5 minutes later booked my flights on Easyjet. Low and behold next day my inbox flooded with adverts from Ryanair (and I'm careful with those tick boxes). So they would not take my booking but managed to harvest my contact details !!!!!!


MP

[charliehorse]

Oct 26, 2015 20:44:13 GMT lisburnvapes said:

On a more positive note, if it turns out that it was a 15 yo boy in his bedroom, then at least Talk Talk have been alerted to the frailty of their security and the hackers aren't in fact a more sinister criminal group

That might be true if the kid had not posted all the hacked details on a certain website (pastebin I think it was ) for anyone to get their grubby cybermitts on.

That's one of the reasons people are getting phone calls from fake talk talk agents who can convince them they are legit using the information and persuade them to hand over bank details.

[lisburnvapes]

Better out in the open, rather than touted on the dark web, when you say anyone , what you mean is criminals, the info is of no interest to anyone else.
Everyone should be aware never to give out any sensitive info to a caller, regardless of who the say they are, we have been talk talk customers in the past and this doesn't worry me, it's been so well publicised , forewarned is forearmed, so to speak

[charliehorse]

Yes, everyone should be aware not to give out sensitive information to people on the phone, but the truth is that people do.
As for better out in the open rather than the dark web, that just seems a bit naïve to me. As if the criminal type that is going to take advantage of this only surf a certain area of the web and if stuff is out there in the open then they wont go near it.

Far too many companies, big and small, accumulate vast amounts of personal data on their customers, then fail miserably to protect that information on even the most basic levels.
Lots of the information companies ask for is not relevant to their business or your dealings with them but they still ask for it, and lose it.

In this instance, Talk Talk has said they will provide free credit monitoring for a year to affected customers.
In reality they will refund you the money you spend if you arrange and pay for your own credit monitoring for a year, providing you claim it back successfully.
And after that year is up ?

The internet is a fantastic thing but in this field the good guys are playing catch up to the bad ones.

[*-SARIN-*]

Talk Talk have got themselves in a world of pain with this latest pickle. Turns out that the CEO dismissed encryption and this is not the first time that the company have had server intrusions. As for the age of the guy, well i'd be more concerned with the armies of 13 year olds in China that would see this as a walk in the park compared to what they are able to do. He wouldn't have done anything really complicated, i'm going for either unpatched software with a known vulnerability or more likely he social engineered an employee.