TalkTalk website hit by cyber-attack

Options
1262729313249

Comments

  • 2010
    2010 Posts: 5,370 Forumite
    Name Dropper First Anniversary Photogenic First Post
    Options
    enfield_freddy wrote: »
    I'm just starting to get emails asking if

    "have you got TDI !!!!"

    Phewwwwwww, for a minute I thought you meant from TT about there broadband speed.
  • 2010
    2010 Posts: 5,370 Forumite
    Name Dropper First Anniversary Photogenic First Post
    Options
    TT`s CEO says not as bad as first feared.
    One whole week later and the site is still down.
    No one can access their accounts and you can`t even find out how much you`ve used of your monthly allowance on the mobile.

    Shambles or what.
  • Pasareti
    Pasareti Posts: 14 Forumite
    First Post Combo Breaker First Anniversary
    Options
    Very useful that guide in the main MSE about how to deal with TalkTalk. There is only one snag: you cannot complain or do anything by email,they simply cut this channel off.You have to phone them,which means you have no record of what you said and when and to whom. Nice move from TalkTalk but I wish Paloma Kubiak the author of that useful guide spotted it and helped us all how to send that template letter to TalkTalk.
  • enfield_freddy
    enfield_freddy Posts: 6,147 Forumite
    Options
    TT state that all personal date (accounts) is stored off site ,


    so why after 7 days is the site down?


    TT said that it was only basic info from peoples accounts that had been stolen , those are not stored on the main site , so thy is the site down?


    talk talk have either lied or have not paid the ransom and are locked out of the main site.
  • Jack_Griffin
    Jack_Griffin Posts: 202 Forumite
    Options
    Just got an auto reply to an email I sent. Which is good, I've now got a record of the my email & an acknowledgement.
    Many thanks for your email. We are currently experiencing high volumes of demand and will respond within the next 14 days.

    [FONT=Calibri, sans-serif]Regards,

    [FONT=Calibri, sans-serif]TalkTalk[/FONT]
    [/FONT]
  • joe134
    joe134 Posts: 3,336 Forumite
    edited 29 October 2015 at 9:02AM
    Options
    I think there's more chance of being conned for money from other sources, than this TT breach.If it 's upped peoples guard, that's good. Usually peoples complacency is more the fault.
    A lot of scammers are using this breach as a cover.
    TT have a lot to answer for ,and no doubt, they will lose a lot of customers.Like VW, it's gonna cost them, big style.
    They handled it, and still are, very badly.
    It's obviously more serious than they are saying, or, why is the site still down.
    I wonder what BT or Sky.et.al would have done in the same boat.?
    Hindsight is a wonderful thing.
    It's the nature of the beast.
    M&S yesterday.
    British Gas today.
    I think, once the site is back up, and things settle down, TT will release customers of their contracts, if they want to leave, but, will also , offer incentives to stay.
  • 2010
    2010 Posts: 5,370 Forumite
    Name Dropper First Anniversary Photogenic First Post
    Options
    joe134 wrote: »
    I think there's more chance of being conned for money from other sources, than this TT breach.If it 's upped peoples guard, that's good. Usually peoples complacency is more the fault.

    I tend to agree, it`s the scum on the phones you have to be more aware of.
    Claiming to be from TT or whoever.
  • joe134
    joe134 Posts: 3,336 Forumite
    Options
    2010 wrote: »
    I tend to agree, it`s the scum on the phones you have to be more aware of.
    Claiming to be from TT or whoever.
    I get them every day, on the phone.Just live with it.
    Caller display is handy.
    Even a number change wouldn't alter things.
    They can be very convincing.
    I have been hacked before, and it's not nice.
    Luckily it did not cost me any thing.
    I'm very cautious now, but,I still can do stupid things.
    To Err is to be Human.
  • crittertog
    crittertog Posts: 190 Forumite
    Options
    Goldiegirl wrote: »
    I visited Bletchley Park this week, and saw how the war time code breakers broke the Enigma code, which was considered unbreakable by the Germans.
    If you wanted to attack the Enigma machine by brute force on a modern computer, you'd still be waiting a rather long time. The main issue with Enigma was the initial settings (key) were re-used, allowing cryptanalysis to reveal the workings of the machine (i.e. sub-par key management).
    Goldiegirl wrote: »
    I would say that, if the criminals were proficient enough to get into Talk Talk, they would also be proficient enough to have a good go at breaking any encrypted data.
    It's been reported in the technical press that the vulnerability that was exploited was a SQL injection vulnerability, which is a basic mistake. There are automated tools for testing for and exploiting SQL injection flaws (I use one in my day job).

    Modern encryption algorithms such as Rijndael/AES are heavily peer-reviewed and mathematically solid (as in, the NSA apparently can't break it, according to Snowden). Provided there are no issues with key management or bugs in the implementation, the heat death of the universe will occur before you break it by brute force.
    onomatopoeia99 wrote: »
    One way encryption is possible, and passwords are routinely stored this way
    That would be hashing, which is distinct from [reversible] encryption.
    onomatopoeia99 wrote: »
    If the site has been compromised to the extent that data has been stolen, then it's fair to assume that the decryption keys used on the site to read any encrypted data have also been stolen. Having the data encrypted would add nothing in the circumstance.
    It's been reported that the vulnerability that was exploited was SQL injection. Depending on the type of SQL injection (resultset concatentation vs criteria relaxation) and how the site was coded, if the data were encrypted, the attacker may just have gotten "gibberish" out.
  • Forex_Fred
    Forex_Fred Posts: 35 Forumite
    First Post First Anniversary
    Options
    crittertog wrote: »
    If you wanted to attack the Enigma machine by brute force on a modern computer, you'd still be waiting a rather long time. The main issue with Enigma was the initial settings (key) were re-used, allowing cryptanalysis to reveal the workings of the machine (i.e. sub-par key management).


    It's been reported in the technical press that the vulnerability that was exploited was a SQL injection vulnerability, which is a basic mistake. There are automated tools for testing for and exploiting SQL injection flaws (I use one in my day job).

    Modern encryption algorithms such as Rijndael/AES are heavily peer-reviewed and mathematically solid (as in, the NSA apparently can't break it, according to Snowden). Provided there are no issues with key management or bugs in the implementation, the heat death of the universe will occur before you break it by brute force.


    That would be hashing, which is distinct from [reversible] encryption.


    It's been reported that the vulnerability that was exploited was SQL injection. Depending on the type of SQL injection (resultset concatentation vs criteria relaxation) and how the site was coded, if the data were encrypted, the attacker may just have gotten "gibberish" out.


    From what you've written it seems you should be sorting out TT's problems. Is part of the cause that there are just not good enough IT security people around or even people learning this skill?
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.5K Banking & Borrowing
  • 250.2K Reduce Debt & Boost Income
  • 449.9K Spending & Discounts
  • 235.7K Work, Benefits & Business
  • 608.6K Mortgages, Homes & Bills
  • 173.2K Life & Family
  • 248.3K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards