Updated Find the cheapest broadband discussion thread

phillw

DavidP24 wrote: »

The information commission has allowed a massive #fail by TT, they have a duty of care to protect data.

I am well aware of hacking capabilities, but it can be prevented on such systems, networks and databases.

They have a duty of care, but it's impossible to prevent targeted hacks. In the same way it's impossible to prevent people stealing cars. It would appear you aren't well aware of hacking capabilities.

suboptimal

Hi there,

Considering the Sky deal seems to be finished as there are no codes left - what would people suggest for broadband instead over 12m? I'm moving into my new flat in a couple of weeks and have never had any broadband in my name (so no restrictions in terms of having to be a new customer etc), but all the other ones seem quite expensive.

Would appreciate any help - thanks

blonky

damn, missed out on last weeks sky deal and as my circumstances have recently changed need a decent cheap broadband deal. Doesn't seem to be any atm, i guess my only option is some mild haggling? unless anyone has knowledge of an upcoming deal? any help much appreciated. Regular broadband is fine for me.

solarpanel

Hi all this is a query as my BT fibre deal runs out in a month. They want to offer unlimited ( instead of 45 gb which is fine ) and cost is £39 a month inc rental for 18 months
There must be better deals ? Plusnet looks competitive. As there is a hassle factor switching what can I get BT to offer by end of month ? How do I go about it ?
Thanks for reading this

blonky

Thanks DavidP24, wasn't expecting that much help, thank you. Putting some time aside later to call (and get myself pumped up and real mad!) or not.

I should say though that i'm not actually with anyone atm so might have to take it in a different direction.

Doc_N

DavidP24 wrote: »

Good Luck, remember be a bit angry on the phone, as if you are fed up with being ripped off.

I find it's far more effective being pleasant and polite, rather than angry, whilst still being firm about what you're looking for. That way, you're far more likely to keep the negotiator you're talking to onside. They can, of course, only offer what's available to them to offer, but there is an element of discretion and you want them to use that to your advantage. That's far more likely to happen if there's a good relationship than if you're displaying anger.

To get the very best deals available, you'll probably have to start the formal switching process - that seems to open up additional deals that aren't available before they receive notification of the switch, and it's certainly the case with BT.

phillw

DavidP24 wrote: »

I disagree, anyone who is involved in professional negotiations knows you have to make it hard for them, if you do not come over as difficult you will get 34 offers before they start getting serious.

That only works if both parties aren't very good at negotiating and the person you're being difficult with needs to back down more than you do. Which isn't the case with broadband and increasingly with anything else (like article 50 etc).

DavidP24 wrote: »

however, in my experience, these call centres will be more responsive if you are a bit grumpy with them. After all, you are supposed to be so unhappy that you want to leave.

I have completely the opposite experience. If anything they seem more responsive if you convince them you're naive. They give you a deal because they think that if they do it this year then they'll have suckered you for ever, if you appear too savvy then they will just let you go.

DavidP24 wrote: »

Sorry but that is nonsense.

There are services that can be employed to protect from DDOS, they were not used, there is infrastructure design that could have helped.

DDOS isn't a hack. Spending money to protect against a DDOS when you're trying to stop being hacked would be money wasted, which would put up prices.

DavidP24 wrote: »

There is not leaving your systems and database wide open, once they are inside.

They ALLOWED themselves to be hacked

There is a whole security industry, one has to expect a corporate worth billions would do whatever is necessary to protect customer data, TalkTalk failed in every respect.

Putting ALLOWED in capitals doesn't make your point, it makes it sound like you're being unreasonable. So I'll give one last go before I give up explaining.

Sure they made some mistakes, mistakes that are common across lots of companies, mistakes that will be repeated every time companies put work out to tender and then pick the cheapest. However those mistakes are only known to be mistakes because criminals figure out how to exploit systems and then people learn from it. No matter how much money you spend, you can't pre-empt that.

All you can do is make it harder, but there are millions of hackers out there with spare time on their hands. Hackers in the past have managed to infiltrate organisations to the point they joined the employee darts team.

Normally when someone gets your bank details it comes from a rogue bank employee. You can't really do anything about that apart from not using a bank.

Talk Talk are probably the best bet if you don't want your data to be stolen.

Doc_N

DavidP24 wrote: »

As for Article 50, someone needs to tell Junker that, thus far he has turned people who voted remain to people determined that we leave no matter what the deal.

I'm afraid that remark discredits most of what you said. They don't, and it hasn't. Theresa May's bullish faux-Thatcher claptrap, however......

phillw

DavidP24 wrote: »

Well these are commission hungry call centre sales people, they are not interested in negotiating .

Their commission is based on how little they give away when they get you to sign up. To get the best deals you need to find someone who is decent and then sell to them. Being difficult isn't going to get anywhere near the best deals with anyone. I've not paid for line rental or broad band for years, one year I made money out of O2.

DavidP24 wrote: »

As for Article 50, someone needs to tell Junker that, thus far he has turned people who voted remain to people determined that we leave no matter what the deal.

Is that the "I'm so racist that I'd rather see half the people living on the streets than letting a foreigner protect my employment rights" ideology? That is going to be as successful as Trump trying to negotiate with Mexico to pay for his precious wall.

DavidP24 wrote: »

The bit about asking for the MAC code is to make them think you are naive but serious, however in my experience they will do NOTHING for you unless you pressure them.

Asking for a MAC code is not being difficult or putting pressure on them.

DavidP24 wrote: »

The term HACK is used to describe many things, from editing code to breaking into a network.

No a DDOS is not described as a HACK. Most DDOS are launched from computers that have been hacked into, because it's cheap and non traceable. All you actually need to launch a DDOS is a faster internet connection than the site you are DDOS'ing.

DavidP24 wrote: »

It is one of the primary tool used to attack a device, usually on the periphery of a badly designed network, it allows the scammer (I will use that word so you do not get A Retentive about definition) to gain entry to the network.

A DDOS DOES NOT ALLOW YOU TO INCREASE ACCESS TO A NETWORK!!!!!!!!!!!!!1 A DDOS is simply getting a lot of computers to access a computer all at the same time. It is simply accessing resources that are necessary to provide authorised access, but so many connections that it bogs down their connection and computers. A DDOS attack would get in the way of hacking in to steal data, as you would also be "denied service". It costs a lot of money to handle millions of connections at once, if you don't expect to have millions of connections at once then you don't spend that money.

DavidP24 wrote: »

IF the TalkTalk network had been well designed they would have employed DDOS protection, obviously you can't use it once you have been hacked, that would be closing the door after horse has bolted. Honestly.
[/B]

A short DDOS attack is too pathetic to worry about. A prolonged attack can be handled by switching your DNS to someone with a bigger pipe and have them cache your non interactive pages. DDOS is not that big a deal. It's not like anyone would die or lose money because there is a Distributed Denial Of Service attack on talk talks web sites.

However cloudfront (one of the biggest providers of this type of service) has had a massive security issue for years which has only recently been disclosed. So protecting yourself from DDOS attacks can make your system less secure.

DavidP24 wrote: »

I put ALLOWED in capitals to emphasise that their gross incompetence was as good as giving them access to the data.

I know that is why you did it, but it waters down your point and makes you look less credible. Although you don't appear to know what a DDOS attack is, which doesn't help your credibility.

DavidP24 wrote: »

Not only did they breach the routers on the WAN, they then had free run of the LAN, then were able to breach the servers where the data was held and to top it off the data was not encrypted which is why it is currently for sale on the deep and ever so dark web!

Supposedly the Talk Talk hack was an SQL injection attack on a system that Talk Talk acquired from Tiscali. I'm not sure if they gained access to any server other than the web site that you or I can access. Lots of data has been for sale on the dark web before the Talk Talk hack and will be afterwards too. I'd love to see your face when you find out how many sites store your card details and CSV in the same manner.

SQL injection is so common that there are jokes about it https://xkcd.com/327/

DavidP24 wrote: »

If you could not preempt it we would not have a security industry selling products.

You can slow it down, but a lot of the security products I've seen were snake oil.

DavidP24 wrote: »

I do not think anyone would give a damn if hackers join the darts team but they are concerned when their data is stolen and used by criminals to steal between £300 and £10,000k

Once a hacker is in the building then all of your data belongs to them.

DavidP24 wrote: »

That just makes your response look completely foolish, it is beyond ridiculous IMO.

They were fined a record amount, they aren't going to want that to happen again. They'll try to stop it, they might succeed for a while. Or at least manage to keep it quiet, which is the normal route companies take.

phillw

DavidP24 wrote: »

Right, so they earn more by giving you less, I think you have the roles confused, THEY are the sales person, they sell to you, or try to, usually very poorly.

When you are in a negotiation then both sides are trying to sell an idea to the other. If you're waiting for them to sell to you and being difficult in return then I can see why you're paying so much for your BB & line rental.

I don't send Christmas cards, I'm just not difficult and argumentative. I handle complaints in the same way, I never take it out on the person on the phone as it's not their fault.

DavidP24 wrote: »

All I know is I have not paid over £65 a year for the last 4 years, that is for BB and Line rental, often with extras thrown in.

It's possible for anyone to get cheaper than that just by switching, they don't have to be grumpy or difficult. If you can be cheerful and helpful and still attain the same result, plus feel better about yourself, then it would seem to be a much better outcome for everyone.

DavidP24 wrote: »

That is a bit strong, on what basis can you call me racist, Junker has made offensive, unnecessary hostile comments. I do not see Junker as a foreigner, but as a fellow European, but I have no respect for him now. Trump is a buffoon, hardly worth the oxygen it takes to discuss him. I do not need anybody to protect my employment rights, regardless of their nationality. Junker has no respect for anyone except maybe his cronies

I didn't call you racist, I asked because that is the impression you are giving. Junker is responding to UK politicians crazy and deranged nationalistic propaganda. Whatever the EU does now has been justified by our politicians actions. Therefore your view point would seem like discrimination against him, because he's not a UK politician.

Maybe you don't need your rights protected, but the UK government has been fighting against the working time directive for years. So there are people who do need their rights protected by the EU.

DavidP24 wrote: »

Gosh, again you miss the point, OFCOM changed the system, you no longer need to call your old supplier, you can just go to the new supplier and place your order, once placed OFCOM rules prohibit your current supplier from trying to make you stay. Calling to request the MAC code is just a pretext to call them and tell them you are deadly serious about leaving. As it was the previous system they will know you are serious.

Your old provider still ask you to phone them, you are doing exactly what they want you to do. It's not being "difficult" or clever.

DavidP24 wrote: »

I covered DDOS in my last message, not going to waste much more time on it, you clearly have no idea. YES computers, PLURAL, so you need more than a faster internet connection, you need hundreds of computers. What matters is the protection, network appliances that detect and prevent.

You did, but you're 100% completely wrong about them. So we need to go over it until you get it right.

DavidP24 wrote: »

Jesus Phil, using capitals now, when you use capitals like that it just shows you do not know what you are talking about.

I'm being difficult and grumpy like you told me. IS IT WORKING??????!!!!!!!!1

DavidP24 wrote: »

The goal of using specific DDOS is to make the router overflow and give root level access, from there with God like rights you grant yourself access.

No that isn't what a DDOS is at all. If you're going to talk about hacking then please do some basic reading up on it first.

DavidP24 wrote: »

As I said it is the first line of defence, go ask any large business how much it cost them to be offline, think BA this week, no £100m in compensation is not a lot of money.

BA was a power spike taking out their IT systems that controls flights. If talk talks web site went offline for a week due to a power spike then it wouldn't have the same effect.

DavidP24 wrote: »

DDOS is just one of many tools, scammers are doing penetration testing all the time. As I said DDOS is more like breaking a lock on a perimeter, the subsequent damage can risk death in certain environments.

No, a DDOS doesn't break a lock on the perimeter. It stops everyone from getting in, including a hacker. The clue is in the name "distributed denial of service", everyone is denied service.

Penetration testing is related to hacking. Is this you trying to shift the conversation without admitting your mistake?

DavidP24 wrote: »

I am thinking the same about you, no credibility or even basic understanding of security at all.

As you have no idea what a DDOS is, then aren't one of my peers and therefore I don't care what you think of me.

DavidP24 wrote: »

That is not my understanding of what happened and it is incomprehensible that a web facing server would even have that access to that data. If that was the case then TalkTalk have a lot more to answer for, ALLOWED is not enough, it would have been an INVITATION.

Most web sites now allow you to change your direct debit. So the data will go through the web server even if it couldn't pull up the current data.

It's not an invitation, because they didn't publicise it. Your righteous indignation is causing you to make statements that are verify ably untrue, even though you are adamant they are true.

DavidP24 wrote: »

SQL injection vulnerability is patched just like anything else, more often than not it comes from poor programming,

It is arguably poor design, but that is the norm. Nobody wants to pay the price, because their customers are demanding cheaper prices all the time. Most companies treat software development like factory work.

DavidP24 wrote: »

Not true, if the system had been designed properly they would only get into an outer zone, In systems I designed we had VPN's that only accepted traffic from the computer that needed access, we had the same thing at a server level and the data was encrypted, they would not be able to execute SQL injection, just call stored procedures. It is all about end to end security, if you design it from the ground up with security in mind, then hackers are stuck in that first zone, detected and isolated.

All of those components will have exploits, because it's software written by humans. The NSA couldn't protect themselves from being hacked and what was stolen from them is far more worrying to me than someone getting my bank details. It was a catalyst for the NHS attack, I don't care if BA are grounded or xbox one/ps4 players can't go online for a week in comparison to people having their operations delayed.

It's a common misconception that SQL injection is prevented by using stored procedures. You still need to design them right, or you can be left with a false sense of security.

You could argue that security is the same as house security. You don't need (or want) to make your house completely secure (because you'd have to buy a new house if you lost your keys) you just want to make it secure enough that a thief goes next door. But in that case, you shouldn't be arguing for Talk Talk to improve their security, because it will have the opposite effect and eventually your systems (or ones using the same methodology) will be the ones that are targeted and then you're in trouble.