General Chat

Wot a mess. This link might be of help to those who use TT

http://www.bbc.co.uk/news/technology-34615692

I finally got my email from Talk Talk, delivered to my spam folder

It doesn't tell you anything which hasn't been on the news already

so what's the point of having say a 15 character password that is relatively easy to remember?

if it can be got hold of that easily?

It's all gonna come crashing down one day!

I had a problem with my Barclaycard yesterday a site would not accept it for "that currency" on a UK site paying in UK £.
I assumed the fault was with the site but to be safe I rang Barclaycard this morning.

"Sorry we are experiencing technical difficulties and will be unable to deal with your inquiry for at least two hours.................."

Oh dear! :-(

On the subject of passwords, a relative suggested using a phrase relating to a family member such as

LittleJosephis112%adorable
ImMoggsNumber1sServant

They are a mixture of upper and lower case letters, numbers and characters

passwords such as "LittleJosephis112%adorable " are dead ez to break.
passwords all random digits of 16 chars require a modicum of power and force - there are plenty of free apps wihich will generate them. Of course such passwords are impossible to memorise so people write them down on postits which are stuck under the desk, back of the screen and so on, save them in text files, browser saved passwords list ...

yeah, passwords are an utterly crap form of security and a big factor in computer insecurity but not the largest one.

Barclays have a handy little gadget which generates one time passwords. It is safe to use online. Otherwise if you must use online banking ideally use a dedicated computer or if that is not possible a dedicated login for banking, utilitities and such. Yes, this is a bit tedious but not as tedious as having yr account hacked.

Try and avoid using yr real debit card/credit card online. A good way around is to use a secure third party such as PayPal or Barclay's PingIt. Another method is to get a moneycard which have VISA type numbers and card code for transactions and top up the moneycard as needed. This is an especially good way to deal with dodgy shops and restaurents as well as online.

Quite why large orgs store data in what is essentially a flat file I can only guess. They avoid encryption because it takes significant computer power and it is far from unknown for the passwords to be lost or compromised.

Don't feel smug if you don't use TalkTalk. All of the others could be hit in much the same way at any time.

fwiw TalkTalk accounts are already receiving messages on their mobile phones purporting to be from their bank asking them to ring up and "secure their accounts". The numbers in the sms are not those of any bank but will connect them to one of the nasty we-will-take-all-yr money scams. Those most vuinerable are the least likely to check.

:-(

The easiest way to get a system password within a large organisation is (a) look under desk, back of screen etc or (b) just ask a human for it.

BT OpenReach who runs the UK's digital background are installing a lof of Huweii equipment which is made in the Chinese republic. TalkTalk home routers come from the same firm. Just a thought.

Not according to the relative - he is an international IT support manager and has worked for several high-profile firms. He'd disagree with you.

".....its long, complex, easy to remember and would take a supercomputer about 50,000 years (not an exaggeration) to crack."

" If I use the password 'Johnny' without quotation marks, a brute force program will get it in about 5 seconds. If I use 'Johnny123' it would take a few hours."
[ names have been changed]

I'm with Talk Talk. Have been since it was Tiscali.
I went to log into my account - which I rarely do - and realised the e-mail address and password used are only used, by me, for them!!
I haven't used that e-mail address for nigh on 10 years.
There were no suspicious e-mails either, just a lot from Find My Past and Harley Davidson - I've not been a member of FMP, nor contacted Harley Davidson for 10 years .
At least this means, if any wrong-doing is done using this e-mail, I'll know it's through Talk Talk and not me being 'lax'!

The trouble with IT support managers is that they tend to believe in the adult equivalent of fairy stories; these are the people primarily responsible for all the endless breakdown of security which is very close to making the internet unfit for purpose.

Most of them have crawled into their jobs starting from it support desks with jolly firms such as Dixons or Egg or a UKGov support contract. They have never written a line of serious code and could not understand it anyway. Even for systems support and config they are nowhere without point 'n click UI. The house motto is "if it aint broke dont fix it".

It is a mathematical paradox that a password of sufficient length is easier to crack - this is due to the nature of digital generation of not-truly-random numbers and deliberate errors in the RSA alogorithms used in commercial software. Or as the Americans would put it what goes round comes around.

The hoary old line that it would take a zillion years and a zillion it support managers to break a password with their pocket super computers is wrong. The computational power in the sort of rig typically setup for BitCoin mining can break the typical commercial password in minutes at worst and often far more quickly is such strings as "FidoBarks" are included. The sort of supercomputers installed at FoggyBottom and Shanghai suburbs can pull it off far more easily.

The single most useful thing that any person or organisation can do to improve on its software security is to stop using Microsoft products and Android OS.

Microsoft Windows is constructed from the ground up in such a way as to make it insecure. Most govt & commercial security is still relying on discredited GINA though to be fair to Microsoft SWIVEL is a lot better. It is just that IT support managers tend not to have budget/able to get their heads around it. Poorly understood half implemented IT security is an accident waiting to happen as at TalkTalk.

The single most useful thing that governments could do to improve internet security is to mandate ipv6 over the current ip4. Unfortunately this is unlikely to happen as it would make the mass surveillance popular with GCHQ far more difficult to carry out.

I noticed on Newsnight last night that UKGov have built a hackers centre in Manchester and have invited quite a few of the top UK hackers to play with the toys there rather than getting a report from, say, top it support managers. Somebody is "getting it" then.

You do not know my relatives background, previous employment and training – I do ;-)

My friend on TT has been hacked...she was taken in by a phone call that sounded so genuine.she is not usually so gullible.

She had £271 pounds taken by Western Union,which I believe is way of transferring money internationally .she contacted her bank and they have been good and she hasn't lost it,but she did say that when she was online on her computer,a line
came down and wiped her computer clean,so it was hacked and she lost her photos and other contact details.

I am with TT and so far all is OK,but I don't do on line banking,which I have always been wary of.....my friend isn't thinking of leaving as now this has happened it should be more secure...and it could happen to any other provider.
Her bank did say that the hacker starts off with an unusual amount or a small one so that you think with it being an odd number that it won't be hacked...,before really hitting it.

how they did it

https://en.wikipedia.org/wiki/SQL_injection

usually downloading a databse of 4 million records might attract a bit of attention even at TallkTalk; therefore before making the sqli attck the hackers hit TalkTalk with a DDOS attack which put their web and email servers out of action. The tech staff were so busy dealing with that they didn't notice the data theft.

the tactic of hitting the enemy on the blind (bling heh heh) side is well documented right back to the Punic wars between Carthage and Rome and is of course much used by rugby and soccer footaball tea,s.

maybe the strongly held idea of the general public that the computer geek fraternity should get out and about a bit more is bang on the button.

I guess we will soon see on their web site a crowd funding address of where to send your banana donations.
:-D

It doesn't help with security that a lot of people quite simply ain't a clue. Lots of people either can't be bothered or not aware that where they've had to sign in/register to visit a site or access their email that they need to SIGN OUT when finished. Quite often they just click on the "X". When I was having probs with Virgin and had to use a PC at town library every time I went to log in to Face Book there was the email addy still showing of previous user - in other words they just "X"'d. Old Guy I know been using a Laptop for 3 years just hasn't a clue and aint interested. He uses same simple password for anything/everything and is an "X" er. Talking to a woman one day in queue at Build Soc and she didn't have any security because, as she put it "I only use it for emails so don't need anti virus" !!! People commonly use family members names for passwords. There's no such thing as 100% security but..............

The latest info I could find


http://www.bbc.co.uk/news/uk-34627541

Rollo ...........


why do you make a habit of talking down to people and insulting them and their relatives?

Your reply to DET is indefensibly rude.

How about an apology, and a halt to making assumptions about person you do not know?


------
As for me, a lot of what is being discussed on this thread is gobbledy-gook ............... we don't have Talk Talk, thank heavens :-D

Agree, Sylvia.
Anyway, it's (apparently) not as bad as initially stated!!!!

http://www.bbc.co.uk/news/uk-34627541

Some people may have red faces!!

I fail to see why I should be admin for utility companies or a computer geek for bl**dy internet access. I pay my money - give me safe service!!

My theory is, if I met one of these 'experts', I'd ask them how to make a pair of curtains. You see them (curtains) every day (though not in my house), you open and close them, the elements are obvious - now try making a pair. Bet your bottom dollar, they'd make a mistake!
If they somehow manage the curtains - next step is re-covering the 3 piece suite :-|
I've done both, more than once, so don't bother looking down on me :-P

Received an email today from TT re signing up to Noddle alerts, usually £20 pa but free via TT code. Well worth doing to keep a check on any rogue credit report activity.

TT did say they were going to offer their customers a free credit check for a year. That's probably why you've been sent the email.

https://help2.talktalk.co.uk/noddlealerts
..............
What is NoddleAlerts?
It is a premium service that provides weekly emails highlighting any significant changes to your credit report, helping to prevent identity theft. (Normal cost £20 per year).
http://www.aquacard.co.uk/credit-card-faq/credit-checker-faq/

Well one of my relatives plays international rugby. I don't claim that makes me by association any sort of expert on the game.

So, re: I.T. managers .... no.

well then you are very different from many other people who do consider them experts in rugby, or any other sport, just because they watch it.

I also have a relative who was very high up in the administration of an International sport, but I don't consider myself an expert on that sport per se. I do know a lot of dirty stories about what happens at the international level, much of which is only now becoming public. My relative's sport was not soccer ............ but there is no doubt that the activities found in soccer is, or was, also found in other International governing bodies.



The point on this thread is that you did not criticise the OPINION, you criticised the PERSON, someone you presumably do not know and are never likely to know. You basically said that someone working as an IT was incompetent and not to be trusted.

THAT is what I found indefensible, and why I think you owe an apology