General Chat

I'm puzzled. I started this topic regarding the Talk Talk situ' and find nasty argument re sport and IT(?) on it.. I rarely post on this site but can see why people have deserted it. Face Book much more pleasant and usually any arguments on the Ex Mil Groups are friendly. Life is too short for nastiness. Get a life and why not start an "Arguments" topic then you can be as nasty as you want to each other. Wrant over and out

http://www.bbc.co.uk/news/uk-34631315

Latest info - seems TT hacked some time ago

Ron2

why should I not call Rollo out when he insulted someone he did not know, not DET the poster, but a relative of hers?

This is just like real life, you know ............ a conversation doesn't always go where you want it to go.

The only difference is that you cannot see facial expressions or body language on the internet, so comments often seem much harsher than when you can see the face and the body.

Maybe Rollo did not intend to be as rude as he was, but it came over as very rude and possibly hurting to the recipient to be told that her relative "knew nothing" and was not to be trusted.

I thought the comments were in general terms.......

Anyway, life's too short as Ron2 says. I am with TT and got the email and wonder if anyone managed to successfully use the code with Noddle as when I tried it told me it was invalid!

I am always exactly myself on these boards. Take that as you like.

AFAIK I have not said anything negative about any specific person. For all I knew Detective's rellie belongs to the minority of large org. tech head honchos who run a secure ship. Unfortunately that is too often not the case - if IT managers flew jumbo jets there would be a daily crash and a lot of hard questions asked.

As it is the frequency of major data loss / system outages is such that hard questions are indeed being asked. So, no, I don't buy second hand expertise as valid for anything from spectator sports to , um, i.t. security. If the secondhand knowhow comes form a rellie does that change its accuracy?

As to the pith of my comment breaking passwords is not a particularly onerous task these days if you have enough brute force. The algorithms used have weaknesses built in long ago when national security agencies in the USA and UK ( Canada? ) did not have the computing power they have today. Some have been closed.

There is little awareness of just how much computing power has increased in the last 10 years especially with governments and major corporations. OTOH the human management systems have gone backwards. That is why the USA lost every last detail of one of their current warplanes to China (which is now lfying a copycat version) and Snowden was able to heist data. The UK has its own sad cases.

The CIA GCHQ NSA et al are rarely much interested in password breaking. They can get most of what they want from the metadata running through the routers and servers which is very difficult for users to fully hide.

If the data itself is encrypted then they will know where to find the data and can decrypt it by the usual methods. OTOH mass encr[tion of data by commercial orgs. is the only way that they can protect themselves against large scale data theft and hacking.

So that is why Google, MS and Facebook among others are in a confrontation with security. Just like in the real world bystanders can become collateral damage ask TalkTalk.

It is impossible to generate truly random digital numbers. From this it can be shown that with a sufficiently long password it is easier to break. Then there are the obvious practical problems of password management. People are often exhorted to change their password often and not use the same one in different situations. That is excellent advice.

Extracting data using SQL/Injection does not need a password. That is because the running task - the SQL database - is receiving an instruction which as far as the task is concerned is legit. so it gets on and does it. A DDOS attck does not require any credentials at all.

The passwords do matter to the users.

In the case of the TTalk attack the data heist does not allow the culprits to directly take any money. However they can use the stolen data (which includes full bank account details, not credit card) in various nefarious ways and the only real defense is to change the number of the bank account with all the attendant hassle. Waiting and watching is a very poor strategy.

As it happens my elderly mother is a TalkTalk client. I became aware of the problem Thursday afternoon. I asked her to contact her bank as a matter of urgency on Friday which she did. All of her account numbers have been changed. Due to her age the telephone contact on her account is my mobile phone. By late Thursday I had received two SMS messages on my phone purporting to come from her bank and three more on Friday. Nothing since. All of these messages were designed with evil intent.

In closing please remember that it is quite impossible to have enough security on a home computer to make internet banking a bullet proof proposition. The risk can be minimised by using the latest OS eg Windows10, installing updates, making sure yr router is secure, restricting sites which can use javascript using NoScript. Even better use a dedicated logon account for online banking etc.

Barclays UK realise this and give their account holders an electronic gadget which is a terrific improvement on security. Sadly it won't stop SQL/i attacks on poorly managed systems.

15 year old knicked for the TT prob
http://www.bbc.co.uk/news/uk-34643783

Kids know everything these days :-D :-D

So much for the jihadi attack!!
E-mail scams asking for account numbers, have been a regular feature, no matter which company you are with.
People may 'happen' to be with Talk Talk and have handed over details, but so have people who are with any other provider.

Annx - I signed up with Noddle using the code - it was a doddle :-D

Did anyone else notice the 'deliberate mistake' on part of the 'how to sign up' instructions, TT had put Noodle instead of Noddle. What noodles :-D

Rollo

"It is impossible to generate truly random digital numbers."

Is that why I never get a good win from ERNIE?

Signing up to Noddle is a good idea but If yr account does get hacked using the stolen details then yr bank won't be liable to recompense you.

http://www.bbc.co.uk/news/business-34654400

If there is a possibility that yr account has been compromised then there is not much option except to change yr account numbers. That is what my mother, a TT customer has done. It took her half an hour on the phone and she already has her new plastic.

It is ez to download attack kits such that with next to no know how a 15 yr old may have been able to run a SQL/i attack. Given the typical connection speed in Ulster he probably got terminated a good while before the whole database had been downloaded. However running a DDOS attack from a home computer without involvement of a lot more people is extemely unlikely. Something does not quite add up so no surprise the guy has already been bailed.

https://www.avforums.com/threads/premium-bonds-is-ernie-really-random.954941/

many years ago in the days of the (then)new pdp11,and the handbook supplied,

( and as I was a complete novice in computer programming,)

and a dumb terminal, using Basic I wrote a program to select random numbers which then were converted to morse code characters. causing the "bell" to make the sounds......
using the restarted program, I found that exactly the same sequence of numbers(characters emerged)

however I discovered that inserting "randomize" into a line of code now caused a totally different series on restarting the task........

as I understood? it at the time this earlier sequence was "written in stone" but using the Randomize caused the sequence to start at a different place each time it was run...

Bob