General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | (show all)   Print Thread
Standard User alext05
(committed) Thu 22-Oct-15 22:16:54
Print Post

TalkTalk website hit by cyber-attack


[link to this post]
 
TalkTalk website hit by cyber-attack- BBC
Standard User bobble_bob
(fountain of knowledge) Fri 23-Oct-15 06:17:54
Print Post

Re: TalkTalk website hit by cyber-attack


[re: alext05] [link to this post]
 
Im on TTB but via a reseller. Do resellers pass on customer data to Talk Talk or am i safe?
Standard User alext05
(committed) Fri 23-Oct-15 06:58:54
Print Post

Re: TalkTalk website hit by cyber-attack


[re: bobble_bob] [link to this post]
 
Sorry, I wouldn't know, but people in TT forums might or someone can provide that info later. There is a statement on TT website:

http://help2.talktalk.co.uk/oct22incident


Register (or login) on our website and you will not see this ad.

Standard User bobble_bob
(fountain of knowledge) Fri 23-Oct-15 08:42:06
Print Post

Re: TalkTalk website hit by cyber-attack


[re: alext05] [link to this post]
 
Pulse8 replied saying only basic info is passed over which is needed to get a line installed. So assume tel no and address?
Standard User MHC
(sensei) Fri 23-Oct-15 08:58:22
Print Post

Re: TalkTalk website hit by cyber-attack


[re: alext05] [link to this post]
 
I have just heard Dido Harding on R4. She was asked "Can you confirm that customer data was encrypted". She refused to answer that it had been. Make of that what you will.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User bobble_bob
(fountain of knowledge) Fri 23-Oct-15 09:09:57
Print Post

Re: TalkTalk website hit by cyber-attack


[re: MHC] [link to this post]
 
There own statements admits not all was encrypted. Funny how they claim customer data security is at the upmost importance then dont encrypt some of it. So clearly its not is it?

Why dont all companies encrypt ALL customer data? Too many dont and there is no excuse these days not to
Standard User Oliver341
(eat-sleep-adslguide) Fri 23-Oct-15 10:29:38
Print Post

Re: TalkTalk website hit by cyber-attack


[re: bobble_bob] [link to this post]
 
Wouldn't data encryption be more relevant in the case of physical hard drive theft? If this attack was using an exploit in TalkTalk control panel systems, which would need to decrypt the data in order to make use of it, then the encryption would be bypassed I would have thought.

Oliver.
Standard User bobble_bob
(fountain of knowledge) Fri 23-Oct-15 10:57:15
Print Post

Re: TalkTalk website hit by cyber-attack


[re: Oliver341] [link to this post]
 
Not sure in this case but there has been data theft where hackers stole a database with details stored in plain text. PSN for example to name just one

Should be law that data cannot be stored in plain text
Administrator MrSaffron
(staff) Fri 23-Oct-15 11:07:21
Print Post

Re: TalkTalk website hit by cyber-attack


[re: bobble_bob] [link to this post]
 
If someone has managed to steal a database it usually means they would have no trouble finding decryption keys, i.e. you email address has to be stored in a way that can be decrypted to send you an email, or your address for posting out bills

There are ways to store passwords so that not even the website owner can get the actual password back, i.e. one way encryption. Though some of these methods can be broken given resources - hence why at this stage any discussion is going to be vague so not to give people who have acquired data any snippets of useful information.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Gal12
(learned) Fri 23-Oct-15 11:42:39
Print Post

Re: TalkTalk website hit by cyber-attack


[re: MHC] [link to this post]
 
In reply to a post by MHC:
I have just heard Dido Harding on R4. She was asked "Can you confirm that customer data was encrypted". She refused to answer that it had been. Make of that what you will.


And this despite having answered in the negative on their own website...with the addition of a beautiful example of obfuscation in answering a different question to the one posed.


""Was the data encrypted? If not, why not?"

Not all of the data was encrypted. We constantly review and update our systems to make sure they are as secure as possible. We’re working with the police and cyber security experts to understand what happened and protect as best we can against similar attacks in future."
Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | (show all)   Print Thread

Jump to