TalkTalk problem

Yawn away; be my guest. Maybe you need some sleep, in which case do please get some. I expressed a view, as you have yourself done; neither expression is in and of itself indicative of a liking for the sound of one's own voice. You tell me what a bona fide customer can and/or should do when a company in which he/she has investged his/her trust to the extent of providing to it personal and security data when that company has its entire systems hacked through no conceivable fault of that customer, as discinct from a situation in which the customer is arguably in part to blame for his/her plight (which I agree is the case in certain instances).

Anastasius is correct here, regardless of any other absence of agreement between us on this. It does NOT and indeed by definition cannot prevent this.

Some years ago, I encountered fraudulent activity on my charge card account. My customarily ultra-efficient bank noticed these instances before I did and closed down the account pronto. However, on one such occasion I was trying to pay for a car part costing less than £20 and the card payment was declined because of such activity having just occurred and, as usual, the bank closed the account forthwith and began the process of setting up a new one with a new card. I was assured that, once the card number had been created, I could go to try again to purchase the part and the bank would provide me with the card number to do so over the phone, provided that I first passed stringent secutiry questions, rather than having to wait to receive the actual card. I did this two days later. The card number was available, I received it over the phone from the bank in the presence of the retailer and then tried to use it for the transaction, only to find that this new card account had likewise already been compromised similarly even though the physical card had yet to be despatched to me. This meant that someone had hacked into the new account even before I'd had any reasonable opportunity to use it. All was ultimately resolved OK but that experience taught me that any such account could be hacked even before the legitimate account holder could use it. If that doesn't tell anyone how vulnerable any account can be to hacking, I don't really know what will.

What would you suggest then as a clear sign of pre-paid management responsibility, another £5m bonus for Ms Harding to reflect her exceptional contribution in being in ultimate charge of stable-doors security when the horse saw its irresistible chance to bolt when the doors were left wide open?

We are, of course, ignoring the contribution made to this hack by the hundreds, if not thousands, of PC owners who are too lazy or stupid to keep their PCs up-to-date with anti-virus software. Without these idiots (who should have their PCs forcibly removed, cleaned up and given to schools) the hacker botnets would be unable to exist as easily as they do now.

Again, you're referring here to individual users, albeit in large numbers and, again, you are of course correct in what you say about those who cannot apprently be bothered to implement their own security measures, but I do not think that this factor is necessarily being "ignored" when the principal issue at stake here where such security procedures are concerned (the thread is, after all, entitled "TalkTalk problem") is those taken - or not taken - by TalkTalk itself on behalf - and in the interests - of its customers; when customers give personal data and security informtion to a company and that company is then revealed to have grave shortcomings in its own security arrangements, the precautions taken by those customers will not be guaranteed to protect them from the kinds of attack of which TalkTalk appears to have left itself vulnerable.

I feel that added factors are that collectively we are becoming stupid. We are encouraged to use social media, or do so anyway, and we are exhorted to "keep data in the cloud" - which I try to avoid. We get told that "the connections are secure and encrypted" but we have no proof of that until things go wrong. We also get told that "data is held securely, and encrypted" - but clearly that is not always the case. We are also told that "We will never pass on or sell your data to anyone or any other outside organisation" - yet another lie.

In fairness to TalkTalk - which isn't an organisation I like much - they are not the only firm or organisation which has poor, nay bad practices, but they are one which has managed to expose itself to current media attention. Many others may also be poor, but not currently in the searchlights.

People think that storing photos and contact lists in "the cloud" is OK - for them it may be convenient, but a hacker could easily use informaton, if it could be hacked, to be able to hack into other sites. Suppose you have a contact list - it will possibly also have an address (as well as a phone number+email). Some people also put details of other people's kids and birthdays into contact lists - for social reasons. Other people put up photos - "Judy and Sam on holiday". A hacker with a slightly above average IQ could use this information to reduce the search for suitable passwords for secure sites and with some form of brute force attack might be able to strike lucky sufficiently often to be profitable. Having more data makes it easier for criminals to operate - they don't necessarily care who they rob (for example) but may find a whole group of people who taken together provide a wealth of information about each other, which can be exploited. Hitting only one or two of them may be enough - and indeed some criminals might not wish to attack all potential victims as it would then be obvious, whereas a lower key approach might br profitable and reduce the risk to them of detection.

I don't have an answer to this - but there's so much data out there that bad guys of even only moderate ability can exploit it to bad effect for the rest of us.

Is the fullstop on your keyboard broken? It's the small dot situated between a comma , and a backslash / in case you've forgotten.

@ Dave2002

While your points are very valid, I can't help think that perhaps you are exaggerating the degree of effort needed by your hacker to go trawling through countless Facebook pages trying to guess what a password might be. I can understand a targeted attempt at someone like a celebrity or politician but, if you are like me, I doubt very much whether any hacker would be interested in us !

There are far easier pickings out there. Just pop down into the Dark Web or even the Deep Web and buy your stolen credit card details there.

To which question?

"Don't worry" they will be able to get all your dosh


"Don't worry...the answer is No"

So you don't know then?

I think there is (as others have hinted at) a game being played in the way 'customers' are told what they should do or not.
Those who do all the "right" things are somehow behaving in a correct way by filling their minds with this stuff on a weekly basis.
How does one remember (without writing down or using a "password manager") endless passwords anyway?
There are far too many of them attached to all sorts of things unnecessarily.

Why do we have to have this spurious "choice" anyway?
LESS choice in this area of life would be a good thing IMV

save the choosing for things that matter (like cheese)

Your apparent inability to see the one following the word "vulnerable" might seem to suggest that you should have gone to Specsavers; furthermore, "/" is a forward slash, not a backslash. What either have to do with the TalkTalk problem under discussion here is, however, unknown to me.

Give the man a break
he's been up all night watching Spinal Tap

You appear to have overlooked my earlier "tap" comment! - just as A appears to have omitted to take note of that about allegedly invisible full stops and the difference between slashes that cry "forward" and those that cry "back".

Never mind - I'm crying "back" - to the subect, please, on which I daresay there are more interesting and thoughtful comment to come.

Never been there. Perhaps the reasons that data exists there is precisely because of some of the behaviour patterns I've already mentioned. OK - so you're perhaps saying that for those "in the know" that they can already do the kind of things which are against most of us, and that for the rest of us the horses have already bolted. In that case, why should anyone care about the TalkTalk incident, even if now "less serioius than had been thought .."? Why don't we all just post all our details up on a huge website - we could all shrug our shoulders "not a big deal - it's already been posted on the dark web ....".

I don't think so.

We also know that some hackers work in a coordinated way, in cooperation/collaboration with others, thus inclreasing the available computer power to them, and we also know that some do use some quite clever techniques in conjuction with brute force in order to get a result - for example the use of rainbow tables.

Excellent so that's 1:1
I used to play a game of "tap quotes in context" in music workshops.
It's surprising how many of the UK's top orchestral musicians are able to seamlessly do this.

No, I'm not saying that at all. All I was trying to say is that there are far easier pickings for a hacker then trawling through your or my Facebook pages (that is if we had one!).