Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed Chaos reigns at TalkTalk as the telco appears to be claiming that a distributed denial of service (DDoS) attack led to customer data being compromised – despite that being technically infeasible. A contradictory series of claims in a TalkTalk statement published this morning has suggested the company does not understand the …
Programs do.
There isn't a language out there which will prevent you doing something as silly as connecting to a DB and passing it a string straight from user input. If there's anyone out there relying for their security on a choice of language, then they're not going to last very long because it is not going to help in the slightest.
Perhaps there are some IT bods out there patting themselves on the back right now because they don't use PHP and are therefore 'secure'. Perhaps people this clueless were working at Talk-talk too.
There isn't a language out there which will prevent you doing something as silly as connecting to a DB and passing it a string straight from user input.
There *sort of* is.
Most SQL databases allow "prepared statements", in which the SQL command - sans data - is set up, and the data then supplied to it. This means that the parsing of command vs. data occurs long before the data turns up. Thus, once the data is applied, the DB will not confuse the two; SQL injection is obviated, even if the programmer "forgets" to sanitise the data.
Note, however, that the term "prepared statements" can be misused: I found a Python SQL library that promised prepared statements, but actually just used string formatting to create a simple statement. The result was that the library appeared to offer the protection I've outlined above, but actually didn't.
Vic.
Perhaps they where hoping their Chinese website spying partner would have alerted them to so much traffic, when they started running low on space to store so many users data flows?
"Stalk Stalk" have let their customers down.
Again.
This is an all too common theme.
1) Outsource your IT (somewhere really cheap, no dedicated resource, high staff turn over - go on guess, you know where)
2) Get rid of the only people who know how the systems work
3) Put in management who only see security as a barrier to cheap infrastructure, and seek to undermine it whenever they can
4) Have no processes in place to govern anything, let alone access to sensitive data
Been there, seen it, tried to stop it. If only they did t-shirts.....
And why didn't he vet the press release?
Even if the he's a PHB I would have expected clearer language than this. It's blatantly obvious that whoever wrote that release doesn't know a website from a webserver.
Hmm - looks like they may have a "CTO" and that they are CIO-less at the moment. (Ad heavy links)
http://www.computerweekly.com/feature/CIO-Interview-Gary-Steen-CTO-TalkTalk
http://www.computerweekly.com/news/4500248681/Former-TalkTalk-CIO-to-lead-Police-ICT-Company
According to this article from a few minutes ago some miscreants are demanding money from TalkTalk.
"Harding previously said the company had assumed a worst-case scenario that all the personal data relating to its customers was compromised until TalkTalk could confirm exactly what was taken. She has apologised to customers for the third cyber-attack affecting the telecommunications firm in the past 12 months, but said the breaches were “completely unrelated”.
That is, only related by the fact that their security still isn't up to scratch!
Looks like someone beat you to it and has already blamed "Islamic extremists".
Well, yes. Obviously.
Basement-dwelling geeks and career criminals apparently feature very low on the British Establishment's list of likely suspects, strangely enough.
This post has been deleted by its author
"Until Facebook takes over that task as well."
You do know that somebody in government wanted to use Facebook for reliable online identification of people?
Presumably a senior civil servant who had been given an iPad for Christmas and now considered himself an expert on IT.
A free subscription to identity theft protection by one of the credit reference agencies.
Bwahahahahaha!
These cretins should be paying significant (ie: £ks) to every customer and their senior management should be in Court.
Has anyone calculated the time required to change all ones Banking details, passwords and Credit / Debit cards? Has anyone actually put a figure on what this will cost each customer? TT shouldn't just offer a worthless "subscription" to Experian (who are entirely useless anyway) - they should be paying serious amounts of compensation to EVERY one of their customers.
Maybe the crims should just call TalkTalk and cancel all those accounts, as they apparently have all the data they need to do that. That would send a message that even management understands
But how do you know your account has been compromised, it wont be from the bank still paying them, that's standard practice for TT?
TT kept debiting me monthly for over 7 months after I left them, it took about 2 hours of phone calls and an email to a director to stop them, the crims would be bored shitless trying to cancel more than one in a lifetime
If you would trust us (again) with your credit card details, your bank details, your home address, date of birth and other personal details then we will send you a free voucher worth 1 hour of broadband usage against your monthly bill.
A representative who we can now only assume will be from TalkTalk claimed it was "contacting all our customers straight away to let them know what has happened and to update all of their nice scrummy payment and user credential information. We might keep them up to date as we learn more. But we might not. As might not actually be us."
Since they pretty much forced me to sign a two-year contract with them earlier this year, they have put their prices up twice, and now this FFS.
It is also clear that they don't even know what actually happened and how much damage has actually been done. On the face of it, my personal details were stolen via a sustained DDoS attack. Hmm. Utter bullshit.
Well I'm off and just let them try levying any termination fees. Its a shame as their TV box is really nice and the (fibre) broadband is pretty good too. Freeview + another ISP + another phone provider = cheaper monthly payments for me anyway so good riddance.
They are saying this attack was sustained. In which case how was the data stolen?
It looks to me like they were distracted by a DDoS, that is the sustained bit. Instead of pulling the servers, they were focused on that and missed the penetration. They handled it badly.
On another note. How do you DDoS a frikin ISP.
"they were distracted by a DDoS, that is the sustained bit. Instead of pulling the servers, they were focused on that and missed the penetration"
Wasn't that exactly what happened in one of the the big Sony breaches, where the perps used a DDOS to hide the exfiltration of TBs of data?
Can't imagine even 4 million sets of customer details would be within a few orders of magnitude of that size, though...
Pure speculation, but sending billions of password requests would look like a DDos. And once in a while, one would succeed and the crims would get the user's data. You'd need some poor web design -- e.g. a broken nonce and a system that makes it easy to enumerate users (say nearly sequential account numbers.) Throw in some verbose logging so that the logs hit a quota and most of what's happened is overwritten or not written, because the log is full. It's a line through all the data points.
Encryption is not a magic, all securing operation - it doesn't mean that data retrieved from the database is automatically rendered unusable. If the data was encrypted at database server or OS level (which is fine under PCI DSS), and there was an application exploit used to extract it (say SQL injection), then the database and OS would dutifully decrypt the data for the application's use, therefore the security flaw would mean the hacker gets the decrypted data anyway.
The focus should be on application security rather than on encryption. It is possible to encrypt database rows and columns using a key from the application server. However, again as the application server needs to encrypt/decrypt per query, a SQLi attack will probably succeed. It is possible, although very difficult in practise, to implement row encryption in a web application. Complexity is the enemy of security - keep things simple and concentrate on security testing and plugging those vulnerabilities rather than adding unnecessary encryption to stored data.
What's going on there? At which point is there going to be customer backlash?
February 2015:
http://www.itgovernance.co.uk/blog/fraud-risk-for-thousands-of-talktalk-customers-following-data-breach-some-have-already-lost-thousands-of-pounds/
August 2015:
http://geekpower.co.uk/2015/08/carphone-warehouse-talktalk-leak-2-4-million-customers-details/
If their description is in any way accurate, its possible that someone was just brute-forcing the user account population against known potential candidates. Anyone know what data would be visible if you logged in as yourself? Not that we should be treating this stuff as secret in this day and age...
Hi,
Here is the actual e-mail e-mailed to me this morning but only to one of the accounts I have with them:-
Dear Mr Michael Wood,
We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:
• Names
• Addresses
• Date of birth
• Phone numbers
• Email addresses
• TalkTalk account information
• Credit card details and/or bank details
We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.
We would like to reassure you that we take any threat to the security of our customers’ data very seriously. We constantly review and update our systems to make sure they are as secure as possible and we’re taking all the necessary steps to understand this incident and to protect as best we can against similar attacks in future. Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent.
What we are doing:
• We are contacting all our customers straight away to let them know what has happened and we will keep you up to date as we learn more.
• We have taken all necessary measures to make our website secure again following the attack.
• Together with cyber crime experts and the Metropolitan Police, we’re completing a thorough investigation.
• We have contacted the Information Commissioner’s Office.
• We’ve contacted the major banks, and they will be monitoring for any suspicious activity on our customers’ accounts.
• We are looking to organise a year’s free credit monitoring for all of our customers and will be in touch on this in due course.
What you can do:
• Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via http://www.actionfraud.police.uk
• If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
• Change the password for your TalkTalk account and any other accounts that use the same password.
• Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax. Noddle also allows free access to your credit report for life.
Please be aware, TalkTalk will NEVER call customers and ask you to provide bank details unless we have already had specific permission from you to do so.
TalkTalk will also NEVER:
• Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
• Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk and agreed a call back for this to take place.
• Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.
We understand this will be concerning and frustrating, and we want to reassure you that we are continuing to take every action possible to keep your information safe. If you have any questions, please visit http://help2.talktalk.co.uk/oct22incident for more information, or you can call us on 0800 083 2710 or 0141 230 0707.
Yours sincerely,
Tristia Harrison
Managing Director, Consumer
TalkTalk Telecom Limited, 11 Evesham Street, London W11 4AR. Registered in England & Wales No. 4633015
"Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security."
Which implies totally insecure practice of storing password in plain text or at best encrypted but can be easily decrypted internally (and so is not really much better than plaintext).
Not that hashed passwords are safe, but at least more effort is required (and if using salts can be quite secure, esp if salts stored elsewhere so a theft of user "credentials" data needs breach of 2 systems)
It's exactly the same at plus.net, I raised a complaint pointing out that there password security was attrocious. One of the highlights of the response was this:
"Thank you for your further response, in regards to a question where you asked what is stopping our staff accessing you details and taking them out of the office. We are a paperless company so sensitive information cannot be written down. And all of our systems are monitored to prevent situation of fraud occurring.
In regards to asking for a password we are only allowed to ask for specific letters from your password. A password is between 8 and 16 characters in length and depending on what you use to make up your password indicates its strength, requesting two random characters would not decrease the strength of the password.
Then there is the fact that our chat services are very secure and only you and plusnet can view what you have written. The reason why we ask for part of your password is because it is the most secure piece of information that only you and Plusnet would know, rather than address, phone numbers, etc."
>>"Thank you for your further response, in regards to a question where you asked what is stopping our staff accessing you details and taking them out of the office. We are a paperless company so sensitive information cannot be written down. And all of our systems are monitored to prevent situation of fraud occurring."
What? Do they have monitors walking up and down between the desks ensuring that there is no paper present and no pens or pencils? I don't believe that response for a moment. Surely they must have been laughing when they wrote that response.
"We are a paperless company so sensitive information cannot be written down"
Holy crap!
Presumably any follow up questions would be answered with 'we do not allow cameraphones in the office and have strict policies against our employees from remembering stuff'
"We will only ever ask for two digits from it to protect your security."
Which implies totally insecure practice of storing password in plain text"
Not necessarily. Each digit/letter could be hashed and salted independently; it would enable this sort of check without saving anything in plaintext or decryptable format. Now as for the odds that TalkTalk indeed did this...
...unfortunately there is a chance that some of the following data may have been accessed:
• Names
• Addresses
• Date of birth
• Phone numbers
• Email addresses
• TalkTalk account information
• Credit card details and/or bank details
WTF do they need your date of birth?
+1
DoB probably has to do with minors and things they can/can not do.
However, what about:
- not asking for DoB for that purpose and asking for a Month/Year of birth instead? I made the same remark on my last census survey - month is plenty specific enough.
- how about everybody else clueing in that DoB is a lousy way to confirm identity, just like your mother's maiden name? Yes, it might have been usefully obscure information 30-40 years ago but now we have all sorts of basic info leaks and searchable genealogical databases can show up some pretty obscure family stuff as well. You shouldn't be getting penalized because some nimwits insist on issuing a CC with only cursory checks.
I got that email too. In HTML only - no seperate text-only part - with plenty of 'remote images' and clickable links, all to http:// URLs not https:// so anyone who's looking at their web traffic will now be able to collect even more information about their customers. (Not from me of course - my email client extracts plain text from HTML and ignores the rest).
TalkTalk only provide my landline telephone service, using BT infrastructure not 'LLU' - they aren't my ISP and never have been. Looks as though I'll be changing telco sometime soon ...
"TalkTalk will also NEVER:
• Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems."
'For your convenience we hold these details, in an unencrypted form, on a database that is probably on the same server as our http website.'
Interview on the radio over lunchtime had the MD mentioning about an SQL injection attack.
If thats the case, it doesn't matter if the database was encrypted or not (note, encrypted, not hashed). If you can get a direct line to run queries, then unless the data is hashed as well (rendering it pretty much useless for anything other than confirming details like a password or username, unless I've missed a trick there) they've pretty much got the keys to the kingdom.
Also, if true then what sort of trained gibbon do they have running their IT to fall prey to the most basic of basic attacks? Secondly, data siloing, ever heard of it?
SQL injection may be old hat, but it is an example of weak validation of input data (see also XSS). If your site contains many thousands of web pages, the chances that there will be examples of such errors are rather high - in my experience it's unusual for a web application vulnerability assessment not to turn up multiple occurrences, whether they have the potential to be a major or a minor breach is largely down to luck.
It might be a distributed brute force attack. The sudden deluge of traffic would (prima facie) suggest a DDoS attack, so the fact data was being leaked wouldn't necessarily be observed if the sys admins are running around like crazy to try to deal withthe problem they *think* is happening. In any case, customer data was not protected as it should have been.
TalkTalk are completely incompetent, and this news doesn't surprise me in the slightest. Recently, I've been migrating my Mum's email away from TalkTalk as a.) they're useless at spam filtering, and b.) Emails are taking up to 24 hours to rattle through their systems. Looking at the SMTP headers, mails just seem to disappear into a black hole for up to a day. If their mail infrastructure is anything to go by, a "DDoS" attack may have just been a few script kiddies reloading their home page and crashing the ZX Spectrum it's probably hosted on. Oh, and if you try and leave them, expect to still be billed and threatened with baliffs for months after you cancel your contract.
Registered specifically to endorse your statement.
Hassled several times a day from some arseholes in the Philipines who did not even have reference to the UK credit control converations that had the process on hold while they verifies that Idid not owe money.
Statements from TT in the post threatening action had no registered company name and adresss, onlt the tradign name that I traced on the web. Companies House sadi I could report it to "technical offenses" - they should be chopping the legs off major companies deliberately doing this so that you have to go through their offshore call centres.
Strangely the only decent people in the process were the debt recovery agency.
...the credit card companies and the ICO make a true example of them and hit them with maximum fines. That would really put the pressure on them and hopefully see a few heads roll at the top.
But of course, the ICO are likely to say "We've had a word with them and they said they won't do it again".
Talk Talk's CEO Dido Harding on Newsnight last night appeared to be spouting this sustained DDoS had led to data being stolen nonsense. I just put it down to her not having a clue, having not had things properly explained to her, or simply confused. It certainly looked like Talk Talk were in a state of panic. At one point I could have sworn I heard her suggest all customer data had been taken..
This post has been deleted by its author
Don't know if it this is related but our spam filters have picked up a batch of spam/malware emails all being sent from several different @talktalk.net email addresses to what appears to be a list of emails in address books.
Could just be a co-incidence or someone may already be exploiting the stolen data.
My Dad is with TalkTalk, and several weeks ago they sent him an e-mail offering F-Secure "SuperSafe Boost" for "a tiny £2 a month". He did not take up the offer.
Then, just over a week ago he received an (unsolicited) e-mail directly from safeavenue@f-secure.com (confirmed by the headers and not just the "From:" address) , greeting him by name and offering what looks like a free 8-seat licence for "F-SECURE SAFE!".
So if TalkTalk have passed on his e-mail address and name to a third party, what else have they given away without permission?
mb
Interestingly my parents are with Talk Talk through them having first signed up with Homechoice, which was in turn bought by Tiscali, which was bought by Talk Talk. They still have a Homechoice email address and I've warned them to be on the lookout for odd bank transactions and to change passwords etc.
However a long while ago I had the misfortune to have to contact Talk Talk customer technical support because the broadband was dead and I was getting complaints. I had already identified that the cable (they live somewhere rural with a telegraph pole supplying their landline/BB) from the pole to the house had suffered a direct hit from something (we thought a lorry) and was no longer connected to the house. I started the phone call informing the support bloke of this and asking for a BTOpenreach engineer to visit and fix it. When asked if there was an email address that they could be contacted on that didn't rely on their broadband being functional I said yes dodderyoldfolk1922andabit@Homechoice.co.uk which is available on their smart phones.
Bloke: "No you mean @talktalk.net don't you"
Me: "It's what I just said it was and I can spell it out phonetically if you need it."
Bloke: "You might want to switch to a Talk Talk email address you know"
Me: "Why?"
Bloke: "Well that domain's quite old you know"
Me:"So are my parents, and that's why we don't change things if at all possible. What does the age of the domain of the email address have to do with anything anyway?"
Bloke: "Well you know.......it might get switched off due to its age. We can't support everything indefinitely."
Me: "How long have you worked in this job"
Bloke: "A while"
Me: "Do you have any qualifications in anything IT related?"
Bloke: "I'm not sure I'm allowed to answer questions like that"
Me: "Okay, can Talk Talk not afford to keep the payments up on the homechoice.co.uk domain? It's not really that expensive is it? My domain name is a .com and only costs ~£10 a year."
Bloke: "I can't comment on the company or finances"
Me: "Okay then, any news on when you can get BTOpenreach to send someone round to look at the external cable?"
Bloke: "We have yet to determine where the fault has occurred"
Me: "Well the first step I would have thought would be to reconnect the landline through which the broadband reaches them wouldn't you? Would you like a picture of the cable hanging down from a telegraph pole to confirm it?"
Bloke: "................We'll send details of the first appointment available in an email to that address"
Me: "Thank you, I have to go now my head hurts".
I've not been able to get anywhere with Talktalk since their August hack of my data. So today I went to report my concern at the website of the Information Commissioner's Office.
1st question - Have you contacted the organisation? Yes.
2nd question - Have you received a full response? No.
At this point, the form terminates and I am advised to contact Talktalk. I phoned the ICO for advice and the telephonist told me they always advise that people should answer "yes" to Q2, even though the truth is "No", in order to be able to continue with the form!
What chaos!
This from a "communications" company:
Mrs Harding (from Talk Talk) added: "I know it feels like a very long time but at Wednesday lunchtime all we knew was that our website was running very slowly, that our email system was running slowly, and that is usually an indication that someone is trying to bombard your systems to get in. So we took the decision to bring down our systems right away, we then spent the next 24 hours trying to work out exactly how someone had got in and what data they had accessed.
FFS, put someone in front of the microphone who knows what they are talking about.
"...but at Wednesday lunchtime all we knew was that our website was running very slowly, that our email system was running slowly, and that is usually an indication that someone is trying to bombard your systems to get in."
They knew that the email system was running slowly on Tuesday afternoon, as I had a ticket open with them about it and the engineers were looking at it. Could that be related? (And my email was back up to speed on Wednesday...)
As usual from ANY telco (yes even your impervious saintly one) it's all just vile bullshit.
Love the latest update to thier posting about it.. Basically it says latest update 2pm.. and the update consisted of updating the timestamp from 11am to 2pm..
Fuck em all...
Just had my email from TalkTalk business which has confirmed that they-re also affected. Unfortunately they've just copy pasted the email they sent to their residential customers, offering the same hopeless advice.
Free credit checking services like Noddle don't allow you to monitor your businesses credit file so don't help. Its TalkTalks incompetence that has allowed this to happen therefore I want to know how they plan to implement my ability for me to monitor my businesses credit file without incurring additional cost.
Like others I also want to know if I can cancel my contract without penalty as I no longer trust their competence. I also want to know how I can go about getting my details deleted from their systems permanently.
Okay, a few months ago there was a breach at Carphone Warehouse (okay, Dixons Carphone), and my personal data was compromised. Now there is this one at TalkTalk, and my personal data has been compromised again.
CPW and Talktalk are separate companies, but they used to be the same company and one was spun off the other. I suspect they use a lot of the same systems, and share a lot of common code for their customer systems and/or websites. (To add to the complications, both companies are the product of a lot of mergers / acquisitions, so there are probably lots of barely compatible things lashed together as well).
I wonder if it is possible that both data breaches came from exploiting the same/similar weaknesses. It wouldn't surprise me at all if they did.
In this episode, Miss Marple investigates stolen data from a big company in Sometown. It is only when the super sleuth asks exactly when the attack took place, that she discovers the ddos started an hour after the data loss was discovered and a huge shitstorm ensues.
Stars Grayson Perry
Should be on BBC3 next week....
She might like to be called Dido (dildo?) Harding but she is Baroness Harding of Winscombe
Privileged education, privileged contacts, privileged position.
And when asked by the BBC whether compromised customers could leave without penalty she fudged her answer.
I feel blessed to have been born in a position where I can at least reach 1 rung up the ladder, and I work very hard to make sure that each responsibility I'm given, I treat as important as my own being. Some may think I'm mad, but if this person had ethics anywhere close to those, this would never had happened.
I have many failings too!
Which seems to be the course de jour for heads of MI5 and MI6
Hmm.
But basically learning how to write essays to prove (convincingly) that White is Black and vice versa, or why grinding the faces of the poor is essential to their (long term) economic well being.
Useless in any real work environment but quite handy for certain kinds of companies and the civil service.
You may (probably are) talking complete b**locks, but you will sound convincing with it.
Wouldn't be be handy if there were a collated list of all graduates of PPE course in the UK you could refer too?
"She studied Philosophy, Politics and Economics. Not sure how that qualifies her to run a telecoms company."
PPE is more usually a qualification for people who think they're entitled (cf qualfied) to run the *country*, not just run one of the consistently poorest-performing (in CS terms) telcos on the market.
This is a little bit boring. Honestly you would have thought lessons were learnt from other large companies losing customer data. There were lots of signs before this happened i.e. an increase in the number of fake talktalk phishing calls customers were receiving (yes I was one of them).
Now I have yet another company telling me my data has been lost to who knows who. Would be nice if they could lose a license to ISP or something. Then have to go through a stringent set of checks before they were allowed to ISP again - footing the bill to transfer their customers to other more competent ISPs until they were relicensed. This would definitely put these companies off skimping on security! Probably only get a small fine which isn't much of an incentive for not stopping this kind of thing in the future.
On the plus side the phishing call I received did amused me:
Scamguy: Hello this is talktalk there is a problem with your router
Me: Sorry that's absolute rubbish, let’s start again, you say you are from talktalk yes?
Scamguy: You are stupid <hangs up>
(Yes I phoned talktalk to check it wasn't them)
Having actually read the PCI-DSS standards I find it hard to believe that everyone who stores card data actually complies. Hole in the wall outfits will often store such data in Word or Excel files or on bits of paper and larger outfits will store them in proper systems but without encryption. Doubt many chief execs or even information officers even know what PCI-DSS is.
I think people sometimes forget that many of these consumer telcos are just brands. They're plugging off-the-shelf routers, servers, voice switches together or even buying in the services from other companies and they're using BT OpenReach in the UK or OpenEir here in Ireland or other equivalents elsewhere to provide their access networks to actually reach end users.
Most of them outsource their IT, outsource network maintenance to vendors etc then they go as far as outsourcing their customer contact centres too.
I'd be surprised if they have much IT ability internally. They're basically just marketing and retail operations.
Looking at what has happened here and given that the CEO of a major ISP didn't appear to really know what 'encrypted' even means never mind whether customer data actually was the police should be investigating TalkTalk for criminal negligence.
Dido is trying to make out she (they) are really sorry but these are really nasty criminals when in fact she is clueless about what happened and how. And isn't this the same lady who was nuzzling up to Claire what's her face when all the porn filter stuff was all the news. Christ she can't keep her own company safe online never mind my child. She needs to go - quickly.
It could have been some Jihadists in Russia or it could have been a script kiddy in their bedroom by the looks of things.
Truly disgraceful operation
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
