Further confusion at TalkTalk claims it was hit by 'sequential attack' TalkTalk is continuing to confuse experts with its latest assessment of the root cause of a high profile breach on its systems last week, which may have exposed the bank details including bank information of up to four million customers. The under-fire telco is saying that it has become the victim of a “sequential attack” when …
And what "technical people" would that be then? BAe Systems?
Apart from an apparent lack of "technical people" TT don't seem to have legal advisors or PR staff either, judging from the way the CEO seems to be digging an ever deepening hole for herself and the company.
And what "technical people" would that be then? BAe Systems?
I have no idea whether they have any, or where they might get some from. But if and when they do, they are going to need a shitload of tea.
In all seriousness, these public statements aren't really helping. And yes, I think we are all agreed that SQL injection attacks should be historical curiosities in 2015.
To be honest, what can we expect when we have someone with a degree in PPE from Oxford running a major ISP? It's not like they are short of career opportunities is it? They run pretty much everything else FFS.
Havent read the paywalled article but its entirely possible that Sequential refers to a pair of attacks a DDOS + SQL Injection attack at different points possibly even different attackers. But there's so much FUD being spouted by Talk Talk that its impossible to say either both at this point.
Whats clear is every statement that they make at a technical level is utterly suspect due to their complete inability to communicate at a level a GCSE Computing student could manage.
If anyone knows a Detica guy - I'd book a few pints with them in 2 weeks time and on the 5th pint say "Hypothetically speaking,........."
This post has been deleted by its author
I'm wonder if they had each customer's data in a separate text file on their unsecured server. The attackers may then have sequentially downloaded the files too quickly, resulting in a denial of service for other attackers and in only some customer data being taken, rather than all of it.
Technically literate people do themselves and no one a service by constantly coming up with acronyms and aphorisms to obfuscate processes and terms that are already hard for lay people to understand. SQL Server becomes Sequel Server; MySQL becomes MySequel and the poor, newly hired pointy haired boss has no idea what you're talking about. Say what you mean and mean what you say. How hard is that?
Many people in the biz called it 'sequel' I think they are all ex mainframe/mini bods that did in my experience,
Still Dildo hardup has committed the basic sin of not being properly briefed by her staff the BOFH.
Or perhaps she was...wouldn't be the first time the techies have put one over the beancounter-in-chief.
Technically literate people do themselves and no one a service by constantly coming up with acronyms and aphorisms to obfuscate processes and terms that are already hard for lay people to understand
And lay people do themselves and no one a service by running ISPs with millions of customers depending on them to keep their stuff secure from basic network attacks.
Science and industry is full of jargon because the concepts are often complicated and tend to have long names. Spelling everything out in full every time a) doesn't help you understand it any better and b) takes too long for those who do understand it.
No, no, I think she meant a sequel in the sense that the script kiddy had turned them over twice before, and was now going in again for a third go, but maybe getting a bit cocky having found it sooo easy the last couple of times - "Come Snaffle Our Data Please - Part 3 Yes, We're STILL Real Easy".
I presume what Harding should be saying is the Talk Talk system took a hammering which knocked the doors off their hinges and let some bastard make off with the goods.
If she had actually come out and said that I would have had more respect and sympathy for her than the mumbo-jumbo nonsense she has come out with.
I think the guys in It and security know they're going to be blamed then sacked for the board having ignored good practice in favour of profit for years so in their enforced pre interview briefings they're probably purposefully making the board look like arses.
I fully expect to see a claim now that due to a misconfiguration of a critical combobulator allows an internet valve to stay open and let the hackers steal the hard disks.
Remember that scene from the IT Crowd when Jen was showing the board "The Internet" as a little box with a red light. That's TalkTalk that its
I think the guys in It and security know they're going to be blamed then sacked for the board having ignored good practice in favour of profit for years so in their enforced pre interview briefings they're probably purposefully making the board look like arses.
Of course we don't know how the Dear Leader is seen by the peons below* her. They may have decided to take Napoleon Bonaparte's advice to "Never interrrupt your enemy when (s)he is making a mistake".
And of course they might even have evidence of being ignored when they raised concerns about infosec, in which case they may actually be enjoying what is going on.
*And her fellow C - levels for that matter...
This is the company...
...that told its customers that IPv6 used six-byte addressing on their help pages, then managed to block THEIR OWN WEB SITE with their own web filtering software.
I wish I'd kept screenshots of those blunders.
This is also the company that implemented Stalk Stalk. A system that performs 'illegal' interception of communications and DDoS attacks against the rest of the Internet.
I believe it was 'Dorfman' who stated in respect of StalkStalk..
"It is 'our' network and we will do whatever we can to protect 'our' customers."
Words to that effect since removed from the StalkStalk web site... should it ever be available again for people to change their passwords.
http://www.cio.co.uk/news/cio-career/talktalk-cto-clive-dorsman-retiring/
https://uk.linkedin.com/pub/clive-dorsman/17/b68/b42
So Clive, apart from you apparently not being employed by TalkTalk any more what was that about 'doing whatever you can to protect your customers' and how does that one gel with getting hacked and your previous employers having to come up with more excuses for their arses?
This post has been deleted by its author
This post has been deleted by its author
Clearly the press release was dictated over a cell phone.
Modern cell phones can reproduce Dark Side of the Moon in 7.1 Dolby surround sound flawlessly but are incapable of rendering human speech intelligibly to the same standard as delivered by the GPO circa 1965 over lizard-hide insulated twisted (and permanently sticky) cables between two Bakelite handsets using a voltage standard no-one can remember any more.
Digital is always better, even if you can't understand a word over the phone or watch a movie on your TV from start to finish without pixelation artifacts ruining the picture. Soon your lightbulbs will be digital too, with the consequent "improvement" in light quality that will bring. One can only dream of the wonders of digital car transportation.
Actually, my morning commute on the LIRR was fucked-up to a fare-thee-well so I have a pretty good idea what that last one will feel like.
Injection flaws - number 1 vulnerability identified by Open Web Application Security Project (OWASP):
https://www.owasp.org/index.php/Top_10_2013-Top_10
Every web developer should know this list inside out. Failing to protect against the number 1 flaw by such a large company is inexcusable.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
