TalkTalk hack: Boy, 15, arrested in Northern Ireland over attack
 

TalkTalk hack: Boy, 15, arrested in Northern Ireland over attack.

A bright 15 year old or a lot of dumb people protecting valuable date?

Brilliant....If a boy of 15 can hack this database imagine what full blown terrorist organisation can do.

SQL injection... come on talk talk :)

I was going to say, what the fuck is TalkTalk? Another useless "innovative" phone application to replace Whatsapp, Telegram, Viber, etc, etc, etc, etc, etc, Line (wtf?), etc, etc, etc, etc, etc, etc, just fucking stop it already

But fine, it's an ISP, not a mobile app. :thumbsup

I don't fuck with you
You little stupid ass bitch I ain't fuckin' with you
You little dumb ass bitch I ain't fuckin' with you
I got a million trillion things I'd rather fuckin' do
Than to be fuckin' with you
Little stupid ass, I don't give a fuck
I don't give a fuck, I don't I don't I don't give a fuck
Bitch I don't give a fuck about you or anything that you do
Don't give a fuck about you or anything that you do

I just got a letter from Experian, the largest credit reporting database, telling me that my data stored there with regard to a T-mobile account had been hacked and personally identifying information, including encrypted data with regard to that T-mobile account, may be subject to exploit in the wild now -- possible identity theft.

So, ISPs are not the only ones that are brain dead. Experian was not using securely stored encryption keys obviously if the hackers got at them and decrypted data.

A teenaged hacker broke into the US Pentegon's military database years ago -- age has nothing to do with it. It is all about poorly designed security :2 cents:

One would think that there would be an extremely high level of security to such info. Taking everything that isn't essential to the customers away from servers that can be accessed from the outside.

Also why not have this sensitive info only accessible after the person trying to access it has been verified? Phone call, email to the one on file for instance.

https://www.owasp.org/index.php/Cryp...ge_Cheat_Sheet
https://www.owasp.org/index.php/Cryp...in_a_key_vault
3 Critical Best Practices for Encryption Key Management on the IBM i

It is a bit more sophisticated than that.

Our encryption keys are under lock and key ( in an undisclosed location -- of course ) with very limited personnel access. No encryption keys are kept on any server for our secured PCI-DSS data. So, unless you access the right place armed and dangerous and with a safecracker you are shit-out-of-luck.

Internet access has nothing to do with it either -- local networks can be breached. So, if any encryption keys are kept on network servers they are vulnerable. The data I refer to above could have only be stolen in a useless encrypted format if the security was handled correctly.

Email, SMS or telephone is mickey mouse feel good security.

My bank uses multiple security authorizations and authentications but they are not PCI-DSS compliant 100% with public facing internet banking -- no bank is that allows DMZ access -- period. So other protocols of secure servlets and and authentications are used to mitigate risk.