Talk Talk...

Post Reply
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#1 Talk Talk...

Post by jack »

Being somewhat involved in the security world, I don't buy for a minute Talk Talk's wheedling on this matter - its obviously driven by their PR advisors, but a denial-of-service attack does not compromise data.

Reading though their statements on their website, there's not a definitive statement anywhere - basically they don't really have a clue what happened, when it started, what was taken or anything else.

Shoddy (in the non-ironic sense of the word :) )
Vivitur ingenio, caetera mortis erunt
simon
Thermionic Monk Status
Posts: 5600
Joined: Thu May 24, 2007 11:22 am
Location: People's Republic of South Yorkshire

#2 Re: Talk Talk...

Post by simon »

That's an enlightening perspective Nick. Most of us average Joes don't understand the intracacies of the IT security world but trust we're safe with the companies we give money to. Incidents like this just remind us just how precarious our privacy is.

At a meeting yesterday a colleague was talking about street lighting that can be controlled remotely - auto dimming, manual switch off and switch on etc. - all from the comfort of an office chair. I asked how secure this is, thinking of parallels which I won't go in to on an open forum, and the response surprised me. They use Amazon servers in Ireland apparently.

I didn't know Amazon offered such a service, but as I thought about it I figured that companies like Amazon and ebay and Sky probably have extraordinary security. Or not. And we the general public just have trust as we really don't have any idea whether any business is really that secure.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#3 Re: Talk Talk...

Post by jack »

There was an "interesting" white-hat conference paper a few years ago about hacking into people's pacemakers - until then, no-one had considered the possibility that a malicious user would want to do that sort of thing =- basically, the link between the external (outside of the body) control unit and the embedded pacemaker was by a NFC link that either had no or at best very weak security, the net result was that it was demonstrably possible to remotely kill someone with a pacemaker whatever personal security they had in place... (*)

There are some "lovely" (from a cunning and technical, not legal, perspective) hacks out there - some by researchers and then just occasionally by the black-hat community - I've been to some "invitation-only" government-run sessions where some extraordinarily clever stuff has been shown in real-time.

Quite scary, really...

(*) Modern pacemakers are very clever - they record a person's activity and can upload that to an external computer - as a result of analysing that data, a medic can then change the behaviour of the pacemaker, essentially re-programmings how it responds to changes in the body's real-time situation- it's this process that was subverted by the hackers.
Vivitur ingenio, caetera mortis erunt
User avatar
Paul Barker
Social Sevices have been notified
Posts: 8867
Joined: Mon May 21, 2007 9:42 pm

#4 Re: Talk Talk...

Post by Paul Barker »

jack wrote:There was an "interesting" white-hat conference paper a few years ago about hacking into people's pacemakers - until then, no-one had considered the possibility that a malicious user would want to do that sort of thing =- basically, the link between the external (outside of the body) control unit and the embedded pacemaker was by a NFC link that either had no or at best very weak security, the net result was that it was demonstrably possible to remotely kill someone with a pacemaker whatever personal security they had in place... (*)

There are some "lovely" (from a cunning and technical, not legal, perspective) hacks out there - some by researchers and then just occasionally by the black-hat community - I've been to some "invitation-only" government-run sessions where some extraordinarily clever stuff has been shown in real-time.

Quite scary, really...

(*) Modern pacemakers are very clever - they record a person's activity and can upload that to an external computer - as a result of analysing that data, a medic can then change the behaviour of the pacemaker, essentially re-programmings how it responds to changes in the body's real-time situation- it's this process that was subverted by the hackers.
Another gift to terrorism and Cold War enemies.
"Two things are infinite, the universe and human stupidity, and I am not yet completely sure about the universe." – Albert Einstein
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#5 Re: Talk Talk...

Post by jack »

Paul Barker wrote:Another gift to terrorism and Cold War enemies.
This exploit was closed a while back - I don't think you'll find anyone in the community openly discussing in detail any attack surface that has lethal potential.

There are plenty of zero-day attacks that all sides will keep for a rainy day - these are quite distinct from and far far nastier than the day-to-day script-kiddie stuff that the general news is so fond of...
Vivitur ingenio, caetera mortis erunt
simon
Thermionic Monk Status
Posts: 5600
Joined: Thu May 24, 2007 11:22 am
Location: People's Republic of South Yorkshire

#6 Re: Talk Talk...

Post by simon »

So, all good then!
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#7 Re: Talk Talk...

Post by jack »

simon wrote:So, all good then!
Absolutely! Trust me on this :)

The guy that originally discovered the pacemaker exploit, Barnaby Jack was discovered dead in his apartment (he was only 35) just a few days before he was going to present his paper on this subject...
Vivitur ingenio, caetera mortis erunt
simon
Thermionic Monk Status
Posts: 5600
Joined: Thu May 24, 2007 11:22 am
Location: People's Republic of South Yorkshire

#8 Re: Talk Talk...

Post by simon »

Why don't I feel relieved?
User avatar
Dave the bass
Amstrad Tower of Power
Posts: 12273
Joined: Tue May 22, 2007 4:36 pm
Location: NW Kent, Darn Sarf innit.

#9 Re: Talk Talk...

Post by Dave the bass »

simon wrote:Why don't I feel relieved?
Here y'go Poppit, this should help.

Image
"The fat bourgeois and his doppelganger"
User avatar
Mike H
Amstrad Tower of Power
Posts: 20157
Joined: Sat Oct 04, 2008 5:38 pm
Location: The Fens
Contact:

#10 Re: Talk Talk...

Post by Mike H »

On BBC radio news today some talk-talk customers have had their bank accounts cleaned out.
 
"No matter how fast light travels it finds that the darkness has always got there first, and is waiting for it."
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#11 Re: Talk Talk...

Post by pre65 »

Mike H wrote:On BBC radio news today some talk-talk customers have had their bank accounts cleaned out.
But possibly not as a result of this last security breach.

http://www.bbc.co.uk/news/uk-34627541
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
Mike H
Amstrad Tower of Power
Posts: 20157
Joined: Sat Oct 04, 2008 5:38 pm
Location: The Fens
Contact:

#12 Re: Talk Talk...

Post by Mike H »

Oh right so the radio news item was 'incomplete' :roll:
 
"No matter how fast light travels it finds that the darkness has always got there first, and is waiting for it."
Post Reply