COMPUTERS, THE AGONY AND THE ECSTASY

[PanBiker]

No access yet to the account settings on TalkTalk, only the AOL front end of the site working, webmail is up though. Checked on the email account that my account is registered with and there is no communication from them yet.

[Stanley]

The Talktalk site is still down. I got their email yesterday but no movement since then. Email and broadband working OK so far.

[Pluggy]

Note to self, stay with EE......

[PanBiker]

One would assume that as and when Talk Talk get their act together and return account access back to their customers the security and firewall regime should be state of the art. Meanwhile customers bank accounts are already being fleeced. No real point in jumping ship as there is no guarantee that all your details would be purged from their systems anyway. I would like access to my account sooner than later though. Fourth day since the hack and counting.

[Tizer]

I see the Institute of Directors is demanding that something should be done about all these nasty people who attack their companies. Isn't it up to the directors themselves to do the `something', like getting effective protection? I get the feeling they are people who would go for a holiday in the Amazon jungle, not take anti-malaria meds, catch malaria and then blame it on the Brazilian government for `not doing something about it'. In the early 1990s I was a technical journalist for a big publisher and the next office on the corridor housed the editors of several weekly and monthly publications on computer security aimed at large companies and other organisations. One of my publications was on safety and security in the food industry and we shared stories at tea break or over beers in the pub. They were getting somewhere then, managing to convince companies of the dangers, but ever since then the tide has turned. Companies laid off technical staff and the accountants took over. They didn't understand the techie stuff and subscriptions declined. So it's no real surprise that we're were we are.

[Moh]

It said on the news that ex. customers' details could be also taken.

[PanBiker]

From a security point of view, and though a good idea to change your account password it is somewhat irrelevant in this particular circumstance and shutting the stable door after the horse has bolted. Surely all the information the hackers want will already have been skimmed off from the data stolen. Changing the TalkTalk account password has absolutely nothing to do with my direct debit information they hold for paying them. Can't do anything about that apart from check the statements.

I know from experience that old and out of date (expired) information can come back to bite you. I was convicted of speeding when I was 17 years old (34mph). I paid the fine and took the points, the endorsement and points were expunged from my licence three years later. Twenty Five years after that I was accused of being a "habitual speed merchant" by a local traffic officer when involved in a RTA. I had to rely on dozens of witnesses to support the fact that I was not speeding. He had simply checked the PNC and lo and behold I became a marked man as a result of my teenage transgression.

[PanBiker]

The message on the TalkTalk site has been updated the text now reads as follows:

"We are working to restore My Account as quickly as possible. You don't need to change your password until My Account is restored. As soon as it is, we'll explain how to do it.

On Wednesday 21st October, we experienced an attack to our website.

A formal investigation by the Metropolitan Police Cyber Crime Unit is under way. The latest update of our investigation as at 15:30 on 24/10/2015 is as follows:

This cyber attack was on our website, not our core systems

We can confirm that we do not store complete credit card details on the website; any credit card details that may have been accessed had a series of numbers hidden and therefore are not usable for financial transactions eg 012345xxxxxx 6789

TalkTalk My Account passwords have not been accessed

We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account

The Metropolitan Police Cyber Crime Unit criminal investigation continues"

[PanBiker]

Further what to do information:

All customers should:

Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all TalkTalk customers

Change your passwords - While TalkTalk My Account passwords have not been accessed, it would be prudent to change your TalkTalk password once this service is back up and running, and any other accounts that use the same password. We will update as soon as services are restored

Report anything suspicious – Keep an eye on your bank account and report anything unusual to your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and can be reached on 0300 123 2040 or via http://www.actionfraud.police.uk

Stay vigilant - TalkTalk will NEVER call customers and ask you to provide personal details or passwords. Please take all steps to check the true identity of any organisation that calls requesting for personal information. You can call us on 0800 083 2710 or 0141 230 0707.

[Stanley]

I've read the latest Talktalk email very carefully and it reads very well but hasn't altered my view of all 'online security'. As I confessed a while ago the scammers almost got me with that phone call but Firefox and the fact I was on Ubuntu saved me from a genuine attempt to a) take over my computer and b) access any bank information I had on the system. Actually they would have been on a sticky wicket even if they had succeeded because I refuse to deal with my bank online. I do it by old fashioned letter. The reason I nearly fell for the scam was that they were very clever and persuaded me that they were worth listening to and broke my own rule about ignoring all cold calls and emails. I thought I was a hard case but let my guard drop. In that respect the narrow escape was a good thing. This is the scam that news reports have been using as the scare story about accounts being emptied because it actually has happened, I rang Talktalk myself (not immediately after the cold call because I am aware of the fact they can capture your telephone line) and they told me that this was happening. The information the scammers had which they used to convince you was gleaned from previous attacks. I am an even harder case now!
I agree with Ian that one good thing about this attack is that Talktalk should have the most secure system of any ISP now! By the way, their site is still not online, hopefully they are busy installing state of the art security....
{By the way again.... Thanks to Firefox, they had the scammers dead to rights and refused to access their site}

[plaques]

This happened to my pal who had recently moved from TalkTalk to Plusnet .
Caller (Male), "I'm a TalkTalk engineer."
Pal, "sod off"
Caller, more adamantly , "I'M A TALKTALK ENGINEER".
Pal, equally as adamant "SOD OFF". Ends call.

Three days later a young lady with a foreign accent calls.
Caller, "I'm from TalkTalk, we think your computer is giving network problems could you please switch it on for me".
Pal " Do you think I'm stupid? Please go away" ends call.

He always did have a soft spot for young ladies.

[Tizer]

I agree with Ian that one good thing about this attack is that Talktalk should have the most secure system of any ISP now!

Analogous to our situation here with regard to flooding - so much work has been done (and still more in progress) that we should be less at risk rather than more in the future.

[Tripps]

I still think you have to be a bit dim to lose money from these scams. You give your 'bank details' - sort code and account - number every time you give someone a cheque - that doesn't mean they can empty the account. Your date of birth, and mother's maiden name can usually be found on the internet.
I've been looking at the CEO of Talktalk. Dido Harding (very Mitford), her actual name is Diana Mary. She is one of the chosen ones; PPE at Oxford followed by apprenticeship with McKinsey (ask Stanley). Later worked for Thomas Cook - I think they have survived a crisis, Woolworths, who sank without trace carrying 3457 of my shares , then Tesco who are currently trying to recover from many problems. After all that she is made a Baroness, and is paid about a million a year.
This doesn't look as if it will end well. Talktalk

[Stanley]

I don't think I'm dim but they nearly got me! Mind you getting access to my computer wouldn't have done them any good, no bank or financial details on there....
I'm signed up for a free year of credit reporting with Noddle but the code the lady gives for free credit alerts doesn't work..... Talktalk site still down....
The world is run by ex PPE and McKinsey people....

On a completely different matter.... (And this time good news!) My friend John Burlison recently bought a collection of 35mm transparencies and gave me two of them. He sent me pics but they were poor quality because he had to project them on the wall and then photograph them. I wanted to give him good images of them so I have just been upstairs, fired the old IBM up and the Nikon2 scanner that I bought so long ago I can't remember how long, at least twenty years. I remember it cost me £600 and at the time I wondered whether I had done the right thing. I haven't used it for years, it's just been sat there next to the Aptiva. I popped them in and scanned them to a pen drive. Absolutely no problem (apart from being soooooo slow!) You'd think it had been bought and installed yesterday! Some peripherals are better than others.....

[PanBiker]

I'm signed up for a free year of credit reporting with Noddle but the code the lady gives for free credit alerts doesn't work.....

I registered yesterday and the code worked for me Stanley, if you read the step by step it says you should retry the link if it fails. The code is for an add on alerting service on top of the free credit rating service so you can re-select this once you are logged in.

The service tells me that I'm a good bet for any of 54 different credit cards if I was in the market, I already have one so I don't need another.

[plaques]

I think the main purpose of signing up is that they alert you if a new credit card is raised in your name. Identity theft and all that.

[Stanley]

I tried the code again this morning but it still doesn't work. Talktalk site still AWOL.

[Tizer]

TalkTalk customers who no longer trust the company and who want to follow the government's recommendations to switch when dissatisfied are faced with a bill of over £200. I know they agreed to the fine print in the T&Cs but it seems unfair when TalkTalk has done them such a disservice. Perhaps customers should have their own T&Cs in fine print which companies have to read and agree to when taking them on as customers? After all, a contract should work both ways, for both parties.

[PanBiker]

Should really be in the good TV thread but we have today instigated a tip picked up from a documentary last night regarding cold calls and how the call centers get hold of your data and use it. It's very similar to the two way contract that should exist as mentioned by Tizer above.

We had an unsolicited call today from Martin at Energy Plus who wanted to avail us of replacement double glazing. Sally asked him to remove our name from their database as we are not interested, she added the caveat that if they called us again we would note the fact that they have breached our request and send them a bill for our time which we charge at £10.00 per minute. There was guy on the program last night that uses this tack all the time, he warns once and then bills on any follow up calls. He has successfully recovered accounts rendered to a number of companies using call centers to generate and chase potential business. He has had no problem in getting the courts to support his claims, seems like a good idea.

[Tizer]

If you look at the price that companies pay each other for data then £10 a hour minute would seem cheap to them. Even just knowing that a phone number is `live' is worth extra. Watch out if you make a claim that you don't end up giving away more of your information. They might offer to pay the money direct into your bank account by electronic transfer!

[PanBiker]

£10.00 per minute Tiz. The guy successfully recovered invoices to various companies and call centers for £300, £200 and one for £2000 from a call center who breached the TPS register rules.

[Tizer]

Thanks for the correction, I read it as per minute but got it wrong in my post.
The BT engineer comes on Friday to set up our new fibre connection which I arranged through Plusnet (PN) 11 days ago. I was told by PN that they would send the router to me rather than it coming with the engineer. It hasn't arrived so I posted a comment in the PN forums. About 20 minutes later I got a reply from Matthew Wheeler at PN: "It looks like the agent didn't add it to your account. I've fed this back and ordered it for you now. It should be there by Friday." I've replied with: "It's a good job I asked then! I imagine the BT man would have had some choice words for the agent if he'd arrived to find no router. Perhaps Plusnet shouldn't rely on the agent getting it right (whoever the agent is) and needs to set up an automated check a fixed number of days before the BT appointment?" But I did thank PN for the quick reply to my post!

[Stanley]

I think you'll like the fibre Tiz....
Talktalk site still AWOL. Noddle continues to reject the code for free alerts.

[PanBiker]

Just a thought Stanley are you trying the code when logged on and in the alerts service? Mine went in straight away after I had completed the registration, activated the account from the email sent and then logged on.

[Tizer]

One of our friends collects old cine projectors and dabbles with other electrical things. He recommended `Screwfix Electrical Cleaner - Fast drying precision cleaner' in an aerosol can for keeping things freed up. I looked on the Screwfix web site but can't find it. Anyone heard of it?