Talk Talk Hacked

[Jonj1611]

Just a heads up for anyone with Talk Talk that might have missed it, seems the have been hacked and currently don't know what was exactly taken :-

http://www.bbc.co.uk/news/uk-34615226

[TheAnimus]

https://paul.reviews/value-security-avoid-talktalk/

I'd hope heads would have rolled last time, but I doubt it.

Drupal and PHP simply shouldn't be used when anything needs any kind of security, the practices both the language and platform encourage are incongruent to a safe secure software development lifecycle.

[abaxas]

Anyone who think ANY computer system is in any way secure, is a total fool.

Saying that, even an unpatched windows 2000 install is safer than old skool paper filing.

[shaithis]

Anyone who think ANY computer system is in any way secure, is a total fool.

The one next to me right now is....it's had the power cable removed

[Millennium]

Mum uses it and is worried. I've been following the news today and apparently some dumps are available now on the 'dark web'.

Good news the police are involved already though. Watch out for phone call scams, people!

[The Hand]

https://paul.reviews/value-security-avoid-talktalk/

I'd hope heads would have rolled last time, but I doubt it.

Drupal and PHP simply shouldn't be used when anything needs any kind of security, the practices both the language and platform encourage are incongruent to a safe secure software development lifecycle.

Sounds like Talk Talk had it coming judging by that link. Glad I've had no dealings with them.

[abaxas]

The one next to me right now is....it's had the power cable removed

Still vunderable to the old skool ways.

[b0redom]

@theanimus

What software stack do you recommend in preference to PHP? I'm starting to build a web app and I'm platform agnostic, but I'd prefer something that runs on Linux for cost reasons.

[malfunction]

I think he likes Java based stuff the best

(https://www.youtube.com/watch?v=moSFlvxnbgk)

[Dave_07]

Talk Talk have advised that customers change their account password. But their site is offline at the moment, so how are customers meant to change their password lol..
Even more mind boggling is the fact that their webmail section of the web site is still up and perfectly functional at the moment. Meaning intrusions into 4 million customers email accounts could be ongoing/happening right now. As all you need for the webmail login is the client email address and the password, both of which are the same as those used for the customer account.
Why leave the webmail still open.. ? Baffling.

[MrNeil]

Only lucky thing for me is that my TT account is under my wife's maiden name still after 4 years so i dont think they can get far with that !

[Splash]

Customer data stored unencrypted. Massive fine headed their way.


It's just not acceptable.

[The Hand]

There are reports that Talk Talk tried to cover up the extent of the security breach too. Some customers had their bank accounts drained and received fraudulent calls the day before Talk Talk admitted they had a problem it seems. I get the impression that Talk Talk are criminally negligent or incompetent or both.

[Dave_07]

On BBC news their technology corespondent described the holes in talk talks security as "novice like vulnerabilities". Also their stock price is down. Makes you wonder if they will be able to recover from this.

[ik9000]

On BBC news their technology corespondent described the holes in talk talks security as "novice like vulnerabilities". Also their stock price is down. Makes you wonder if they will be able to recover from this.

What do you expect? Pay peanuts, get monkeys. It was obviously going to be rubbish backend if they could charge so little for it.

[TheAnimus]

@theanimus

What software stack do you recommend in preference to PHP? I'm starting to build a web app and I'm platform agnostic, but I'd prefer something that runs on Linux for cost reasons.

Really depends on what you are doing, don't get caught up with OS as a separate part of 'costing' than the core performance. For instance I'm currently paying through the nose for my database license, but considering the requirements we've got, it's the cheapest option. When even a day of our junior dev guy costs more than 5 windows box licenses per month, people get hung up about software licensing costs and often end up wasting money. I've watched someone claim they shouldn't use commercial frameworks because it costs £150 per dev per year, that same organisation devs cost internally 150k eur per year, insanity.

Most people don't need the 'high performance' they think they do, so frameworks and languages which are slower but have more safety are often a better choice. 'General Purpose' ones I tend to like are Asp.Net MVC5, NodeJS (only ever with TS), Ruby On Rails in that order.

Depending on your tasks, you might find that C#/F# running on Windows is cheaper because of the performance benefits over running say Ruby on Linux, sure some C++ would be even cheaper but that has an order of magnitude higher dev cost. I'm not a fan of Go, D or Rust tbh. Python I've never been a fan of because of it's threading model.

Java died a decade ago for me, no reason to ever use it except for legacy, it's too limiting a language, if you have to target a JVM, consider scala, it's actually a language for the 21st century.