back to article Further confusion at TalkTalk claims it was hit by 'sequential attack'

TalkTalk is continuing to confuse experts with its latest assessment of the root cause of a high profile breach on its systems last week, which may have exposed the bank details including bank information of up to four million customers. The under-fire telco is saying that it has become the victim of a “sequential attack” when …

Anonymous Coward

Tempted to have a crack at talk talk if it wasn't illegal, it seems they have many glory holes

1
0

Was it good old

'billy tables' again?

He really gets around doesn't he!

personally I'd have select * from users.dbo

BTW I'm not a sql hacker!

7
1
Anonymous Coward

Re: Was it good old

Bobby Tables.

https://xkcd.com/327/

12
0
Anonymous Coward

Re: Was it good old

"Sequential Bobby: The Tables"

Subheading: "He Talks The Talk!"

1
0
Holmes

Glad i left Talk Talk

I always wondered where PG chimps went when the left the TV

15
0
Silver badge
Coffee/keyboard

Comment of the week

Thank you, made me smile

0
0

I think her best strategy at this stage

Would be to stop talking and make some tea for the technical people.

27
0
Silver badge

Re: I think her best strategy at this stage

And what "technical people" would that be then? BAe Systems?

Apart from an apparent lack of "technical people" TT don't seem to have legal advisors or PR staff either, judging from the way the CEO seems to be digging an ever deepening hole for herself and the company.

9
0
Anonymous Coward

Re: I think her best strategy at this stage

Sack the technical people, more like.

Preventing SQL injection is no longer a "best practice" - it's a fucking normal and essential thing to do. Why weren't these people even using prepared statements?

11
0
Anonymous Coward

Re: I think her best strategy at this stage

What "technical people" indeed - Where are talktalk's CTO and Chief Enterprise Architect? Is that why BAe Systems have been brought in, because of lack of competence and confidence in the talktalk's home team seniors?

1
0

Re: I think her best strategy at this stage

And what "technical people" would that be then? BAe Systems?

I have no idea whether they have any, or where they might get some from. But if and when they do, they are going to need a shitload of tea.

In all seriousness, these public statements aren't really helping. And yes, I think we are all agreed that SQL injection attacks should be historical curiosities in 2015.

To be honest, what can we expect when we have someone with a degree in PPE from Oxford running a major ISP? It's not like they are short of career opportunities is it? They run pretty much everything else FFS.

8
0
Bronze badge
Pirate

Re: I think her best strategy at this stage

PPE, MBA ...whatever. We're still being run by the "ruling class" in this country. If you want to change it, import some guillotines. Your face will never fit unless someone "knows your people".

2
1
Silver badge
Joke

Re: I think her best strategy at this stage

> To be honest, what can we expect when we have someone with a degree in PPE from Oxford running a major ISP?

I bet she wishes that was Personal Protective Equipment right now.

2
0
Silver badge

Re: I think her best strategy at this stage

'Doing a Ratner' passed into the language.

I wonder of 'doing a Dildo' will, as well....

2
0
Silver badge
Paris Hilton

Re: Why weren't these people even using prepared statements?

Because web site design is done by 'creatives' using 'frameworks'

1
0

Report or reporter?

I haven't seen the original FT report on which that item is based because it appears to be behind a pay wall. But I assume it is also possible that this was a reporter's mis-transcription.

1
0

Re: Report or reporter?

There is quite a difference between "SQL injection" and "sequential"

I do believe that reporters for the FT have to show a minimum level of competence, unlike Dido of course.

3
2
Silver badge

Re: Report or reporter?

The Pink 'Un ceased to show competence some years ago.

3
0
Facepalm

Unconvinced

Havent read the paywalled article but its entirely possible that Sequential refers to a pair of attacks a DDOS + SQL Injection attack at different points possibly even different attackers. But there's so much FUD being spouted by Talk Talk that its impossible to say either both at this point.

Whats clear is every statement that they make at a technical level is utterly suspect due to their complete inability to communicate at a level a GCSE Computing student could manage.

If anyone knows a Detica guy - I'd book a few pints with them in 2 weeks time and on the 5th pint say "Hypothetically speaking,........."

6
0

Does Dido actually TALK to her techies at all?

This saga looks like doing immense damage to yak yak.

7
0
Bronze badge

Techies? At Talk Talk? Are they the ones that suggest turning if off and on again to see if that help?

2
0
Meh

That would also explain . . .

What the 'Dark Web' is - it's a web site where you need to turn the monitor brightness up to 11 in order to see it.

17
0
Anonymous Coward

Re: That would also explain . . .

But you can just barely distinguish the mysterious words "Follow the White Rabbit ... Knock, Knock!" on the screen not backlit by an electric welding arc.

1
0

Sequent

Perhaps they've still got some old DYNIX kit?

-A.

0
0
Silver badge

Re: Sequent

Oh man, I'm obviously not drinking enough to forget... Oracle on DYNIX/ptx, what did I do to deserve that ?

0
0

Didn't Dido used to be a singer?

0
0
Anonymous Coward

No.

Pearl's a singer...

11
0
Silver badge
Coat

Reminds me of the old joke from 1999. Di's dead; Dodi's dead; Dando's dead; Dido's shitting herself.

2
0
Silver badge

"Didn't Dido used to be a singer?"

Sorry, but if you want to do song related jokes about her name the winner is whoever quoted a chunk of "Dido's Lament" a few days ago.

2
0
Anonymous Coward

She stands up when she plays the piano.

Edit: I'm available for club quizzes

0
0

Speculating...

I'm wonder if they had each customer's data in a separate text file on their unsecured server. The attackers may then have sequentially downloaded the files too quickly, resulting in a denial of service for other attackers and in only some customer data being taken, rather than all of it.

1
1
Anonymous Coward

Seriously? As in something like this?

https://xkcd.com/327/

2
2
Silver badge

Re: Seriously? As in something like this?

Yup. As in something like that.

0
0
Devil

Maybe they were going for Sequel

Technically literate people do themselves and no one a service by constantly coming up with acronyms and aphorisms to obfuscate processes and terms that are already hard for lay people to understand. SQL Server becomes Sequel Server; MySQL becomes MySequel and the poor, newly hired pointy haired boss has no idea what you're talking about. Say what you mean and mean what you say. How hard is that?

4
6
Anonymous Coward

Re: Maybe they were going for Sequel

It's AS-CUE-ELL. I agree.

0
0
Silver badge

Re: Maybe they were going for Sequel

"newly hired"

She doesn't even have that excuse.

3
0

Re: Maybe they were going for Sequel

Technically literate people do themselves and no one a service by constantly coming up with acronyms and aphorisms to obfuscate processes and terms that are already hard for lay people to understand

And lay people do themselves and no one a service by running ISPs with millions of customers depending on them to keep their stuff secure from basic network attacks.

Science and industry is full of jargon because the concepts are often complicated and tend to have long names. Spelling everything out in full every time a) doesn't help you understand it any better and b) takes too long for those who do understand it.

7
1

Re: Maybe they were going for Sequel

Nope, it's Squeal Server ... as opposed to Larry's 'Orrible

1
0
Silver badge

Re: Maybe they were going for Sequel

In principle I agree with you - but without acronyms you cant pull off stuff like 'TWAIN'.

(BTW, AFAIK PCMCIA stands for People Can't Memorize Computer Industry Acronyms.)

1
0
Anonymous Coward

Re: Maybe they were going for Sequel

Explain

λn.λf.λx.n (λg.λh.h (g f)) (λu.x) (λu.u)

peon!

0
0

Re: Maybe they were going for Sequel

Hush, she might starts blaming écureuils next, maybe even the one that is in some of the XKCD drawings.

0
0
Silver badge

Re: Maybe they were going for Sequel

Many people in the biz called it 'sequel' I think they are all ex mainframe/mini bods that did in my experience,

Still Dildo hardup has committed the basic sin of not being properly briefed by her staff the BOFH.

Or perhaps she was...wouldn't be the first time the techies have put one over the beancounter-in-chief.

1
0
Go

Re: Maybe they were going for Sequel

No, no, I think she meant a sequel in the sense that the script kiddy had turned them over twice before, and was now going in again for a third go, but maybe getting a bit cocky having found it sooo easy the last couple of times - "Come Snaffle Our Data Please - Part 3 Yes, We're STILL Real Easy".

0
0

Dildo, Dorfman & Duncetone

The Three Musketeers.

Next thing you know BAE/Detica are going to wash their hands of the apparent inherent stupidity or end up looking like spare knobs themselves... assuming they are not there already.

1
0
Anonymous Coward

Dido - No wonder Eminem locked her up in the boot of his car.

3
0
Anonymous Coward

Don't you mean Dodo, the CEO formerly known as Dido ?

6
0
Anonymous Coward

TT Morons - sorry for the Tautology

Having worked "with" TalkTalk as they were one of our customers, their "technical" people are a bunch of idiots. The only one who was any good left TT and started working for us as he was tired of working with clueless mouth-breathers.

4
0
Silver badge

DDoS

I presume what Harding should be saying is the Talk Talk system took a hammering which knocked the doors off their hinges and let some bastard make off with the goods.

If she had actually come out and said that I would have had more respect and sympathy for her than the mumbo-jumbo nonsense she has come out with.

2
0
Silver badge

I think the guys in It and security know they're going to be blamed then sacked for the board having ignored good practice in favour of profit for years so in their enforced pre interview briefings they're probably purposefully making the board look like arses.

I fully expect to see a claim now that due to a misconfiguration of a critical combobulator allows an internet valve to stay open and let the hackers steal the hard disks.

Remember that scene from the IT Crowd when Jen was showing the board "The Internet" as a little box with a red light. That's TalkTalk that its

16
0
Silver badge

I think the guys in It and security know they're going to be blamed then sacked for the board having ignored good practice in favour of profit for years so in their enforced pre interview briefings they're probably purposefully making the board look like arses.

Of course we don't know how the Dear Leader is seen by the peons below* her. They may have decided to take Napoleon Bonaparte's advice to "Never interrrupt your enemy when (s)he is making a mistake".

And of course they might even have evidence of being ignored when they raised concerns about infosec, in which case they may actually be enjoying what is going on.

*And her fellow C - levels for that matter...

6
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017