No, it isn't. What does the data protection office have to say about all this? Should you not have gone to them for a quote? I bet they would be interested in this sort of thing.
Greystone Telecom, adopted child of TalkTalk and provider of telecommunications to the business community, is unwittingly sharing customer and contract details with the world: but TalkTalk doesn't care. The details include customer and contract prices, copies of sales orders and spreadsheets showing how things are going at the …
"No, it isn't. What does the data protection office have to say about all this? Should you not have gone to them for a quote? I bet they would be interested in this sort of thing."
You're kidding right?
The ICO couldn't give a ***** It's not apublic body, so in the view of the Idiot Control Office - no harm done, end of.
Even ostensible open source executive guy Matt here on el reg keeps on measuring market size in costs incurred, not useful work done (what places have Combined Heat and Computing plants heating the bulding?) which presumably will drive more of his ilk to do whatever everyone else is doing in their attempts to gain a competetive advantage. So, at a guess, quite a while yet.
And hey, it's not fake. As dear Dominic just expounded: Getting paid by the hour means prolonging the problem. Getting paid more means being more professional. This must be true for the recruiter pro said so.
I'm sure you're proud of your little mantra there, but you've missed the point, I'm afraid. This is a configuration error, so in the lap of the dip setting it up. Undeniable that it's poor practice to be open to anonymous access by default, but it's the job of the guy setting it up to make sure the setting are right. Saying "Oooh, it's MS therefore destined to fail!" Is cliched, sad and just untrue.
Boring, tedious, rhetoric once more.
If the thing is configured incorrectly by the person installing it, that is hardly the fault of the software.
It gets exceedingly stale, the constant bashing of anything MS on these forums. It is of course, fantastic that Linux is always perfect and is never misconfigured.
"If the thing is configured incorrectly by the person installing it, that is hardly the fault of the software."
When the software's default position is "Rape me! Have at my datas you randy hounds!" then I'd say that's a problem.
"It is of course, fantastic that Linux is always perfect and is never misconfigured."
A few points:
1) Linux is a kernel, not a web server;
2) No one claimed it was perfect;
3) No one even mentioned it.
If you had cited Apache (or Tomcat or WebLogic or...) then you might have had a point. Too busy following the old rhetoric of "If they say anything anti MS, they must be a pro GNU/Linux, freedom-lving, fanboi. Engage maximum frothing!"
How is the fact that IIS allows anonymous access by default a security issue. It is a web server after all and is meant to be used to publish stuff to the world wide web, if you don't want that data published then you remove the anonymous access user or put it behind a firewall etc.
As someone who owns a hosting business and who administers IIS and Apache day in, day out I can vouch for IIS7 as being a very good web server. I actually think the story poster is talking about having directory browsing enabled and I know that by default that is not enabled in IIS so the server admin must have enabled it.
If it is a fail it is for the person who configured the website not IIS itself.
This sounds more like Linux fan-boys out to discredit something they know nothing about...
The article goes into much detail about how this is a problem specific to IIS, even the title "TALKTALK SUBSIDIARY'S CUSTOMER DATA PLACED ON THE WEB IN IIS WHOOPSIE".
This is NOT a problem with IIS and could just have easily have been enabled on Apache or any other web server software. The article poster is also blaming the anonymous user access when the problem is actually having directory browsing being enabled, if you disable anonymous access then not even web pages can be viewed unless the person logs in to the server. Fail on both the cause and the remedy....
Try not to be an annoying, petty, pedantic little nutsack for the rest of your life, eh? Have a day off. Stalk Stalk is what people have been calling this company since 2008 and the Phorm fiasco.
SWAG: It used to mean screwed without a GUI. Now it seems they're screwed even with one.
MCSE: Must consult someone experienced.
Even if this is not their problem, for their rep to come out with "It's not one of our servers, so it's not our problem," is really bad, shows them in a bad, uncaring light and gives the opportunity for negative headlines, although it is quite refreshing to see a straight forward answer with no canned, cliched statements, weasel words or other bullshit that is so common from any big company these days. .
Now if we could just get them to do that AND take responsibility for their actions, we would be going in the right direction.
Since this piece was published TalkTalk has supplied the Register with this statement:
"We take data protection very seriously and have launched an investigation. We have established that the data did not come from any of our servers or any of our contactors’ servers, and that our firewalls and security procedures are functioning properly.
We are working to identify the IP address from which this data was disseminated, and are in contact with the appropriate authorities."
I realise it is sometimes difficult to understand the 'help desk' but are you certain that the above is correct?
Normal advice is to turn various things on and off.
Biting the hand that feeds IT © 1998–2019