back to article Further confusion at TalkTalk claims it was hit by 'sequential attack'

TalkTalk is continuing to confuse experts with its latest assessment of the root cause of a high profile breach on its systems last week, which may have exposed the bank details including bank information of up to four million customers. The under-fire telco is saying that it has become the victim of a “sequential attack” when …

  1. Anonymous Coward
    Anonymous Coward

    Tempted to have a crack at talk talk if it wasn't illegal, it seems they have many glory holes

  2. Mr_Pitiful

    Was it good old

    'billy tables' again?

    He really gets around doesn't he!

    personally I'd have select * from users.dbo

    BTW I'm not a sql hacker!

    1. Anonymous Coward
      Anonymous Coward

      Re: Was it good old

      Bobby Tables.

      https://xkcd.com/327/

      1. Anonymous Coward
        Anonymous Coward

        Re: Was it good old

        "Sequential Bobby: The Tables"

        Subheading: "He Talks The Talk!"

  3. Rono666
    Holmes

    Glad i left Talk Talk

    I always wondered where PG chimps went when the left the TV

    1. AMBxx Silver badge
      Coffee/keyboard

      Comment of the week

      Thank you, made me smile

  4. Evil Graham

    I think her best strategy at this stage

    Would be to stop talking and make some tea for the technical people.

    1. Commswonk Silver badge

      Re: I think her best strategy at this stage

      And what "technical people" would that be then? BAe Systems?

      Apart from an apparent lack of "technical people" TT don't seem to have legal advisors or PR staff either, judging from the way the CEO seems to be digging an ever deepening hole for herself and the company.

      1. Anonymous Coward
        Anonymous Coward

        Re: I think her best strategy at this stage

        What "technical people" indeed - Where are talktalk's CTO and Chief Enterprise Architect? Is that why BAe Systems have been brought in, because of lack of competence and confidence in the talktalk's home team seniors?

      2. Evil Graham

        Re: I think her best strategy at this stage

        And what "technical people" would that be then? BAe Systems?

        I have no idea whether they have any, or where they might get some from. But if and when they do, they are going to need a shitload of tea.

        In all seriousness, these public statements aren't really helping. And yes, I think we are all agreed that SQL injection attacks should be historical curiosities in 2015.

        To be honest, what can we expect when we have someone with a degree in PPE from Oxford running a major ISP? It's not like they are short of career opportunities is it? They run pretty much everything else FFS.

        1. Captain Badmouth
          Pirate

          Re: I think her best strategy at this stage

          PPE, MBA ...whatever. We're still being run by the "ruling class" in this country. If you want to change it, import some guillotines. Your face will never fit unless someone "knows your people".

        2. 2+2=5 Silver badge
          Joke

          Re: I think her best strategy at this stage

          > To be honest, what can we expect when we have someone with a degree in PPE from Oxford running a major ISP?

          I bet she wishes that was Personal Protective Equipment right now.

      3. itzman

        Re: I think her best strategy at this stage

        'Doing a Ratner' passed into the language.

        I wonder of 'doing a Dildo' will, as well....

    2. Anonymous Coward
      Anonymous Coward

      Re: I think her best strategy at this stage

      Sack the technical people, more like.

      Preventing SQL injection is no longer a "best practice" - it's a fucking normal and essential thing to do. Why weren't these people even using prepared statements?

      1. itzman
        Paris Hilton

        Re: Why weren't these people even using prepared statements?

        Because web site design is done by 'creatives' using 'frameworks'

  5. dcluley

    Report or reporter?

    I haven't seen the original FT report on which that item is based because it appears to be behind a pay wall. But I assume it is also possible that this was a reporter's mis-transcription.

    1. Wommit

      Re: Report or reporter?

      There is quite a difference between "SQL injection" and "sequential"

      I do believe that reporters for the FT have to show a minimum level of competence, unlike Dido of course.

      1. Chris Miller

        Re: Report or reporter?

        The Pink 'Un ceased to show competence some years ago.

        1. Gordon 10 Silver badge
          Facepalm

          Unconvinced

          Havent read the paywalled article but its entirely possible that Sequential refers to a pair of attacks a DDOS + SQL Injection attack at different points possibly even different attackers. But there's so much FUD being spouted by Talk Talk that its impossible to say either both at this point.

          Whats clear is every statement that they make at a technical level is utterly suspect due to their complete inability to communicate at a level a GCSE Computing student could manage.

          If anyone knows a Detica guy - I'd book a few pints with them in 2 weeks time and on the 5th pint say "Hypothetically speaking,........."

  6. Wommit

    Does Dido actually TALK to her techies at all?

    This saga looks like doing immense damage to yak yak.

    1. jonathanb Silver badge

      Techies? At Talk Talk? Are they the ones that suggest turning if off and on again to see if that help?

  7. Scott Broukell
    Meh

    That would also explain . . .

    What the 'Dark Web' is - it's a web site where you need to turn the monitor brightness up to 11 in order to see it.

    1. Anonymous Coward
      Anonymous Coward

      Re: That would also explain . . .

      But you can just barely distinguish the mysterious words "Follow the White Rabbit ... Knock, Knock!" on the screen not backlit by an electric welding arc.

  8. captain veg

    Sequent

    Perhaps they've still got some old DYNIX kit?

    -A.

    1. Chris King Silver badge

      Re: Sequent

      Oh man, I'm obviously not drinking enough to forget... Oracle on DYNIX/ptx, what did I do to deserve that ?

  9. Mr_Pitiful

    Didn't Dido used to be a singer?

    1. Anonymous Coward
      Anonymous Coward

      No.

      Pearl's a singer...

      1. Anonymous Coward
        Anonymous Coward

        She stands up when she plays the piano.

        Edit: I'm available for club quizzes

    2. This post has been deleted by its author

    3. Doctor Syntax Silver badge

      "Didn't Dido used to be a singer?"

      Sorry, but if you want to do song related jokes about her name the winner is whoever quoted a chunk of "Dido's Lament" a few days ago.

  10. Tom_

    Speculating...

    I'm wonder if they had each customer's data in a separate text file on their unsecured server. The attackers may then have sequentially downloaded the files too quickly, resulting in a denial of service for other attackers and in only some customer data being taken, rather than all of it.

  11. Anonymous Coward
    Anonymous Coward

    Seriously? As in something like this?

    https://xkcd.com/327/

    1. itzman

      Re: Seriously? As in something like this?

      Yup. As in something like that.

  12. Fehu
    Devil

    Maybe they were going for Sequel

    Technically literate people do themselves and no one a service by constantly coming up with acronyms and aphorisms to obfuscate processes and terms that are already hard for lay people to understand. SQL Server becomes Sequel Server; MySQL becomes MySequel and the poor, newly hired pointy haired boss has no idea what you're talking about. Say what you mean and mean what you say. How hard is that?

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe they were going for Sequel

      It's AS-CUE-ELL. I agree.

      1. Synonymous Howard

        Re: Maybe they were going for Sequel

        Nope, it's Squeal Server ... as opposed to Larry's 'Orrible

        1. itzman

          Re: Maybe they were going for Sequel

          Many people in the biz called it 'sequel' I think they are all ex mainframe/mini bods that did in my experience,

          Still Dildo hardup has committed the basic sin of not being properly briefed by her staff the BOFH.

          Or perhaps she was...wouldn't be the first time the techies have put one over the beancounter-in-chief.

      2. VeganVegan

        Re: Maybe they were going for Sequel

        Hush, she might starts blaming écureuils next, maybe even the one that is in some of the XKCD drawings.

    2. Doctor Syntax Silver badge

      Re: Maybe they were going for Sequel

      "newly hired"

      She doesn't even have that excuse.

    3. Evil Graham

      Re: Maybe they were going for Sequel

      Technically literate people do themselves and no one a service by constantly coming up with acronyms and aphorisms to obfuscate processes and terms that are already hard for lay people to understand

      And lay people do themselves and no one a service by running ISPs with millions of customers depending on them to keep their stuff secure from basic network attacks.

      Science and industry is full of jargon because the concepts are often complicated and tend to have long names. Spelling everything out in full every time a) doesn't help you understand it any better and b) takes too long for those who do understand it.

    4. allthecoolshortnamesweretaken

      Re: Maybe they were going for Sequel

      In principle I agree with you - but without acronyms you cant pull off stuff like 'TWAIN'.

      (BTW, AFAIK PCMCIA stands for People Can't Memorize Computer Industry Acronyms.)

      1. Anonymous Coward
        Anonymous Coward

        Re: Maybe they were going for Sequel

        Explain

        λn.λf.λx.n (λg.λh.h (g f)) (λu.x) (λu.u)

        peon!

    5. wheelbearing
      Go

      Re: Maybe they were going for Sequel

      No, no, I think she meant a sequel in the sense that the script kiddy had turned them over twice before, and was now going in again for a third go, but maybe getting a bit cocky having found it sooo easy the last couple of times - "Come Snaffle Our Data Please - Part 3 Yes, We're STILL Real Easy".

  13. Camilla Smythe

    Dildo, Dorfman & Duncetone

    The Three Musketeers.

    Next thing you know BAE/Detica are going to wash their hands of the apparent inherent stupidity or end up looking like spare knobs themselves... assuming they are not there already.

  14. Anonymous Coward
    Anonymous Coward

    Dido - No wonder Eminem locked her up in the boot of his car.

    1. Anonymous Coward
      Anonymous Coward

      Don't you mean Dodo, the CEO formerly known as Dido ?

  15. Anonymous Coward
    Anonymous Coward

    TT Morons - sorry for the Tautology

    Having worked "with" TalkTalk as they were one of our customers, their "technical" people are a bunch of idiots. The only one who was any good left TT and started working for us as he was tired of working with clueless mouth-breathers.

  16. Jason Bloomberg Silver badge

    DDoS

    I presume what Harding should be saying is the Talk Talk system took a hammering which knocked the doors off their hinges and let some bastard make off with the goods.

    If she had actually come out and said that I would have had more respect and sympathy for her than the mumbo-jumbo nonsense she has come out with.

  17. 0laf Silver badge

    I think the guys in It and security know they're going to be blamed then sacked for the board having ignored good practice in favour of profit for years so in their enforced pre interview briefings they're probably purposefully making the board look like arses.

    I fully expect to see a claim now that due to a misconfiguration of a critical combobulator allows an internet valve to stay open and let the hackers steal the hard disks.

    Remember that scene from the IT Crowd when Jen was showing the board "The Internet" as a little box with a red light. That's TalkTalk that its

    1. Commswonk Silver badge

      I think the guys in It and security know they're going to be blamed then sacked for the board having ignored good practice in favour of profit for years so in their enforced pre interview briefings they're probably purposefully making the board look like arses.

      Of course we don't know how the Dear Leader is seen by the peons below* her. They may have decided to take Napoleon Bonaparte's advice to "Never interrrupt your enemy when (s)he is making a mistake".

      And of course they might even have evidence of being ignored when they raised concerns about infosec, in which case they may actually be enjoying what is going on.

      *And her fellow C - levels for that matter...

    2. Charlie Clark Silver badge
      Thumb Up

      Either that or the floggle-toggle. Some things never change.

  18. moiety

    Possibly they've hired Stephen Fry to write the press releases.

    1. Pascal Monett Silver badge

      Impossible. Had that been the case, said PR spiels would be delightfully incomprehensible and wonderfully wrong, and we would be spending hours outlining the ways that they made no sense or contradicted themselves.

      Instead, we just got rubbish.

  19. Chris King Silver badge

    This is the company...

    ...that told its customers that IPv6 used six-byte addressing on their help pages, then managed to block THEIR OWN WEB SITE with their own web filtering software.

    I wish I'd kept screenshots of those blunders.

    1. Camilla Smythe

      Re: This is the company...

      This is the company...

      ...that told its customers that IPv6 used six-byte addressing on their help pages, then managed to block THEIR OWN WEB SITE with their own web filtering software.

      I wish I'd kept screenshots of those blunders.

      This is also the company that implemented Stalk Stalk. A system that performs 'illegal' interception of communications and DDoS attacks against the rest of the Internet.

      I believe it was 'Dorfman' who stated in respect of StalkStalk..

      "It is 'our' network and we will do whatever we can to protect 'our' customers."

      Words to that effect since removed from the StalkStalk web site... should it ever be available again for people to change their passwords.

      http://www.cio.co.uk/news/cio-career/talktalk-cto-clive-dorsman-retiring/

      https://uk.linkedin.com/pub/clive-dorsman/17/b68/b42

      So Clive, apart from you apparently not being employed by TalkTalk any more what was that about 'doing whatever you can to protect your customers' and how does that one gel with getting hacked and your previous employers having to come up with more excuses for their arses?

    2. This post has been deleted by its author

  20. PixelChat

    DIDO

    Doesn't DIDO stand for Data In, Data Out? We should have known...

    1. Anonymous Coward
      Anonymous Coward

      Re: DIDO

      Delicatessen in., Doghshit out. What else from a total b*tch?

  21. sysconfig

    Cluebat please

    No, not that one... the really big one over there!

    But since that's a lost cause, I'm expecting "resignation for personal reasons" sooner rather than later. Or at least I would, if I was a major shareholder.

  22. Doctor Syntax Silver badge

    I wish some of the media would find a tech literate journo to do the interview with her.

  23. This post has been deleted by its author

  24. Anonymous Coward
    Anonymous Coward

    '); update user_comments set icon = 'paris_hilton_48.png' where thread like '%Talk Talk%'; -- cause even she has a better clue.

  25. J J Carter Silver badge
    Coat

    The tyrant dies and his rule is over, the martyr dies and his rule begins

    If the hackers were followers of Kierkegaard, it would have been an "existential attack".

    1. Destroy All Monsters Silver badge

      Re: The tyrant dies and his rule is over, the martyr dies and his rule begins

      Isn't that some Frank Herbert?

  26. Stevie Silver badge

    Bah!

    Clearly the press release was dictated over a cell phone.

    Modern cell phones can reproduce Dark Side of the Moon in 7.1 Dolby surround sound flawlessly but are incapable of rendering human speech intelligibly to the same standard as delivered by the GPO circa 1965 over lizard-hide insulated twisted (and permanently sticky) cables between two Bakelite handsets using a voltage standard no-one can remember any more.

    Digital is always better, even if you can't understand a word over the phone or watch a movie on your TV from start to finish without pixelation artifacts ruining the picture. Soon your lightbulbs will be digital too, with the consequent "improvement" in light quality that will bring. One can only dream of the wonders of digital car transportation.

    Actually, my morning commute on the LIRR was fucked-up to a fare-thee-well so I have a pretty good idea what that last one will feel like.

  27. Anonymous Coward
    Anonymous Coward

    Dildo Hardon

    These diversity hires always seem like such a great idea at the time...

    1. Anonymous Coward
      Anonymous Coward

      Re: Dildo Hardon

      These diversity hires always seem like such a great idea at the time...

      Andrea Hill.

      http://www.bbc.co.uk/news/uk-england-suffolk-14011901

  28. This post has been deleted by a moderator

    1. This post has been deleted by a moderator

      1. This post has been deleted by a moderator

  29. Anonymous Coward
    Anonymous Coward

    Sounds awfully like Management Stack Overflow

    http://bofh.ntk.net/BOFH/1998/bastard98-18.php

  30. Anonymous Coward
    Anonymous Coward

    And this is why you hire security professionals...

    The entire thing has been a cluster fcuk.

  31. ContentsMayVary

    This, Jen, is the Internet.

  32. Anonymous Coward
    Anonymous Coward

    I'll take a guess that the cause of the confusion was...

    ... some techy pronouncing it as "Seekle" rather than Ess Queue Ell.

  33. Anonymous Coward
    Anonymous Coward

    trying hard

    she is trying hard to sound like she knows what she is talking about but the harder she tries the more she fails perhaps its best to hire a technical advisor and let him/her do the speaking (notice how i said hire)

  34. magickmark
    Alien

    The Lovecraft connection

    Maybe they were using Pickman's Modem?

    http://www.dorje.com/netstuff/jokes/comp.net.horro

  35. Anonymous Coward
    Anonymous Coward

    Injection flaws - number 1 vulnerability identified by Open Web Application Security Project (OWASP):

    https://www.owasp.org/index.php/Top_10_2013-Top_10

    Every web developer should know this list inside out. Failing to protect against the number 1 flaw by such a large company is inexcusable.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019