Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: TalkTalk are getting more bad publicity  (Read 504 times)

broadstairs

  • Kitizen
  • ****
  • Posts: 2455
TalkTalk are getting more bad publicity
« on: December 07, 2016, 11:19:08 PM »

Not sure if anyone here has seen this on the BBC News website. All I can say is I'm glad I use my own retail ZyXEL router. NOt saying it is 100% secure but a lot more secure than the c**p they send out.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:ZyXEL VMG8924-B10A

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 18767
  • Over the Rainbow
    • The ELRepo Project
Re: TalkTalk are getting more bad publicity
« Reply #1 on: December 07, 2016, 11:28:15 PM »

Typical BBC reporting, of course.  ::)

The one and only device that TalkTalk sent me to use was a Huawei SmartAX MT882 (with Opal firmware). I still have it stashed away in the grotto, hoping that one day I will come across a vanilla Huawei firmware image.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 29819
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: TalkTalk are getting more bad publicity
« Reply #2 on: December 08, 2016, 12:20:13 PM »

Hmmm, several thoughts on this and also an area where ejs will probably have some good input.  I dont think its typical BBC reporting.  I believe there could be a real cause for concern here.
I think they must warn their users, fair enough the "risk to the individual user was relatively low" in the fact that its unlikely someone would travel around the country targetting all users. 
 
However, what if you looked at it from another perspective. What if someone parked themselves in an area - ANY area - and scanned the SSIDs in that area.   It then wouldn't take 2 minutes to check and see if the SSID is one of the 57000 that has been compromised and they now have the password to get on that network.


I believe this may also be under estimated

Quote
"If you look at the average home user and what is on their home network, that would be exposed to an attacker,... then there is not a great deal.

How many home networks these days use network sharing. Whilst its highly unlikely that financial type data will be in shared folders, how about if someone decides to delete whole libaries of data/music/photos/videos.   Someone just for kicks could delete photo albums or whatever. 
How about if someone decides to dump some sort of malicious file in a shared folder that could spread and infect every machine on that network.


Quote
"The list that you sent me, I can confirm that they are TalkTalk router IDs," said its head of corporate communications.
"But we haven't seen anything to suggest that there are 57,000 of them out there."

BS.  The reason the compromise last week was deliberately kept under-wraps and out of the public domain because the fear of something like this happening.  It is a known fact that 100s of thousands of routers were in a compromised state the weekend before last.
Broadstairs challenged me why didn't I disclose that fact before the Zyxel/Eircom fix was rolled out and why did the ISPs keep it quiet.  This is an example of the reason why - because it would only take one [bad] person to run a bot and they would soon have a heck of a lot of info if they then decided to target all the TT IP addresses.
Someone obviously knew that the TT modems were also wide open for a couple of days.  If they have data for 100 then I would think its a sure fire bet that they do have data for one heck of a lot more. 
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 29819
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: TalkTalk are getting more bad publicity
« Reply #3 on: December 08, 2016, 12:38:52 PM »

The one and only device that TalkTalk sent me to use was a Huawei SmartAX MT882 (with Opal firmware). I still have it stashed away in the grotto, hoping that one day I will come across a vanilla Huawei firmware image.

I think they'd be pretty useless these days.  I had 3 of them which I binned about 7yrs ago.   From memory they were based on Globespan Virata f/w as used by the Solwise SAR110s.   I had a SAR110 which were a fantastic modem for the time -  could even tell you if your VP was congested but its now over 14yrs old and f/w updates were ceased long ago as it was incapable of running anything other than basic adsl.   It was great for adsl1 but I dumped my SAR110 soon after maxdsl in favour of a more modern router.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4350
Re: TalkTalk are getting more bad publicity
« Reply #4 on: December 08, 2016, 01:15:34 PM »

Windows will enable homegroups in many installs, I personally do use file sharing although only one drive on each machine.

Considering these devices have been confirmed compromised (even tho it may only be a small%, a small % is enough), talktalk seem to be inviting a hiding by taking the stance they are.  They seem to think its an advantage to pretend nothing has been compromised and I suppose to appear like it didnt happen rather than to do the sane thing.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 29819
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: TalkTalk are getting more bad publicity
« Reply #5 on: December 08, 2016, 01:57:41 PM »

Quote
They seem to think its an advantage to pretend nothing has been compromised and I suppose to appear like it didn't happen rather than to do the sane thing.

I agree.   I think its right that they kept quiet that their modems were open until they rolled out the fix.   Announcing to the world that many of their routers were open until the fix had been rolled would just be inviting problems and inviting people to scan their IP ranges looking exactly for this type of information.
However it would appear someone did leak or someone got lucky.   The info is now out there and they should be telling their users to change their wifi passwords.

Quote
Windows will enable homegroups in many installs, I personally do use file sharing although only one drive on each machine.

Exactly...  and not only that, a number of devices on a LAN that act as file/media servers.  Homes with teenagers etc imho tend to all have shared services for music, photos etc.  Ive had NAS boxes for years that act as media servers as well as a dedicated media server.    My daughter had a heck of a lot of music and photos shared over the LAN.   I'm sure she would be extremely upset if anyone deleted years and years worth of her music collection.   She got into i-tunes very early, these days its far more common place and Im sure Im not the only one who has/had a music mad teen. 

Not so many people thinking of backing up this type of data and think because its held separately then its safe.   TBH when my daughter moved to her own house,  it was easier for me to just give her my old Buffalo Link Station containing her music collection and files,  than try transfer it by other means. 
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker