Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[sevenlayermuddle]

https://www.theverge.com/2017/11/21/16687796/uber-cyberattack-data-breach-exposed-users-57-million

[kitz]

Wow!

Security is really becoming a major issue.   
Over the past few years theres an awful lot of extremely large databases which have been breached.   Some of these companies are organisations who are supposed to have full time IT teams looking after this data.

In view of the fact that this year alone there's only just been disclosure as to the full extent of the likes of Yahoo mail (BT/Sky) and Experion breaches makes you wonder how many more we havent heard of yet.  To their credit whilst the TT breach was bad, at least they did come clean fairly soon and admit that there had been a loss of data. 

The fact that Uber covered it up and paid the ransom is why hackers continue to do what they do

[d2d4j]

Hi

I hope you don’t mind, as I do not want to take this off topic sorry

I think there will be more disclosures still to come

If you think back to the big outage of dns/ssl about a year ago or so, I thought then it was a measured attack to gain access to systems. It was never reported fully why the dns attack took place

Also, I think most companies who have their own it department(s), most do not look after fully their company it. It is mostly outsourced to third parties. We ourselves, look after some top 10 companies hosting needs, and not their it departments

I do believe the web developers have to take some responsibility for breaches. I used to be amazed when seeing a website not closing sessions but not now. There’s more but no time and wrong thread sorry

Divergence, weak passwords, poor routing/firewall control, employees and/or ex employees etc.... all are well known for data breaches. Never mind that their computers maybe infected (inc root kit).

Lastly, I have a file from around 10 years ago, a single file from a breached server, which this 1 very small file, gave full admin/root access to the whole server, and so easy to upload (does not need activating or installing), it just needs to be on a web hosting root level

This is just my thoughts though, so apologies if I’m wrong or posted wrongly. Please feel free to delete

Many thanks

John

[broadstairs]

Getting back to Uber this seems to me to be another very valid reason why we should not roll over and allow Uber to operate in the UK. The company obviously cannot be trusted.

Stuart

[sevenlayermuddle]

Getting back to Uber this seems to me to be another very valid reason why we should not roll over and allow Uber to operate in the UK. The company obviously cannot be trusted.

Stuart

I’d like to think that TFL would be allowed to take things like this into consideration, in judging whether Uber are fit & proper.   

But I’m willing to bet Uber will produce clever arguments (or maybe daft arguments) that portray themselves as now whiter than white, and concoct obstacles to TFL’s process, maybe arguing “the servers were not located in London”,  or “We have mended our ways”.   

[Bowdon]

Maybe this is a stupid question. But I've not seen the answer pointed out to me when reading these kinds of stories.

Are these companies fined in any way?

If not, then I think its time these companies are held to account considering how valuable the data is.

[Chrysalis]

I am surprised how low the ransom was, 75k for a large global company as uber is a pittance.

Looking at how the data got accessed is pretty bad, some bad procedures in place within the company.

[Chrysalis]

Getting back to Uber this seems to me to be another very valid reason why we should not roll over and allow Uber to operate in the UK. The company obviously cannot be trusted.

Stuart

We should ban every company that has had a breach? Or are you letting your views on London's ripoff taxi's affect your view on this and uber have special treatment in terms of a punishment?

[broadstairs]

We should ban every company that has had a breach? Or are you letting your views on London's ripoff taxi's affect your view on this and uber have special treatment in terms of a punishment?

No I am not suggesting that, we should however ban companies who have a breach and then behave like Uber did to cover it up and pay a ransom. Paying a ransom is plain stupid because you have no way of knowing whether or not you will get the data back or deleted. Covering it up for so long is in my view criminal and suggests that the company has policies bordering on criminal.

Keeping quiet on request from law enforcement for a while is acceptable if those agencies believe it would help to investigate but otherwise just come clean.

I have no problems with tech companies competing with others just so long as it is on a level playing field especially in terms of employee protection and protection of the public (in this case) etc but that's not what Uber are trying to do.

Stuart

[sevenlayermuddle]

There might be times when paying a ransom might be tempting, such as the recent  NHS Windows 7 ransomware.   If a ransom could rescue precious data, I would understand, though not sure if it would be legal.

But in Uber’s case, integrity of the data does not seem to have been at risk.   The ransom did not restore lost data, nor did it ensure that their customers’ data was safe.   The only motivation for paying the ransom, as far as I can see, was to avoid regulators finding out, to protect their own reputation, even if that put customers at even greater risk.

A dreadful, truly dreadful, and deeply immoral, company imho.   It genuinely baffles me and troubles me that they have such a loyal following, and that people continue to feed them cash via the taxi fares.

[Chrysalis]

I dont see how it even made a difference for hiding it, they could still hide it if they didnt pay the ransom unless of course the hackers threatened to make it public.

Uber should be fined a large sum not all for the breach, but for the contempt they showed in hiding it.

7LM people use the service as it outclasses its competition, the modern world people dont care about what is seen as moral and what not, they just look for the best service.  Until something else comes along to match or better it, then people will continue to do so.

[broadstairs]

7LM people use the service as it outclasses its competition, the modern world people dont care about what is seen as moral and what not, they just look for the best service.  Until something else comes along to match or better it, then people will continue to do so.

I think that is a dreadful summery of modern society. Also I do not believe it outclasses the black cabs for service, reliability or security.

Stuart

[Dray]

Oh it does, easily - You don't have to tell the driver where you're going, you don't have to pay the driver, you don't even tip the driver. It's all handled by the app.

[broadstairs]

Oh it does, easily - You don't have to tell the driver where you're going, you don't have to pay the driver, you don't even tip the driver. It's all handled by the app.

In my view from years of experience of working in London it is far easier to step outside and hail a black cab and you can be absolutely sure you will go by the most appropriate route even if there is a traffic jam or road works as they know the roads so well having done the knowledge.

Stuart

[Dray]

Much easier to use the app and get an Uber. No need to carry any money. The satnav avoids roadworks and traffic.