TalkTalk have once again shown their inability to keep customer data safe. Police are now investigating what TalkTalk term a “significant and sustained cyber-attack” on their website.
Their website currently shows the page above highlighting the fact the website is unavailable right now.
An official statement was released by TalkTalk on 22/10/2015: View Statement in Full.
What the statement doesn’t highlight is what customers of TalkTalk need to do now.
The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
TalkTalk have also created a help page here for those who may have been affected: http://help2.talktalk.co.uk/oct22incident
Please be aware, TalkTalk will NEVER call customers and ask you to provide bank details unless we have already had specific permission from you to do so.
We have noticed a large number of calls yesterday and today in relation to users on Windows 7 where the computer sits stuck on a “Starting Windows” page. The common denominator between all of these incidents is that the computers had AVG Anti-Virus installed.
Whilst we wait on AVG getting back to us with news on this issue we have been resolving these incidents by booting the computers in to Safe Mode, un-installing AVG completely, then booting back into Windows in normal mode before reinstalling AVG.
This is not the first time Anti-Virus programs have caused catastrophic issues with Windows PCs. In April 2010 a McAfee pushed out an update that caused a false positive identification, and incorrect deletion, of the critical Windows system file svchost.exe.
On 14th July 2015 Microsoft will cease supporting Server 2003. This means that, going forward, there will be no more updates or patches for the Server Operating System, which will lead to a less stable and less secure server infrastructure for any businesses that choose to continue to use the system after this date.
Any organisation that is still currently using Microsoft Server 2003 needs to put in place a plan of action to migrate to a new server Operating System, or find an alternative IT infrastructure solution.
Edinburgh IT Support consultants, Consider IT, suggest getting in touch and we’ll provide options for moving forward to a secure and reliable solution.
SourceForge is a popular website that offers source-code repository, downloads mirrors, bug tracker and other features. It acts as a centralised location for software developers to control and manage free and open-source software development. What you might know it from is its usefulness in providing downloads of popular software, rather than having to go to the developer’s website to get it.
Since yesterday at least, SourceForge has now since started to distribute adware/malware in certain projects hosted on their site.
NMAP, an open-source network tool used extensively by IT Professionals has been hijacked by SourceForge and the developers have hit back on security notice boards:
Hi Folks! You may have already read the recent news about SourceForge.net hijacking the GIMP project account to distribute adware/malware.
PayPal and eBay have fallen out and are splitting up with each other on 1st July 2015. PayPal have published a new set of Privacy Policies that will come into force on the same day.
PayPal is nice enough to give its customers only two options when it comes to the new terms: begrudgingly accept them or close your account entirely.
- notify you regarding your account
- troubleshoot problems with your account
- resolve a dispute
- collect a debt
- poll your opinions through surveys or questionnaires
- contact you with offers and promotions
- as otherwise necessary to service your account or enforce this User Agreement, our policies, applicable law, or any other agreement we may have with you.
The ICO has issued South Wales Police with a £160,000 fine for losing a video recording which formed part of the evidence in a sexual abuse case.
Despite the DVDs containing a graphic and disturbing account, the discs were unencrypted and left in a desk drawer.
The recorded interview took place in August 2011 and the loss was discovered by staff after an office move in October 2011 but the security breach then went unreported for nearly two years due to lack of training. Although the DVDs were stored in a secure part of the police station, South Wales Police had no specific force-wide policy in place to deal with the safe storage of victim and witness interviews in its police stations.
Google Chrome is ending support for Silverlight – used by NOW TV and BT Sport to play video.
The Microsoft runtime depends on an ageing plug-in protocol called Netscape Plugin Application Programming Interface (NPAPI), for which Google is currently phasing out support in its browser.
The Google Chrome team originally speculated that support for the old protocol would be removed from Chrome before the end of 2014.
Silverlight remains very popular with broadcasters because of the level of encryption it offers. Many broadcasters seem to be sticking with Silverlight instead of migrating to HTML5.
“With each step in this transition, we get closer to a safer, more mobile-friendly web,” said Justin Schuh, software engineer and plug-in retirement planner at Google.
The Shell Shock security flaw could be bigger than Heartbleed.
A serious security flaw recently discovered in the Bash command-line shell application has been nicknamed “Shell Shock”.
Bash, an acronym for Bourne Again Shell, is a command-line shell application that allows users to issue commands to launch programs, features and make changes by typing text into a console. It’s typically used by programmers and server administrators when making changes to their servers. Bash usually isn’t open to the general public nor made available to access over the Internet by unauthorised users, but Shell Shock changes that.
This isn’t a new vulnerability (although it’s only just been discovered), in fact it’s been around for 20-25 years. It allows the user to manipulate “environment variables” to influence how the software responds and ultimately exploit the machine it is running on.
Don’t be a victim of Counterfeit Software…
As an IT Support company, our clients put their trust in us to source and supply various hardware and software solutions. We purchase Microsoft Office by the bucket load and almost on a daily basis it’s one of the team’s job to go through the headache of unpacking the Microsoft Office box, pulling out the licence key, and going through the hassle of installing Office 2013 on the client machine. Today was different. We sourced our copies of Office from our normal supplier, took delivery, opened the boxes, and proceeded to download the software.
That part of the procedure is normal. What isn’t normal is being told by the Licence Card to visit a website that isn’t Microsoft’s.
The Heartbleed Bug
The Heartbleed Bug is a vulnerability in the popular OpenSSL cryptographic software library. This is the software that almost 60% of the internet will use to establish a secure communication between the server and the client. When you browse a website and you see the padlock sign, chances are it uses OpenSSL to establish this secure link. Windows Servers are generally unaffected by this issue, but other providers that use Linux (or OpenSSL specifically) will likely have had this vulnerability running for some time.
Whilst a lot of the big players in the cloud world are saying that they have now patched their systems and that users do not need to change their passwords, we are taking the stance that it doesn’t hurt to change your passwords on a regular basis and this is as good a time as any.