Teenage Boy Arrested Over TalkTalk Hack

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
The first clue that the perpetrator was a kid was the fact that he included acne medicine and a PlayStation 4 on his list of demands. :D

TalkTalk warned its 4 million customers on Friday that it had been hit by a "significant and sustained cyberattack" that might have left their data at risk. Over the weekend the company recruited defence and security company BAE Systems to carry out an investigation alongside the police, after the company received a ransom demand from the person claiming to be the perpetrator.
 
I feel like this is a good time for some kind of database security certification. A stamp or seal you can show off if the means that you contain customer data can meet certain basic security requirements. I mean there isn't much stopping me from opening a dating website, collecting everyone's data and making a useful service out of it, but having the ability for me or any other employee to browse and look at all the private data. I dunno, I just feel there needs to be some level of control so there can be comfort for users. Like I wouldn't register to a website if they could not show they have passed testing (like FCC registrations etc).
 
Brilliant!

Now the kid whose probably only interest in life involves computers and the internet, will likely get a probation and be banned from using connected devices for a period of 5 years or something.

Crime doesn't pay :p
 
Darunion said:
I feel like this is a good time for some kind of database security certification. A stamp or seal you can show off if the means that you contain customer data can meet certain basic security requirements. I mean there isn't much stopping me from opening a dating website, collecting everyone's data and making a useful service out of it, but having the ability for me or any other employee to browse and look at all the private data. I dunno, I just feel there needs to be some level of control so there can be comfort for users. Like I wouldn't register to a website if they could not show they have passed testing (like FCC registrations etc).
Click to expand...

This is a terrible idea.
 
I'd favor federal regulation.

Any organization that keeps any record of customer financial or other private data must pass a database security audit annually, or be fined.
 
Zarathustra[H];1041934979 said:
I'd favor federal regulation.

Any organization that keeps any record of customer financial or other private data must pass a database security audit annually, or be fined.
Click to expand...

You are asking for federal regulation via audit of something the fed can't even do themselves well, on budget, or on time?
 
Methadras said:
You are asking for federal regulation via audit of something the fed can't even do themselves well, on budget, or on time?
Click to expand...

We could do something like the UL regulations ... the government doesn't do the testing or verification, they let a third party do that (and then they sue or punish the violators) ... we might be able to make a similar system for cyber security ...

alternately, since we need to be improving our offensive capabilities in an area where China and North Korea exceed us, we could use the military to hack companies as practice ... and fine each company that fails the hack (kind of like a cyber tax)
 
We require certain security regulations on other institutions and businesses (like banks) so I don't see why the same shouldn't be applied to other places (like websites and server farms) that have valuable personal information.

I'd be in favor of the idea of security certificates and the like.
 
You must log in or register to reply here.
Back
Top