In a week dominated by the TalkTalk hack, here’s some more news from around the web on… the TalkTalk hack, as well as a reminder that cybercrime can often be a little more personal than a random website hack, and a somewhat more uplifting story to get your week off to a good start.


TalkTalk’s CEO offers up poor post-hack advice

As many of you are no doubt aware, British telecoms company Talk Talk has recently been hacked for the third time this year (that we know of), creating something of a furore as the press clamours for ‘cyber legislation’ to save us all from the bad guys.

But what will new laws give us that existing regulations, safeguards and best practice methodology don’t?

Not a lot in my opinion.

But on the plus side, if some enterprising lawmaker can criminalise the bad advice given out by Talk Talk CEO Dino Harding this week, that may be a small win.

What am I talking about?

Well, shortly after the breach, Baroness Harding of Winscombe appeared on the BBC to advise customers that they could be assured any email they received from the company was genuine by the fact that it would have a link in it (you know what we say about clicking on links in emails) and that the header would have a email address in it.

To find out why that is a laughable response, read Graham Cluley’s blog and be sure to check out the excellent video within that post.

TalkTalk CEO says its security is ‘head and shoulders’ above the competition’

Continuing the TalkTalk theme, just for a moment, Dino Harding was heavily quoted by a Guardian article on Sunday in which she said:

“Nobody is perfect. God knows, we’ve just demonstrated that our website security wasn’t perfect – I’m not going to pretend it is – but we take it incredibly seriously.”

Ignoring the stock ‘taking security seriously’ comment put out by just about every company after an incident that raises the question of just how seriously it took our security, the Conservative life peer went on to address claims that it had been warned over its website security last September by saying:

“On that specific vulnerability, it’s much better than it was and we are head and shoulders better than some of our competitors.”

Irrespective of how true her comments may be, don’t you think it is more than a little irresponsible to brag about how your company’s security is better than the competition in the wake of an attack that questions that very notion?

To be fair to TalkTalk, breaches do happen and no firm is immune from them, but much can be learned about a company from the way in which it responds to an incident.

For the most part, TalkTalk has been handling a tricky PR situation reasonably well, but comments like this can quickly undo all the good work.

Contactless card theft

Changing tack somewhat, SC Magazine this week reminded us that not all crime is as impersonal as a website hack that exposes millions of customers’ personal details.

Indeed, some crime targets one person at a time.

Take, for instance, the member of the online magazine’s team who had £20 swiped from their account when someone bumped into their pocket.

The resulting article is short on answers as to how the fraud was committed but it certainly poses some interesting questions, though one obvious omission is how to protect yourself from it.

The answer to that, I wager, would lie in one of these (I’ve heard they work rather well with Oyster cards too).

11-year-old entrepreneur sells security for $2 a pop

When I was at school many kids looked to supplement their pocket money by selling marbles, or football stickers, but time changes everything.

Nowadays its virtual FIFA players and loom bands – or whatever the latest craze is.

So it’s nice to see someone trying something different. Especially when the product on offer is enhanced security.

Mira Modi, 11, from New York City has started a business selling six-word Diceware passphrases for around the same price as a cup of coffee.

She hasn’t made her millions just yet, though, as Ars Technica reports, she may well be on the path to a rich and rewarding career in an industry that is not only crying out for more people, but also looking to encourage girls to become the information security professionals of tomorrow.