Boy, 15, Arrested Over TalkTalk Hack Attack

a reply to: sparky31

What were they doing recording customer credit card details?

Surely credit payments should have been forwarded through to a secure banking site without capture of customer details, which amounts to a breach of the law by TalkTalk.

I'd say that the government should prosecute the company. They cannot plead ignorance after multiple data intrusions and admission that they were storing customer credit card details.

Information privacy - Wikipedia

originally posted by: sparky31
seriously what you just said to me could have been written in russian and i would have understood it just as well lol

Attempting to translate from "Russian" to mundane rambling, though my php is a little rusty so some of this might not be exact. The language most web servers run on is called php and code written in php runs on the server hosting the webpage, the server executes the code and then sends the results of that code to a users web browser. You will occasionally see a website using a .php extension in the url. This means that webpage is using php.

An SQL injection is a common exploit where you take a webpage with a form that query's a database with that information. Because these forms involve executing code, you can write your own code in the form submission box and make the server read it instead of what it's supposed to read. An analogy would be if you're reading a paragraph in a book, and halfway through the paragraph the remaining sentences for you to read get changed on you to what the attacker wants you to read.

Here's an example of an attempted SQL injection that's using OCR to read license plates and automatically assign tickets
i.kinja-img.com...

If that attack worked it would cause the city to lose their database of who owes what. I'm not sure if the image of that car specifically made a city lose data, but it has happened a few times.

Websites themselves send data back to a server in two ways, the get method and the post method. The get method involves sending data through the URL, in Stormcells example it's looking for user data on whoever has user 8493742934. Depending on how well set up your internet security is, someone can make a script that creates that url with userid 1, then 2, all the way up to some arbitrary number, and just keeps attempting them until it finds a userid where it gets some data.

SQL injections are common, and they're easy to stop but a lot of times the programmers are lazy or unaware and don't put in the necessary precautions. Being unaware is the big one, in order to cut down on hacking atleast in the US most schools don't teach you how to hack, they just teach you a handful of security precautions to defend against it. The problem is that's just telling you what to do without the why, and that causes information to not stick as well, it's like telling someone to lock the door when they leave their house without ever explaining that things like burglars exist.

originally posted by: chr0naut
What were they doing recording customer credit card details?

I'm not familiar with their business but if they have any type of recurring payment system then regardless of what the law says, that payment system requires they keep the information saved so they can make another charge after x time.

a reply to: sparky31

I seen this on the news in Paris last Friday (I think it was) who knew it was a kid!?!?

originally posted by: Cobaltic1978

originally posted by: Xcathdra
a reply to: sparky31

So is it the 15 year old or the Jihadists?

It's a 15 year old Jihadist.

Off with his hands then. chop chop!