check out the new remote control Jockey Wheel SmartBar rearview170 Beam Communications SatPhone Shop Topargee products
Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Optus data breach


Guru

Status: Offline
Posts: 7578
Date:
Optus data breach


Optus have been asked to pay ransom so data is not released, including previous customers which information is required to be kept by our government for at least 6 years. 

I was a customer up to 2018 so I am at risk as much as one of their current customers.



__________________

Procrastination, mankind's greatest labour saving device!

50L custom fuel rack 6x20W 100/20mppt 4x26Ah gel 28L super insulated fridge TPMS 3 ARB compressors heatsink fan cooled 4L tank aftercooler Air/water OCD cleaning 4 stage car acoustic insulation.



Guru

Status: Offline
Posts: 4706
Date:

Whenarewethere wrote:

Optus have been asked to pay ransom so data is not released, including previous customers which information is required to be kept by our government for at least 6 years. 


 Be fair now, how else do you expect the government to spy into our communications.



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 7578
Date:

Tax, Medicare, banking, shares, council rates, superannuation, vehicle registration, yacht registration, tolls & E tags, Australia Post mailing history, public surveillance cameras, E tags under the front edge of wheelie bins.



__________________

Procrastination, mankind's greatest labour saving device!

50L custom fuel rack 6x20W 100/20mppt 4x26Ah gel 28L super insulated fridge TPMS 3 ARB compressors heatsink fan cooled 4L tank aftercooler Air/water OCD cleaning 4 stage car acoustic insulation.



Guru

Status: Offline
Posts: 4132
Date:

https://www.theshovel.com.au/2022/09/23/optus-change-password-name-date-of-birth-gender-data-breach/

 

Australia's second largest telco has responded to a massive data breach, advising customers to update their password, move house, change names and take on a new identity.

"We're hopeful that this cyber attack won't amount to anything, but to be on the safe side we do suggest anyone who has been an Optus customer since 2017 change their name, gender, address and birthday," Optus CEO Kelly Bayer Rosmarin said in a video message.



__________________

"No friend ever served me, and no enemy ever wronged me, whom I have not repaid in full."

Lucius Cornelius Sulla - died 78 BC 

 



Guru

Status: Offline
Posts: 4706
Date:

I never give companies any more personal information than they absolutely need but I think, in future, when I'm asked for personal info. I'm going to reply; "To name but two of many both the American Department of Defence and Optus failed to stop data being stolen, what computer security strategies do you have in place which they failed to implement?" 



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 1041
Date:

I now use another DOB unless its a Government Department.

__________________


Guru

Status: Offline
Posts: 4706
Date:

PeterInSa wrote:

I now use another DOB unless its a Government Department.


I only ever give any correct details where I absolutely must eg. banks, government etc otherwise every one of my accounts is false. Why the hell do Supercheap Auto or Safeway need to know who I am and where I live in order to include me in their "club" programmes? For DoB I use my ex-wife's which is similar to mine and sticks in memory... although I no longer send her a card :)



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 1265
Date:

I'll second that Mike. I have three web addresses and aliases, and I use the Tor network (optional donations) all the time when surfing. There are far too many intrusions into our privacy these days and it is not always possible to avoid them. As a matter of interest,can any of our learned contributors tell me why a telco would need passport details?????

Have a nice day folks.



__________________

Those who wish to reap the blessings of freedom must, as men, endure the fatigue of defending it.

Thomas Paine.

 



Guru

Status: Offline
Posts: 5380
Date:

dorian wrote:

https://www.theshovel.com.au/2022/09/23/optus-change-password-name-date-of-birth-gender-data-breach/

 

Australia's second largest telco has responded to a massive data breach, advising customers to update their password, move house, change names and take on a new identity.

"We're hopeful that this cyber attack won't amount to anything, but to be on the safe side we do suggest anyone who has been an Optus customer since 2017 change their name, gender, address and birthday," Optus CEO Kelly Bayer Rosmarin said in a video message.


 Do we have a real link for this, Dorian

biggrinbiggrinbiggrin I am thinking of changing my date of birth to 29 February 1948 biggrinbiggrinbiggrin



__________________

Tony

It cost nothing to be polite



Guru

Status: Offline
Posts: 1197
Date:

This site has a field for entry of Date of Birth. I note that some members appear to have their valid name and valid DOB visible for all. No members on this thread have both those details, but a quick look at a couple of other threads show that many do. Even if your name is not valid, a hacker could match your email address with information they already have.

I have previously sent a message to the Webmaster on this subject and she said she would pursue a solution. Now I see some members do not have that field displayed at all. I could not find a setting to show/hide it, but visibility means little online if the site is hacked.

__________________


Guru

Status: Offline
Posts: 4706
Date:

The  site doesn't need to be hacked, just join as a member and legitimately view profiles.

Talking of hacking; how secure is the administrators password Cindy? Not very is my suspicion :)

 I use a low level password for this and similar sites which will take 9 hours to crack but for banking and such I use a much more secure password which will take 200 years to crack:

Password strength test



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 4532
Date:

oh dear 1.8 seconds for me for this site

__________________

Cheers Craig



Guru

Status: Offline
Posts: 1197
Date:

Thanks for the link Mike. Quite useful and also the description of why the rating. Mine is supposedly 5 days.

As for viewing the profiles I am less concerned about that because the time needed would only generate a handful of results. But it would be useful to have a limit on how many profiles a user can view each day.

What troubles me more is if the site (any site) gets hacked. Then the hackers have a list of thousands that can then be matched to a known database of already captured data. Just matching by email address is one way.





__________________


Guru

Status: Offline
Posts: 4132
Date:

If you were to set up a password challenge that required a 1 second delay between each keystroke (ie like a real human), wouldn't that thwart a lot of automated hacking tools?

__________________

"No friend ever served me, and no enemy ever wronged me, whom I have not repaid in full."

Lucius Cornelius Sulla - died 78 BC 

 



Guru

Status: Offline
Posts: 4706
Date:

People think setting a good password is too hard - who can remember ^HQ!gbh&yq8 - no one of course but how about

#MyDogLikesMeat#

That will take 12,000 years to crack! Now these numbers are a bit wooly but they are a good indicator of password strength.

&HipposAreBig& = 21 years

Paddington - 0.71 seconds

Use a bit of imagination and you'll soon have a great password.

 



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 4132
Date:

Why don't Optus and others keep their user databases offline, at least in the plain text version, and then keep an encrypted version online? They could encrypt each customer's data with a unique encryption key, and the user's chosen password would then be used to encrypt the key. All that an attacker would see would be a database of individually encrypted data, with uniquely encrypted keys for each user. Of course all copies of the original unencrypted keys would be discarded. AES is a commonly used encryption algorithm (256 bits) that would take longer than the life of the universe to crack, even with quantum computers.

In fact Android phones have been using uncrackable file based encryption for many years, so the knowhow is already out there.



-- Edited by dorian on Tuesday 27th of September 2022 04:15:57 PM

__________________

"No friend ever served me, and no enemy ever wronged me, whom I have not repaid in full."

Lucius Cornelius Sulla - died 78 BC 

 



Guru

Status: Offline
Posts: 7578
Date:

Isn't some of the problem is that keystrokes can be recorded.



__________________

Procrastination, mankind's greatest labour saving device!

50L custom fuel rack 6x20W 100/20mppt 4x26Ah gel 28L super insulated fridge TPMS 3 ARB compressors heatsink fan cooled 4L tank aftercooler Air/water OCD cleaning 4 stage car acoustic insulation.



Guru

Status: Offline
Posts: 1197
Date:

Making use of that site does give some useful techniques for choosing a password. Small changes to that &HipposAreBig& gives some idea.

&HipposAreBig& 21 years
&CamelsAreBig& 1 year (Hippos is not in the dictionary but Camel(s) is)
&CamelsAreGib& 45 years (Gib ... letters reversed .... is not in the dictionary)
&HipposAregiB& 751 years (2 words not in the dictionary, capitalised last letter of giB)

And if you need (!?) more...
&HipposAregiB&.$ 5 million years

&Hippos2AregiB&.$ 1 billion years  (many sites require numerics in the password)

Now if only all the hackers used the same algorithms. And of course you need a way to know this site uses Hippos while the next site uses Rhinos ... ad nauseum.

Of course passwords that strong are needed if you are protecting the crown jewels. But I doubt some hacker is going to waste time and computing power try too hard for my accounts.

For me the exercise has been very helpful. My Paypal account was recently accessed by a hacker. Paypal sent a notifiier of changes and I was able to catch it before any damage. I worked out it was due to a low budget site like this one being hacked, and I had used the same password. Since then I have been working to devise a simple system so that I can work out what the password would be without looking it up, yet avoid repetition. This brings me closer to a solution.



-- Edited by Are We Lost on Tuesday 27th of September 2022 04:38:37 PM

__________________


Guru

Status: Offline
Posts: 4132
Date:

Whenarewethere wrote:

Isn't some of the problem is that keystrokes can be recorded.


That's a problem at your end. If you've been infected by keylogging malware, none of your online accounts will be safe. There's nothing that Optus can do about that except to inform you that a login attempt was executed from an unfamiliar IP address, or at an unusual time. Some sites will send confirmation codes to your mobile or email address when you login. That's an extra level of protection.

I'd like to see a purpose built gadget specifically for online banking. This device should have a tiny OS and minimal user interface. It should do little more than what one can achieve via phone banking, except for a little display. Make the software open source, and make it fit in less than 1MB, just like the old DOS days.



-- Edited by dorian on Tuesday 27th of September 2022 04:50:06 PM

__________________

"No friend ever served me, and no enemy ever wronged me, whom I have not repaid in full."

Lucius Cornelius Sulla - died 78 BC 

 



Guru

Status: Offline
Posts: 4706
Date:

dorian wrote:

Why don't Optus and others keep their user databases offline


Simply because it's more convenient for *them*. They, of course, don't give a stuff about you or your data and who gets to access it, it's only when a massive stuff up like this happens that they pretend to be all caring and concerned.

A few years past I did some consulting work on a military radio design project which was classfied; I had two quite seperate computers on my desk, one was connected to the company network and the internet, the other was *solely* connected to an internal secure network with no connection to the outside world at all - all the classfied work was kept on the secure network, to hack it you would need physical access inside the building and to the network itself. On the ocassions I needed to share data between the two systems I had to sign out a special encrypted USB stick which was wiped when I returned it. *That* is decent security.

Don't give companies data they don't *need* - just say "No" when they ask and if they say "Why?" my reply is "Because I don't want to tell you" - it's always fun to see the confused look on their faces :)



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 4706
Date:

Quote from an e-mail I've just received from Optus:

----

The information which has been exposed is a combination of your name, date of birth, email, phone number and/or address associated with your former account.

----

They make no mention of driver's licence or Medicare number both of which were reported to be at risk on the news and indeed the Vic government has now said they will issue a new number to people affected.

Optus! You're a bunch of useless w@nkers!



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 877
Date:

My view is it is not so much the password but all the info behind it.
The FBI who apparently is investigating would be laughing at us.
What is the purpose of all our details given to prove our identity.
Is this is so we cant get a burner phone.
I prepay my telco through PayPal and that telco has no need to have all my details.
I dont have plans and purchases with credit.
I buy my equipment and use the telco SIM card.
Any company at which we need to get credit to obtain goods could be hacked at any time.
I would ask the question
Is this an inside job.
That would be the easiest Avenue to obtain customers records. At any company.



__________________

Welcome to Biggs Country many may know it as Australia

This members posts may contain;

The actual truth

If offended, scroll on by.



Guru

Status: Offline
Posts: 5380
Date:

Tony Bev wrote:
dorian wrote:

https://www.theshovel.com.au/2022/09/23/optus-change-password-name-date-of-birth-gender-data-breach/

 

Australia's second largest telco has responded to a massive data breach, advising customers to update their password, move house, change names and take on a new identity.

"We're hopeful that this cyber attack won't amount to anything, but to be on the safe side we do suggest anyone who has been an Optus customer since 2017 change their name, gender, address and birthday," Optus CEO Kelly Bayer Rosmarin said in a video message.


 Do we have a real link for this, Dorian

biggrinbiggrinbiggrin I am thinking of changing my date of birth to 29 February 1948 biggrinbiggrinbiggrin


 the above was a joke answer

But back in the real world, we really have no idea how good or bad, other peoples security is

I do not like giving personal information, to any websites, but unfortunately we have to

If I had my way, I would punish all hackers, by chopping off the bottom part of all their fingers

I leave nothing on my computer/laptop, that I will miss, (if I am hacked)

I transfer all my important stuff to thumb drives



__________________

Tony

It cost nothing to be polite



Guru

Status: Offline
Posts: 4532
Date:

Reported this evening that Optus C E O has plenty of spare time, sits on the board of three other companies.

__________________

Cheers Craig



Guru

Status: Offline
Posts: 4706
Date:

Craig1 wrote:

Reported this evening that Optus C E O has plenty of spare time, sits on the board of three other companies.


 After this total and complete failure of her management ability I trust she will have the good grace to resign from all four due to her incompetence.



__________________

 

"I beseech you in the bowels of Christ think it possible you may be mistaken"

Oliver Cromwell, 3rd August 1650 - in a letter to the General Assembly of the Kirk of Scotland



Guru

Status: Offline
Posts: 7578
Date:

Not long ago I renewed my Australian & British passports.

 

Australian $193.00

British £75.50

 

Further more the British passport had it's expiry date forwarded as they couldn't post it at the time due to Covid issues and there was no extra cost to Australia for the courier. Actually 2 couriers as the old passport was sent back separately.

 

The Australian passport was 10 years to the date I lodged it, so effectively back dated as it took some time to turn up.

 

Interesting the differences between Australia & UK approach on passports, & price for that matter.



__________________

Procrastination, mankind's greatest labour saving device!

50L custom fuel rack 6x20W 100/20mppt 4x26Ah gel 28L super insulated fridge TPMS 3 ARB compressors heatsink fan cooled 4L tank aftercooler Air/water OCD cleaning 4 stage car acoustic insulation.



Guru

Status: Offline
Posts: 4679
Date:

Mike Harding wrote:

The  site doesn't need to be hacked, just join as a member and legitimately view profiles.

Talking of hacking; how secure is the administrators password Cindy? Not very is my suspicion :)

 I use a low level password for this and similar sites which will take 9 hours to crack but for banking and such I use a much more secure password which will take 200 years to crack:

Password strength test


 Thanks for that..

 

I tried a variation of the one that I use here & it was rated very poor with a few hours to crack. 

A variation similar to the ones that I use for banking et al was rated as taking 21 centuries to crack.

Pretty happy with that.

Thankfully I have never been an Optus, or any of its resellers' customer.



__________________

See Ya ... Cupie




Guru

Status: Offline
Posts: 4679
Date:

Mike Harding wrote:
Craig1 wrote:

Reported this evening that Optus C E O has plenty of spare time, sits on the board of three other companies.


 After this total and complete failure of her management ability I trust she will have the good grace to resign from all four due to her incompetence.


 I watched an interview with her & decided that she was rather lightweight. 

Perhaps a token Female CEO. 

The ex Aus Post CEO was a far more impressive person.

But then even Telstra had a succession of questionable CEOs including a failed AT&T Manager & his mates & a Nuclear Physicist/Scientist.



-- Edited by Cupie on Sunday 2nd of October 2022 12:06:22 PM

__________________

See Ya ... Cupie




Guru

Status: Offline
Posts: 4532
Date:

optus-apology-ad-1379x1536.jpgCredit to The Shovel, but could well have been real



Attachments
__________________

Cheers Craig



Guru

Status: Offline
Posts: 8721
Date:

Craig you have outdone yourself, finding this gem - consider it stolen.

__________________

Possum; AKA:- Ali El-Aziz Mohamed Gundawiathan

Sent from my imperial66 typewriter using carrier pigeon, message sticks and smoke signals.

1 2  >  Last»  | Page of 2  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us
Purchase Grey Nomad bumper stickers Read our daily column, the Nomad News The Grey Nomad's Guidebook