The IT Security Blog Roundup

Who’s saying what about TJX

Author: admin

Filed under: Breaches, Lawbreakers, Mobile and Endpoint Security, Privacy

On Friday, the news team at SC Magazine followed up a report in The Wall Street Journal on how and where the TJX breach began.

The where is simple – Minnesota. The how isn’t quite as easy, but it’s still uncomplicated: TJX was reportedly using an outdated wireless security system to safeguard the private information of its customers. After a wardriving effort, attackers easily cracked the company’s network and pilfered the data for more than a year, eventually affecting 45 million shoppers.

Here’s commentary from around the web on the latest TJX breach news:

“So, assuming that there were security and technical people aware of these security methods, and they are the most basic ones I can think of in wireless security, the issue really lies somewhere else. TJX is a vast company, covering many countries, and the evidence is that this one area was hit. That sounds lucky. The issue seems to come down to one of communication, pure and simple. This is so often the case in security breaches and one rarely discussed.”
- IT Security, the View from Here

“I hope other businesses who are still using WEP or no encryption in their wireless networks read about this. It’s one thing to have the convenience of wireless, it’s another thing to share it with someone who wants to steal your credit card data. Another point the auditors made in the TJX review is that the wireless network was basically part of the wired network, with no firewalls or other layers of security between the two. This is basic network architecture, which should have been in place if the network was set up by a security professional.”
- Network Security Blog

“TJX made a lot of serious mistakes, but they deserve credit for doing the investigation and publishing the results. Bismarck said that the wise man doesn’t learn from his mistakes, but instead learns from other people’s mistakes. The only way we can have wise security is if other people publish their mistakes so we can learn from them. If you’ve shopped at TJ Maxx, Marshalls, HomeGoods or A.J. Wright, it’s not overkill to cancel your credit card. Stolen ones have already been used for fraudulent charges, often to buy gift cards. Don’t assume you’re safe just because nothing’s happened to you yet: smart crooks may delay using a credit card to throw off investigators.”
- The Security Mentor

Related Posts
  • No related posts
Delicious Digg Technorati

No Comments

Leave a reply

Home | News | Newsletters | Products | Blogs | Lists | Jobs | Events | Subscribe | Contact Us | About Us | Advertising | Editorial | Subscribe to our RSS feedsRSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions