Bad Security Practice

We all heard about the recent TK Maxxx[1] incident where customer details from 45.7 million payment cards were stolen.

The interesting part in the attack is that the attackers used the US retailer TJX’s Wi-Fi Network (which used WEP)[2] to access the company’s network.

This is an interesting fact since I can imagine the Senior Management playing down the threat from a Wireless Network. “Oh it has WEP, it is OK!”. It is a real threat and just catching or trying to catch the attackers will not make networks more secure. Only continues security reviews of a system will limit breaches.

[1] – BBC News, Hackers target TK Maxx customers – http://news.bbc.co.uk/2/hi/business/6508983.stm

[2] – The Register, Lax security led to TJX breach – http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/

This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Bad Security Practice

  1. Robert Dicks says:

    I must admit I nearly fell off my chair when I read The Register article I wouldn’t be happy using WEP on my home wireless network let alone running my machines with no patches and no firewall to protect it.

    An interesting point about the banks lobbying for companies to absorb the costs associated with such security breaches and I must admit in this case I think the company should be fully liable given their inadequate and some might say totally irresponsible approach to security.

Leave a Reply

Your email address will not be published. Required fields are marked *