Comments on: TJX Credit Card Hackers Busted – Largest US Data Breach

By: zupakomputer

zupakomputer — Mon, 18 Aug 2008 11:00:32 +0000

What jobs?! None over here. Not even those kinds where you get trained (from your own web surfing I mean, as issues arise) as-you-earn.

By: lyz

lyz — Sat, 16 Aug 2008 18:01:53 +0000

lol, not telling that. just forgot to mention that a while back.

By: Morgan Storey

Morgan Storey — Sat, 16 Aug 2008 10:18:04 +0000

@lyz: Correct, so do ones that aren’t dealing with the online world (can anyone say Scada) and thats why we will all have jobs till computers are no longer relevant, I don’t see that happening for a long, long time.

By: lyz

lyz — Sat, 16 Aug 2008 07:52:03 +0000

That’s why every company dealing with the online world needs a staff dedicated to securing the network, coz’ some other people doesn’t really care about this thing. And we know that it’s a fact. Am not against anything here…

By: Morgan Storey

Morgan Storey — Sat, 16 Aug 2008 07:22:41 +0000

@Brill: But proper compliances such as PCI and SOX require regular log reviews and and regular testing of security, of course this is like the whole no speeding, or no lieing, some people don’t some do… Just shows PCI and SOX needs more spot checking etc. It also needs to enforce security training and policies for IT staff.

@lyz: cmon little companies only need either a IT guy that knows what he is doing, or out source it. I used to be a consultant, and I always warned customers on security issues, and locked down issues. WPA is easy to setup and if I came in and found an ap that wasn’t WPA compatible I would turn it off, warn them and geez get it replaced with a $100 ap that did.
Even 1 person companies need to know about security issues, like they know they need insurance, accounting etc.

By: Brill

Brill — Fri, 15 Aug 2008 19:58:30 +0000

About being PCI compliant, when I say that its a minimum what I am trying to say is that all Laws/regulations become obsolete by definition. Even if the security requirements of any law and/or specification change in response to any incidents… we all know that there are allways new security threats/holes appearing at very high speed (in fact that is a perfect example of why regulations become obsolete).
They are necesary (as a minimum) but people should be aware that just because a company is PCI compliant or SOX compliant, etc. doesn’t mean that is also “SECURE”

By: lyz

lyz — Fri, 15 Aug 2008 11:46:25 +0000

Not talking about TJX here.. I meant companies that are not having those strict wireless policies.. :D

By: Morgan Storey

Morgan Storey — Fri, 15 Aug 2008 11:33:22 +0000

@lyz: again not buying it, a company like TJX has a cso, or at least someone in there security department. They need to wake up or as you put it they will be replaced with new staff.

By: lyz

lyz — Fri, 15 Aug 2008 10:56:00 +0000

Maybe coz’ some other people are not that knowledgeable technically speaking? Having a working internet connection is fine and enough for them. They don’t care about the pro’s and con’s. That’s why information dissemination is important.

Or maybe it’s time to tell them to hire new IT/network staffs! :D lol

By: Morgan Storey

Morgan Storey — Fri, 15 Aug 2008 04:54:28 +0000

correct Brill they establish a minimum that needs to be maintained, in this case it wasn’t and they got caught out. PCI responded by becomming more secure and strict.
From this and other articles it is now saying they broke wep passwords and dumped in trojans and keyloggers to get the info, interesting how any company in this day and age doesn’t have a strict wireless policy. Good ones are wpa1(min) prefferable 2 with keyphrase longer than 12 characters, or none at all depending on location, ssid prefferably off, and policy set on laptops to only allow infrastructure mode.