« WASC Meetup at JavaOne (San Francisco 2007) | Main | WASC Announcement: Distributed Open Proxy Honeypot Project Data Released »

TJX pwned via wifi

"A wireless network that employed less protection than many people use on their home systems appears to be the weak link that led TJX Companies, the US-based retailing empire, to preside over the world's biggest known theft of credit-card numbers.

Despite a market capitalization of almost $13bn, it appears the company couldn't afford to secure its Wi-Fi network with anything more robust than the woefully inadequate Wired Equivalent Privacy protocol. (The much more secure Wi-Fi Protected Access has come standard on most routers for four years now.) It also failed to use firewalls or install software patches and disregarded requirements imposed by Visa and MasterCard concerning how card information is stored and transmitted.

According to a front-page article in today's Wall Street Journal, the nonfeasance allowed hackers to use a simple telescope-shaped antenna and a laptop to intercept data flowing through a Wi-Fi network used at a Marshalls discount clothing store near St. Paul, Minnesota."

Article Link: http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!