Wired has a long and detailed article looking into a hack of Wal-Mart in 2005 and 2006. The hack wasn't reported because, apparently, no customer data was compromised. Besides the discussion of how the attack was perpetrated the article also goes into some of the Payment Card Industry (PCI) requirements and how they should have played into making the hack impossible had Wal-Mart been in compliance.
Cheers,
Dave
Subscribe to:
Post Comments (Atom)
About Me
- DaveAtFraud
- B.Sc. ('78) and M.Sc. ('80) in Math from Ohio State followed by 12 yrs at TRW and a variety of software development positions since then. Currently living in Colorado and enjoying "trial retirement". For fun I climb mountains in the summer and ski down them in the winter, fix gourmet food and have an excellent wine cellar.
This "network-connected devices handling sensitive information used the same usernames and passwords across every Wal-Mart store nationwide. In some cases, the passwords could be easily guessed" is the bane of security. Sounds like Wal-Mart barely missed the bullet on this one
ReplyDeleteAfter the hack of DSW, California apparently has now passed a law that customers have to be notified when credit cards are potentially at risk. Egads, sometimes I think ignorance is bliss
ReplyDelete