Monday, December 3, 2007

Security tidbits from the past month...

Web applications and Microsoft Office are the current major pain-points:

"Developers aren't using secure coding techniques to create Web applications, giving hackers an opportunity to tap the rich databases of information connected to them, according to SANS, a computer training and security organization."

The TJX hack just keeps getting worse:

Update: TJX Victim Tally Rises to 94M
"In an affidavit, the bankers said that "TJX continues to downplay the seriousness of the situation."

Details emerge on TJX breach
"Spokespeople for Visa and MasterCard said they wouldn't comment on the matter, or on a Visa official's estimate of losses to banks that issued cards to be between $68 million to $83 million."

"Visa fined TJX's card processor $880,000 last summer, and said it would continue to fine the retailer's card processor $100,000/month, for TJX's role in the worst data breach in the payment industry's history, according to documents filed in federal court Oct. 26."

VISA Fined TJX Processor for Security Breach,1895,2208927,00.asp
TJX IT staff knew about the vulnerabilities, but continued to ignore them because they wanted to save money...

TJX violated nine of 12 PCI controls at time of breach, court filings say
"these additional facts materially support the claim that TJX's
conduct generally" violated laws governing unfair trade practices,
they said.

Court filing: TJX was warned about lax security before massive breach