Saturday, May 10, 2008

TJX Breach Write-Up


Interesting write up on the beginning of the TJX breach:

http://blog.tizor.com/data_auditing_blog/tabid/8146/bid/4793/default.aspx


of course they didnt answer the big question of how the attackers gained access to the RTS Servers

"(2) After breaching the TJX wireless system, the attacker was able to gain administrative privileges to the RTS servers located at the TJX corporate headquarters in Framingham, MA. The RTS servers hold all cardholder data that is processed centrally for most TJX stores."

because cracking a WEP key gets you on the network but doesnt give you the ability to log into anywhere on the network.
CG

1 comment:

Anonymous said...

They don't answer the "how" question because they have no clue. This is generally true of any interactions you'll have with the folks at Tizor. They clean up real nice and present a good image, but under the surface, they're all hollow.

Call up and ask them how they handle auditing of console activities, or people (dbas) SSHing into a server.