tag:blogger.com,1999:blog-4055310521973798716.post4461798396248907613..comments2010-01-21T11:41:31.879-05:00Neil Johnsonnoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4055310521973798716.post-3921627203006797552008-08-18T10:25:00.000-04:002008-08-18T10:25:00.000-04:00What a breach.<BR/><BR/>There was another <A HREF="http://www.boston.com/business/technology/articles/2008/08/17/the_breach/" REL="nofollow">article in the Globe yesterday</A>, that describes the breach in more detail. The hackers had their own VPN to tunnel back into the network from anywhere.<BR/><BR/>This is why regular security audits are recommended, to help detect holes in your network like the ones TJ Maxx had, including configuration reviews of network equipment such as wireless access points. Even more thorough audits that include a review of systems can uncover malicious software already installed.<BR/><BR/>Another important point of the article is that the hackers and hard core criminals have been teaming up for a while now:<BR/><BR/>"Details of how to encode blank cards with stolen account numbers are among the topics typically discussed on underground websites, security experts say; the Secret Service estimates there are 20 message boards or websites in the United States and overseas where criminals sell stolen numbers, trade tips, and form bonds like those between Gonzalez and Yastremskiy."Keith Salustrohttp://www.blogger.com/profile/06541345012929727968noreply@blogger.com