Re: TJX breach shows that encryption can be foiled

["Avery Sawaba" <avery.sawaba () gmail com>]

I just read over the 10-k again, and I think they've included enough
information to figure out what happened, using some educated guesses. I'm
going to start working on "reverse engineering" the statements.

--Sawaba

On 4/2/07, Chris Walsh <cwalsh () cwalsh org> wrote:
> On Apr 2, 2007, at 2:44 PM, Casey, Troy # Atlanta wrote:
>
> > It should make for a short list of suspects, assuming TJX was doing a
> > reasonable job of key management...
>
> That (reasonable key management) is a critical assumption.
>
> I'd be interested in learning what algorithm (and implementation
> thereof) they were using, as well.
>
> Not holding my breath on that info :^)
>
> cw
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
> Tracking more than 203 million compromised records in 609 incidents over 7
> years.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents over 7 years.