Interesting People mailing list archives
TJX breach shows that encryption can be foiled
From: David Farber <dave () farber net>
Date: Sun, 1 Apr 2007 09:45:40 -0400
Begin forwarded message: From: dewayne () warpspeed com (Dewayne Hendricks) Date: March 31, 2007 9:48:45 AM EDT To: Dewayne-Net Technology List <xyzzy () warpspeed com> Subject: [Dewayne-Net] TJX breach shows that encryption can be foiled [Note: This item comes from reader Monty Solomon. DLH] From: Monty Solomon <monty () roscom com> Date: March 31, 2007 6:38:56 AM PDT Subject: TJX breach shows that encryption can be foiled TJX breach shows that encryption can be foiled By Ross Kerber, Globe Staff | March 31, 2007 The Boston Globe Encryption alone is no panacea for threats to consumer data, according to specialists who say the technology's limit can be seen in the problems reported by TJX Cos. of Framingham. The notion of using complex math formulas to scramble electronic information is gaining steam as a way to protect individuals' privacy, an area of growing concern for retailers and banks as data thefts become more brazen. But recent details to emerge on how hackers accessed the parent of stores including T.J. Maxx and Marshalls show how encryption can be defeated by clever thieves -- and suggest the breach may have been an inside job. A securities filing by TJX on Wednesday disclosed that the incident may have compromised more than 45 million credit and debit card numbers, the most in any single incident. In the filing, TJX also stated that "we believe that the intruder had access to the decryption tool for the encryption software utilized by TJX." TJX spokeswoman Sherry Lang declined to elaborate on the document, but outside security consultants say the language hints that a company employee or contractor, or someone known by an employee or contractor, was able to gain access to TJX's computers and obtain the formula needed to unscramble data. ..<http://www.boston.com/business/globe/articles/2007/03/31/ tjx_breach_shows_that_encryption_can_be_foiled/>
------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com
Current thread:
- TJX breach shows that encryption can be foiled David Farber (Apr 01)
- <Possible follow-ups>
- Re: TJX breach shows that encryption can be foiled David Farber (Apr 02)