WEP Security + Pringles-Can = $1 Billion TJX Loss?

Community

Email Notifications

Personal Links

Harry Waldron - Computer Security News

Security Developments, Best Practices, and Important Security Updates

Kim Komando highlighted this on her radio program this weekend. Apparently, TJX was using a WEP based wireless security implementation and crackers were sitting out in the parking lot gathering confidential information. Wireless LANs should use the latest equipment and best protective standards (e.g., WPA2 or WPA), as security is only as good as it's weakest link.

TJX’s failure to secure Wi-Fi could cost $1B
http://blogs.zdnet.com/Ou/?p=485

QUOTE: The news of the TJ Maxx data breach has rocked the retail and banking industry, and many estimate that it will cost hundreds of millions or even a billion-plus dollars in financial damage. It was already widely reported back in March that the TJ Maxx breach was probably due to an insecure wireless network, but the Wall Street Journal is now reporting that it happened outside of a St. Paul, MN, Marshalls discount store in July 2005 (Marshalls is owned by TJX Cos.) WSJ is reporting that investigators believe that the hacker used a laptop and a telescope-shaped antenna.

What's most alarming about this is that most of the major retailers during that time were running WEP and many are STILL running some form of WEP. There's no reason to believe the same attackers didn't try this sort of attack on many other retailers and are still actively attacking networks today. Many businesses and organizations, including hospitals, are STILL running WEP or some other useless form of security. Some are running a slightly better enterprise version of WEP, which uses per-session per-user dynamic keys that supposedly rotate every hour, but even that's worthless since the third-generation of WEP cracking tools can break WEP in under a minute.

Below are additional resources and the 69 page electronic book requires that you become a Tech Republic member (this is free and I've been a member for several years):

FREE Wireless Security e-book download
http://downloads.techrepublic.com.com/abstract.aspx?docid=277380

George Ou - More on Wireless LAN security
http://blogs.techrepublic.com.com/Ou/?p=404

Simple Advice for Wireless Home Networking
http://blogs.techrepublic.com.com/Ou/?p=42
http://blogs.techrepublic.com.com/Ou/?p=43

Posted: May 09 2007, 05:17 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.

Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - Computer Security News

WEP Security + Pringles-Can = $1 Billion TJX Loss?