Heartland/TJX/Hannaford hacker caught

by adam on August 18, 2009

I’ve been busy and haven’t had a lot of time to dig in, but Rich Mogull has some really good articles, “Heartland Hackers Caught; Answers and Questions,” and “Recent Breaches- We May Have All the Answers.” I have two questions:

  • Were these custom attacks, or a failure to patch? Reading what’s not in the USSS/FBI announcement in February, it seems patching SQL Server wasn’t the issue, that these were all SQL injections against either custom code or possibly a library that all the victims were using. (Pointers appreciated.)
  • Will the number of breaches reported by retailers fall by more than 10% in the next six months? (Bets appreciated.)

One comment

Number of Breaches, vs. type/impact of breaches:

I’m betting that given the amount of incidents defined as “breaches” out there won’t fall more than 10%. “Heartland Hackers Caught” shouldn’t have any effect on people’s tendency to lose laptops.

Impact of breaches, maybe. But impact from breaches where a targeted, malicious hacker is a cause, certainly I’d take that bet.

by alex on August 18, 2009 at 4:46 pm. Reply #

Leave your comment

Not published.

If you have one.