BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TJX breach shows that encryption can be foiled

From: "Adrian Sanabria" <adrian.sanabria () gmail com>
Date: Mon, 2 Apr 2007 23:58:53 -0400
So frustrating, getting little bits of technical info at a time. It is even
common for people to refer to something password protected as "encrypted".
Just the phrase "decryption tool" is a big clue. Clue to what, I don't know,
but most encryption I've worked with would never lead me to use that phrase.
Can anyone think of a specific product that would refer to? The only thing I
can think of is the decryption tool (usually put on a bootable floppy or cd)
Helpdesk and Security use to decrypt most enterprise full disk encryption.

--Sawaba

On 4/2/07, Chris Walsh <cwalsh () cwalsh org> wrote:



On Apr 2, 2007, at 2:44 PM, Casey, Troy # Atlanta wrote:

> It should make for a short list of suspects, assuming TJX was doing a
> reasonable job of key management...

That (reasonable key management) is a critical assumption.

I'd be interested in learning what algorithm (and implementation
thereof) they were using, as well.

Not holding my breath on that info :^)

cw
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents over 7
years.


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 203 million compromised records in 609 incidents over 7 years.
Previous By Date Next
Previous By Thread Next

Current thread: