PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

How do they know??

From: nberthaume at gmail.com (Nicholas B.)
Date: Wed, 14 Oct 2009 14:51:24 -0400
Lawyers can be ninjas now?!?  Makes me glad to be a pirate.

On 10/14/09, PJ McGarvey <pj_mcgarvey at hotmail.com> wrote:


Judging by the efforts they made to ensure the break-in wasn't made public,
it would be obvious to me that they would make that claim.  The article
doesn't state that "no customer data was stolen" was a direct quote from
Walmart.  As their assessment was probably made on early evidence, and that
evidence indicated that the attackers were after company secrets, not
customer data, it probably suited their ninja lawyers just fine.

Maybe the attackers went after the secrets b/c they couldn't get to the
recently encrypted data...

Or maybe they just wanted more data, however they had some serious cajones
to try and reconnect 2 more times using other VPN accounts once they were
stopped, whether they were in a foreign country or not... you'd think they
would've just given up assuming they already had customer data ready to sell
on the black market.

-PJ



Date: Wed, 14 Oct 2009 09:26:11 -0400
From: dgcombs at gmail.com
To: pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] How do they know??

Hopefully they log data access success and failures and send those logs to a
centralized server. That's how I would make that claim. But I might say "all
evidence indicates..." anyway.


--
Dan McGinn-Combs

Bert Van Kets wrote:

I was just reading the story on the Wal-Mart attack in Wired :
http://www.wired.com/threatlevel/2009/10/walmart-hack/

In the story they claim "no sensitive customer data was stolen". How can
they be so sure?
The story tells that the attacker got Admin privs, so access to all user
accounts and passwords. IMHO they can encrypt all they want. It's game over.

How can they make a claim that no sensitive data was stolen?

Bert
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
                                      


-- 
Sent from my mobile device
Previous By Date Next
Previous By Thread Next

Current thread: