Comments on: TJX says 45.7 million customer records were compromised

Filing with the SEC reveals scope of the breach is far wider than previously believed.

[Stating]

30% Of Working Population!!!

Forty five million people is about 1/3 of the current U.S. workforce. So look to your co-worker on your left, your co-worker on your right, and know that one of you will have your financial life made a living hell by TJ Hacks for the next 10 years.

Shop at retail stores? My advice is to buy with cash for any tranaction under $100. This will also save you from the retail stores 35% credit card rates too. Stores will hate you for this -- Mervyn's tries to shill me into signing up for their CC every time I buy something, but screw them!

[lleather]

pathetic security

Their primary data center should've been protected from something like this, and every IT professional knows that wireless is the easy way into every network. A wireless connection is how hackers got into Microsoft several years ago. A MS employee was working from home with an open wireless connection - what an idiot. TJX should fire their entire IT department and start over.

[Schratboy]

The intrusion detection illusion

What's the matter? All the greatest IDS/IPS appliances, Firewalls, Anti-malware crap in-place and the company still got exploited? I'm not surprised.

IT managers are basically lazy. They spend huge dollars on control devices, train users and stick them in the control room. The signature baselines take care of the majority of mundane issues and people just basically don't care. The equipment was bought to do most of the work. The same story happens over and over again.

Exploits occur through laziness and over-reliance on technology. If nobody understands what is normal on the network how can you tell what's abnormal? Today's hacks are subtle and take advantage of holes in processes, technology and by exploiting social conditions. No signature can identify and threat if it isn't programmed to do so! HELLO!

Big appliances and big dollar expenditures are the life blood for most large company IT managers. They need to justify their salaries, staff and budgets and continue to pile box after box into their premises. Are the more secure? Yes, but at a considerably inflated cost.

IMHO, it's a very simple matter of clearly defining what should be on the network, coming in and going out, on every port and noting every protocol. In so doing the anomalies tend to stand out much more easily than simply trying to control everything. You can't spend your way to a secure network.