Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Home Depot transaction security reportedly ramshackle since 2008

Home Depot transaction security reportedly ramshackle since 2008
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Sep 20, 2014, 03:08 PM
 
Following the revelation that 56 million credit card transactions were stolen by miscreants, more information is coming out about the hack and The Home Depot's reportedly long-term lackadaisical security. According to employees familiar with the situation, the company was warned as early as 2008 that security would be a problem, and that the company was excruciatingly slow to respond to threats, and often took no action agains perceived attacks or dangers.

An array of current and former Home Depot employees, speaking to the New York Times on the condition of anonymity, said that the company relied on outdated software for years to cut costs, and handled customer data poorly. One security source told the paper that he warned his friends to use cash, instead of credit cards, at the company's stores.

Two former employees also said that mandatory security scans of computers, as required by the credit card industry, were either not performed or performed haphazardly. According to the sources, "more than a dozen" vital computers that stored customer information, including transaction data, were not accessed, never scanned, and were off-limits to the security staff responsible for oversight.

Additionally, Home Depot hired Ricky Joe Mitchell to oversee Internet security in 2012. In 2014, Mitchell was sentenced to four years in prison for his role in a scheme at energy firm EnerVest Operating, where he intentionally disabled computers while he was departing, shutting down data processing for a month. It is unknown if Mitchell had any role in the distribution of the malware, but much of the pre-collection malware penetration happened during his tenure.

The company has said that the malware was a custom-built package that evaded traditional detection. Those helping Home Depot research the attack say that it was a previously-unknown strain of malware that had yet to be seen perform such an attack. Analyst Brian Krebs and Trend Micro had similar conclusions after the breach was confirmed.

Home Depot says that malware is eliminated, with the company going as far as removing any terminals that were identified as being affected by the penetration. The company continues to maintain that there is no evidence PIN numbers were compromised during the breach. Bank sources tell Brian Krebs that compromised cards were still being reported on September 7, five days after Home Depot stated it was looking into activity.
( Last edited by NewsPoster; Sep 22, 2014 at 06:43 AM. )
     
Doodpants
Fresh-Faced Recruit
Join Date: Feb 2011
Status: Offline
Reply With Quote
Sep 21, 2014, 08:35 AM
 
"ramshackle"? "miscreants"? "lackadaisical"? Was this article written in the 1930's?
     
gprovida
Junior Member
Join Date: Feb 2006
Status: Offline
Reply With Quote
Sep 21, 2014, 09:58 AM
 
Guess who has NOT embraced Apple's much more secure Apple Pay.
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Sep 21, 2014, 01:20 PM
 
Originally Posted by Doodpants View Post
"ramshackle"? "miscreants"? "lackadaisical"? Was this article written in the 1930's?
Next time I'll use, in order: bad, bad guys, and bad.

I prefer what I've used. The Saturday beat is like a dark and stormy night, unforgiving and brutal.
     
azrich
Forum Regular
Join Date: Apr 2010
Location: Prescott, AZ
Status: Offline
Reply With Quote
Sep 21, 2014, 01:31 PM
 
How about a nod to South park and use General Disarray?
     
Flying Meat
Senior User
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Sep 22, 2014, 12:09 PM
 
Guess who's vocabulary is abysmally diminutive?
     
Doodpants
Fresh-Faced Recruit
Join Date: Feb 2011
Status: Offline
Reply With Quote
Sep 22, 2014, 01:30 PM
 
Originally Posted by EstaNightshift
Next time I'll use, in order: bad, bad guys, and bad.
"vulnerable", "criminals", and "inadequate" would also have worked. My point was not that the words chosen were long-winded, but that they sounded archaic to my ears. My first impression was that the article had been written by T. Herman Zweibel, Publisher Emeritus of The Onion. :-) Just an observation, by the way, not an objection nor complaint. (I regret not initially including a smiley.)
     
Doodpants
Fresh-Faced Recruit
Join Date: Feb 2011
Status: Offline
Reply With Quote
Sep 22, 2014, 01:32 PM
 
(Also, I clearly have no idea how you included a block quote, as using the same syntax as the forums clearly doesn't do it.)
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Sep 22, 2014, 01:51 PM
 
I do admit to being a little punchy on Saturday. Oddly busy, and I wanted to get some other review work done.
     
chimaera
Dedicated MacNNer
Join Date: Apr 2007
Status: Offline
Reply With Quote
Sep 22, 2014, 01:59 PM
 
I like seeing a wider vocabulary in use. It pushes back against the texting trend. English is a broad language, I don't want it simplified to the most common 1,000 words.
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Sep 22, 2014, 08:08 PM
 
these comments need a like button.

what chimaera said
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:48 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,