[Dataloss] TJX breach shows that encryption can be foiled

Avery Sawaba avery.sawaba at gmail.com
Tue Apr 3 04:00:11 UTC 2007


I just read over the 10-k again, and I think they've included enough
information to figure out what happened, using some educated guesses. I'm
going to start working on "reverse engineering" the statements.

--Sawaba

On 4/2/07, Chris Walsh <cwalsh at cwalsh.org> wrote:
>
>
> On Apr 2, 2007, at 2:44 PM, Casey, Troy # Atlanta wrote:
>
> > It should make for a short list of suspects, assuming TJX was doing a
> > reasonable job of key management...
>
> That (reasonable key management) is a critical assumption.
>
> I'd be interested in learning what algorithm (and implementation
> thereof) they were using, as well.
>
> Not holding my breath on that info :^)
>
> cw
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 203 million compromised records in 609 incidents over 7
> years.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20070403/d50fa0de/attachment.html 


More information about the Dataloss mailing list