Comments on: Wal-Mart’s VPN Data Breach Raising Server Log Questions http://storefrontbacktalk.com/securityfraud/wal-marts-vpn-launched-data-breach-raising-data-logging-questions/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Sun, 20 May 2012 01:49:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Michael Argast http://storefrontbacktalk.com/securityfraud/wal-marts-vpn-launched-data-breach-raising-data-logging-questions/comment-page-1/#comment-64051 Michael Argast Thu, 15 Oct 2009 21:52:29 +0000 http://www.storefrontbacktalk.com/?p=4018#comment-64051 @Lucas - one aspect of the story talks about how the security staff found a copy of l0phtcrack on the initial server that crashed. So, they could have (a) stolen multiple accounts initially or (b) cracked multiple accounts once into the environment. Once you have an intruder in your environment you need to start making all sorts of assumptions about security - account compromise, data compromise, etc - unless you can prove otherwise. One good thing they learned from the lesson was to implement 2-factor for remote access, which at least should reduce remote attacks in the future. @Lucas – one aspect of the story talks about how the security staff found a copy of l0phtcrack on the initial server that crashed. So, they could have (a) stolen multiple accounts initially or (b) cracked multiple accounts once into the environment.

Once you have an intruder in your environment you need to start making all sorts of assumptions about security – account compromise, data compromise, etc – unless you can prove otherwise. One good thing they learned from the lesson was to implement 2-factor for remote access, which at least should reduce remote attacks in the future.

]]> By: Lucas Zaichkowsky http://storefrontbacktalk.com/securityfraud/wal-marts-vpn-launched-data-breach-raising-data-logging-questions/comment-page-1/#comment-64049 Lucas Zaichkowsky Thu, 15 Oct 2009 15:01:21 +0000 http://www.storefrontbacktalk.com/?p=4018#comment-64049 There is significance in the fact that the attacker was able to gain access to not one, but multiple VPN accounts. There must have been an underlying security failure to account for that. There is significance in the fact that the attacker was able to gain access to not one, but multiple VPN accounts. There must have been an underlying security failure to account for that.

]]>