Hannaford breach the work of an insider? I think whoever made this one up was thinking like this:
We are PCI compliant, we pretend to have good security, etc ->
we suffer a huge embarassing data loss ->
how can we still justify our past efforts as worthwhile and "effective" (even though reality just proved they were not) ->
let's invent a factor that is known to bypass many of the existing defenses ->
what this factor? ->
Yes! Insider! It was an insider! ->
We KNOW it :-)
(Mike R doubts it too here)
Some of the stories on this get downright idiotic, like this: "... also confirms repeated theoretical warnings that malicious hackers can create custom remote-control Trojans for specific targets." Really? How about it was known since, say, 1980s? :-)
Here is a fun chronology of the events by Richard "IDS is dead" Stiennon as they are known (as they are reported?)
We are PCI compliant, we pretend to have good security, etc ->
we suffer a huge embarassing data loss ->
how can we still justify our past efforts as worthwhile and "effective" (even though reality just proved they were not) ->
let's invent a factor that is known to bypass many of the existing defenses ->
what this factor? ->
Yes! Insider! It was an insider! ->
We KNOW it :-)
(Mike R doubts it too here)
Some of the stories on this get downright idiotic, like this: "... also confirms repeated theoretical warnings that malicious hackers can create custom remote-control Trojans for specific targets." Really? How about it was known since, say, 1980s? :-)
Here is a fun chronology of the events by Richard "IDS is dead" Stiennon as they are known (as they are reported?)
