(May 24, 2015 at 1:45 am)Minimalist Wrote: That makes sense but it isn't very reassuring. We have had several hacks over here of high value targets..... like Target.
The Target hack was actually a very interesting case of how even security measures can fail if they aren't set up correctly or properly protected.
If I recall correctly, the hackers found a web server connected to the Internet, exploited it, and gained access to the internal network. On this network was a distribution server which would push software updates to all Target store POS (point of sale) systems. This is a pretty nice setup; it means the POS systems can all be updated with the latest software, security updates, etc.
Of course, if the distribution server is compromised, that setup becomes dangerous. As it happens, the distribution server was compromised, and the hackers used it to push a malicious update to every POS system. The update would cause the POS systems to store credit card details and send them back to the hackers.