[Pauldotcom] How do they know??
nberthaume at gmail.com
Wed Oct 14 18:51:24 UTC 2009
Lawyers can be ninjas now?!? Makes me glad to be a pirate.
On 10/14/09, PJ McGarvey <pj_mcgarvey at hotmail.com> wrote:
> Judging by the efforts they made to ensure the break-in wasn't made public,
> it would be obvious to me that they would make that claim. The article
> doesn't state that "no customer data was stolen" was a direct quote from
> Walmart. As their assessment was probably made on early evidence, and that
> evidence indicated that the attackers were after company secrets, not
> customer data, it probably suited their ninja lawyers just fine.
> Maybe the attackers went after the secrets b/c they couldn't get to the
> recently encrypted data...
> Or maybe they just wanted more data, however they had some serious cajones
> to try and reconnect 2 more times using other VPN accounts once they were
> stopped, whether they were in a foreign country or not... you'd think they
> would've just given up assuming they already had customer data ready to sell
> on the black market.
> Date: Wed, 14 Oct 2009 09:26:11 -0400
> From: dgcombs at gmail.com
> To: pauldotcom at mail.pauldotcom.com
> Subject: Re: [Pauldotcom] How do they know??
> Hopefully they log data access success and failures and send those logs to a
> centralized server. That's how I would make that claim. But I might say "all
> evidence indicates..." anyway.
> Dan McGinn-Combs
> Bert Van Kets wrote:
> I was just reading the story on the Wal-Mart attack in Wired :
> In the story they claim "no sensitive customer data was stolen". How can
> they be so sure?
> The story tells that the attacker got Admin privs, so access to all user
> accounts and passwords. IMHO they can encrypt all they want. It's game over.
> How can they make a claim that no sensitive data was stolen?
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
Sent from my mobile device
More information about the Pauldotcom