I agree with other posts that Lowes was lax in their security. However, I'd like to point out that the security team at Lowes Corporate probably had nothing to do with the installation of the wireless access point that allowed the intrusion. Nowadays anyone can purchase a WAP and install it onto an otherwise secure network in minutes. There needs to be severe penalties for undertaking this type of activity for the "network engineer" wannabes that run amok in most large corporations.

A few good examples need to be made of the poor souls that think they are doing something "neat". "Hey, look! I just installed a wireless network all by myself without the help of any of those slow moving network admins at corporate. Who needs em?"

Also, I'm impressed that the Lowes security folks detected the change to tcpcredit so quickly, note that fewer than 10 credit card numbers were logged in the few minutes iti ran. And apparently the FBI had already been called in and put into position at the point of entry in time to follow then nab the perpetrators before they could collect any credit card numbers. Nicely done.

Credit where Credit is due (pun intended), and fault where fault is due.

...sigh. I feel better now. :P

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/8835/26643#26643