Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Target's Internal Security Team Warned Management 236

Posted by Soulskill from the they-were-definitely-a-target dept.
david.emery writes "According to this story, Target's own internal computer security team raised concerns months before the retailer lost millions of credit card numbers in an attack. (Quoting a paywalled story in the Wall Street Journal.) Target's management allegedly 'brushed them off.' 'At least one analyst at the Minneapolis-based retailer wanted to do a more thorough security review of its payment system.' This raises a more general question for the Slashdot community: how many of you have identified vulnerabilities in your company's/client's systems, only to be 'brushed off?' If the company took no action, did they ultimately suffer a breach?"
This discussion has been archived. No new comments can be posted.

Target's Internal Security Team Warned Management More

Target's Internal Security Team Warned Management

Comments Filter:

  • Re:Posting anonymously for obvious reasons... (Score:5, Informative)

    by ackthpt ( 218170 ) on Friday February 14, 2014 @05:52PM (#46250515) Homepage Journal

    Yes, there are horrible security flaws where I work. Things as basic as changing passwords on a regular basis have been brought up repeatedly, and the answer is always, "we can't make people do that", or "that's something to keep in mind for the future, but we have more important things to worry about"

    I've worked at two kinds of places - one, where it was pretty much as you described. The second sort was, upon orientation you are given your accounts and access and told they are your responsibility to use discretely and to notify the appropriate support should you even suspect they have been compromised. Failure, in the second case, was ground for discipline or termination of employment.

    Guess where things went more smoothly and security issues seldom elevated to crisis.

  • Re:customer service portal (Score:2, Informative)

    by amiga3D ( 567632 ) on Friday February 14, 2014 @06:26PM (#46250793)

    You are a pathetic creature.

  • Re:Oh boy... Here we go... (Score:4, Informative)

    by nobuddy ( 952985 ) on Friday February 14, 2014 @06:49PM (#46251019) Homepage Journal

    document, document, document. And keep copies where you can get them once you are frog-marched out of the building wearing the scapegoat collar.

  • Re:Basically, yeah (Score:5, Informative)

    by nobuddy ( 952985 ) on Friday February 14, 2014 @06:57PM (#46251107) Homepage Journal

    So... where do I know you from?

    You could have described my one and only firing ever, to the word.

    Me: "Boss, Beancounter- this backup system is broken and needs to be fixed. here is a cost breakdown for the fix and a loss analysis for failure to fix. It is genius and incorporates existing links and hardware to minimize cost and implement offsite backups for all sites!"
    Boss: "Shut up and go fix a printer somewhere."

    Fast forward a year- major crash of a POS server. Loss of customer records, $300,000 and 6 months predicted to be spend reconstructing the database from paper records.

    Boss: "You are fired for letting this happen."
    Me: "...."

  • Re:Posting anonymously for obvious reasons... (Score:3, Informative)

    by davidhoude ( 1868300 ) on Friday February 14, 2014 @07:34PM (#46251379)
    The point in changing passwords isn't to change user behavior. It is to ensure that any leaked credentials do not stay valid indefinitely.

Slashdot Top Deals

Thus spake the master programmer: "After three days without programming, life becomes meaningless." -- Geoffrey James, "The Tao of Programming"

Close