Comments on: The TJX – Barnes&Noble – etc. Data Breach

By: Roald Dahl Books

Roald Dahl Books — Tue, 01 Feb 2011 20:39:55 +0000

Hey what is the best way to sign up for updates to your site?

By: Jasmine M. Mendoza

Jasmine M. Mendoza — Thu, 24 Dec 2009 11:58:28 +0000

Hello, perhaps this entry may be off topic but anyhow, I’ve been surfing around your site and it appears genuinely cool. It is obvious that you know the subject and you appear fervent about it. I’m building a new blog and I am striving to make it look great, plus provide the best posts. I have gleaned a good deal from your site and I anticipate further posts and will be returning soon. Many thanks.

By: Harry Lewis

Harry Lewis — Sun, 17 Aug 2008 03:49:34 +0000

Ben, this is pretty well thrashed out on your own site. You say: “[TJX] used WEP encryption to protect wireless in stores. I realize WEP is not perfect; perfect security does not exist. But WEP is more than zero.” In response to an earlier post of yours on this topic, Michael Janke says, “WEP was cracked in 2001. The store was still running WEP in 2005. By 2005, WEP was not considered a valid form of encryption by anyone, anywhere.” The fallacy of “WEP is better than nothing” is exactly the point we stress in Chapter 5 of Blown to Bits. Four years is just too long to be responsibly using an encryption method that has been broken. I have no reason to doubt your judgment that TJX was making an honest mistake, and have no opinion about the FTC’s response. But it was a serious mistake, of a kind that behind-the-times cryptographers have made throughout history, sometimes with tragic consequences.

By: Benjamin Wright

Benjamin Wright — Sat, 16 Aug 2008 23:10:19 +0000

Harry: Careful reading of the indictments of the TJX data thieves show that the media, card issuers and Federal Trade Commission over-reacted to the TJX incident. TJX was not as bad as we were led to believe. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html