

New Clues in the Target Breach - panarky
http://krebsonsecurity.com/2014/01/new-clues-in-the-target-breach/

======
beat
A few interesting points on this...

First, breach involved BMC management software that probably costs a bazillion
dollars, using what was apparently a default password. It would be good
practice for management software vendors to analyze customer configurations
for untouched defaults (especially security-related ones) and make it an
obvious notification.

Second, it involved compromise of the POS terminals themselves (which would
explain why Target had obviously new POS software shortly after the breach).
It may have been scraping memory in the terminals.

In general, yikes.

~~~
panarky
The big unanswered question is how the malware was installed on POS devices in
1,700 stores. The configuration and network connections of these machines
would typically be rigorously controlled and audited.

Initially it looked like the BMC BladeLogic configuration management tool was
compromised, which could be the conduit to the POS devices. The POS already
trusts BladeLogic for config changes and patches.

But now McAfee and BMC say the malware was just masquerading as BladeLogic.
Sure wish Target would explain what happened so the rest of us can protect
ourselves.

