

Email Attack on Vendor Set Up Breach at Target - panarky
http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

======
midas007
It's pretty genius. Go after vendors, don't go through the front door.

The mindset to defend effectively has to treat everything entering or leaving
managed network as hostile DMZ. Further, internal networks should be
reasonably viewed as hostile as well (NSA fail). It make securing APIs, data
transfers, enterprise-IoT and everything inside or outside a real PITA but
it's necessary because of the potential losses. Finally, least privilege
balanced with usability should be reinforced on a continual basis.

