Quote Originally Posted by sonatine View Post
I wouldnt discount their security here without some indication that the compromise was a no-brainer. They were almost certainly PCI level 1 so they probably had at least quarterly third party pen tests done. The sad truth is that one doesnt need to have bad security to get popped these days. If I had to guess, Id say they probably got phished with one of the HT o-days. Pure unadulterated conjecture of course but Occams Razor and all that.
Remember the bonus question and your answer?

Quote Originally Posted by sonatine View Post
I really and truly dont give a fuck if anyone watches what I do online.
I have always expected you to one day post a screed on privacy. You are obviously witness to the level of fuck ups that work in IT. Assume everything is going to get outed on the corporate side. The trend is your friend or enemy here.

The mention of PCI made me laugh. To me it seemed a good avenue for exploit.
It was some years ago but I was on the fringes of the whole TJ X mess. It surprised me to see how IT allows all kinds of shit to get hung on their network. Nobody is running hard wired controls anymore. Frankly, what I saw was that the security used to meet PCI was itself a great weak link. Access control hung on the network tied to employee data bases (employee badging). IP devices all over the joint that IT does not understand.

I started to have impure thoughts....

It was just revealing and got added to my general unease about personal information.