Target's Data Breach Started With an HVAC Account

Jim Hall writes "Security blogger Krebs reports that Target's data breach started with a stolen HVAC account. Last week, Target said the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now claim that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Attackers stole network credentials from Fazio Mechanical Services, then used that to gain access to Target's network. It's not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target's payment system network."

FUCK BETA

[synapse7]

Please post this to new articles if it hasn't been posted yet. On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system. If you haven't seen Slashdot Beta already, open this [slashdot.org] in a new tab. After seeing that, click here [slashdot.org] to return to classic Slashdot. We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project. We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott [slashdot.org] Moderators - only spend mod points on comments that discuss Beta Commentors - only discuss the Beta - Vote up the Fuck Beta stories Keep this up for a few days and we may finally get the PHBs attention. Discussion of Beta [slashdot.org] Discussion of where to go if Beta goes live [slashdot.org] Alternative Slashdot [altslashdot.org]