TJX indictments and the death of legacy security ;-)

With most of the security blogoshere off at Black Hat I'm shocked I haven't seen posts on this one. The airwaves are crackling with the latest in the TJX saga - eleven people from around the globe have been indicted in "the single largest and most complex identity theft case ever charged in this country..."

There are tons of stories on this already (and lots of TV coverage), but this story from the LA Times was packed with interesting details.

Ironically most people are still focused on the initial breach. Did they compromise: wireless? in-store kiosks? point of sale systems?

Even if the answer is "yes" to all of these and more, they are sort of beside the point. All that infrastructure is simply means to the end of grabbing data where it lives en masse which is almost certainly in a database.

Sure I'm biased. But if the database is thoroughly secured -- by that I mean:

you know where the important ones are have hardened them to the best of your ability and are monitoring them for unusual activity.

What do you need wireless security, host security, network security, etc. for??

Application Security, Inc. provides database security solutions for the enterprise and was named to Inc. Magazine's 2007 list of America's Fastest Growing Private Companies (Inc. 500). Its products proactively secure databases and delivers up-to-date database protection that minimizes risk for companies.