“Earlier this week, The Wall Street Journal published an in-depth look at The Home Depot’s recent security breach of its payment data systems, in which 56 million credit card accounts and 53 million email addresses of customers were compromised,” Joe Rossignol reports for 9to5Mac. “A root cause of the security breach: a Windows vulnerability in the retailer’s main computer network.”
“The report unravels a lot of details related to how the security breach played out, with one anecdote that I found particularly interesting,” Rossignol reports. “Following the breach, an IT employee allegedly purchased two dozen new MacBooks and iPhones for senior executives at The Home Depot, indicating that the home-improvement retailer may have lost at least some confidence in its Microsoft-based systems.”
Read more in the full article here.
MacDailyNews Take: Inexorably, the world awakens; too late, in some cases, for the damage to be avoided, but better late than never, we always say!
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up]
Related article:
VMware declares that Windows’ reign ‘is coming to an end’ – and Apple’s Mac is taking over – July 5, 2014
We don’t do windows.
Friends don’t let friends do Windows.
The oh SO mighty omnipotent executive decisions procuring MicroSuck technology finally got WinDozed. The corporate ignoramus leading the blind into tech Dell Hell. Idiots. You get what you deserve all the while your customers are the ones who ultimately suffer for your FCK ups.
”Allegedly purchased” new Apple products? Sounds like a crime. Probably was in Home Depot’s IT department…
Windows schminodws, Apple Pay, that’s wha’ we’re wanting. BTW, no surprises here with ‘Doze causing this mess.
Apple pay, Apple schmay.
Typical IT BS response. Bought the execs MacBooks, but did not change the basic system where the breach occurred. The executive suite laptops never access the 53 million credit card accounts. This is just eyewash at this point in time.
Oh the irony of the world’s most insecure OS (or POS) used as the gateway drug FOR security by dingle-brained CEO & CIO and led by disingenuous IT doofus more concerned about preserving their jobs than securing their data. The term “No one got fired using Windows” is about to be flipped.
I know this won’t happen overnight. I just wish more developers would get with the program and provide more enterprise software solutions to make it a no-brainer.
The EULA Apple ships with Mac OS is written in such a way to make it a poison pill for many enterprise customers.
“E. YOU FURTHER ACKNOWLEDGE THAT THE APPLE SOFTWARE AND SERVICES ARE NOT INTENDED OR SUITABLE FOR USE IN SITUATIONS OR ENVIRONMENTS WHERE THE FAILURE OR TIME DELAYS OF, OR ERRORS OR INACCURACIES IN THE CONTENT, DATA OR INFORMATION PROVIDED BY, THE APPLE SOFTWARE OR SERVICES COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE, INCLUDING WITHOUT LIMITATION THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, LIFE SUPPORT OR WEAPONS SYSTEMS.”
That cuts off many potential uses. Most medicine, automated manufacturing, aviation, defense, power generation, etc.
Tim Cook’s call.
wow, they said it out loud, in clear text! Yey Apple !-)
Mikkkrosoft said the same thing, only embedded in multiple chapters of obscurespeak and leagaleeze so the IT groupies didn’t have a chance to get to it as they were so busy trying to rescue people from obscure registry issues and the like
The problem is there is no reason for a POS terminal to be running all of the services Windows runs by default.
A competent IT staff would have configured it correctly and applied updates.
Why is running all Windows services the default for a Point of Sales terminal? Insecure by default is a severely shitty design. The best case scenario with such a design is creating a lot of busy work to occupy a good IT staff – and at worst that’s going to be yet-another-giant-security-breach like this.
a good IT staff would have shut the windows to keep out the mosquitoes but unfortunately there are too many windows in windows
It is still Windows. That statement is a fact. Microsoft will NEVER change. Microsoft was The Big Tree and Apple has a small axe ready to cut them down. The Patchwork Family of endless BS security updates.
Why is it that whenever I’m reading about Windows, and I see “POS”, my brain immediately spells it out as Piece-of-Shit? Ironic, eh? :p
Your data server is breached and data is stolen, so you go out and purchase 24 new laptops and iPhones, for executives. How does this resolve any problems?
Get the Executive on-board with Macs, and they will approve an upgrade of the servers. Informed decision making.
Hope you are not in IT. Probably just in management.
Quote from our IT guy again last week while using windows training program… “Make sure you’re in compatibility mode and you use one of the approved browsers on the list”. PCs and Microsft suck ass! And not in the good way!
There is no such thing as sucking ass in a good way. Not even for snake bites.
Let’s base our POS system on Windows XP Embedded! YEAH!
💩💥🔫
Give that IT doofus guy a raise and a massive bonus.
Nice to give them Mac and iPhone… but the servers are those that should be changed!!!
Aside from the Windows problem, the other problem is really that execs tend to use the laptop work gives them for everything, whether that’s personal email or porn. And few executives are good at having really secure passwords and then use the same one or two all over the place.
Also, since the senior execs were given these devices, that kind of says to me that one of them at least is a problem, but the IT people can’t say that.
easy to blame the IT pukes. not a big fan of them and have decades of corporate management work experience in almost mortal combat with them, but while they are an easy and now fun target to amuse ourselves for their struggles, how these large corporate systems came to be and are so woefully insecure is only partially the fault of “lazy” IT folks.
apple ignored, or was impotent in providing enterprise level end to and solutions since day one and still are today. IBM has a shot at changing that and this is probably the strategic purpose of their new relationship. in the 90’s, i was working with apple federal located in reston. they were trying to make inroads into the federal procurement sector. they had some marginal success, but in the end failed because they didn’t have a product set that didn’t require someone on the buyer’s side doing a bunch of extra work. that extra work is not trivial, because no one was funding anyone on the buyer’s side to take up apple’s slack, especially in the IT departments. at the end of the day, every day, that person had to prove the value of using apple products in the food chain. not as hard today, but in the 90’s those were very cold days.
often forgotten is non-federal enterprises have serious cost/schedule constraints and the solutions have to be budgeted/funded and stay on budget as they operate. federal is excluded because they can do things like the affordable care website and fund it until it works. no other project could survive that kind of performance. given this financial constraint and the inherent capital cost of an enterprise system, an IT manager survives buy offering an affordable, sustainable solution. many times this is developed by a 3rd party and resold over and over. the vulnerabilities come from lack of maintenance of these “purchased” systems and this can come from cost issues as well as IT competence issues, or the solution was built in house with the same set of sustainability issues. so there is some truth in the “no one ever got fired by using MS” idea, but is is a little more complex than it sounds. the hope of the IT manager is it works until he finds another job or retires. the IT puke that most people interface with has little to do with any of this. they are just doing their job and glad they have one.
the windows vulnerability is associated with the access to these big iron systems via the input device. almost all of it could be avoided with better security design, not an apple solution. the small scale POS spoofing is a windows vulnerability, but these are not the kind that sears/home depot and target have.
“apple ignored, or was impotent in providing enterprise level end to and solutions since day one and still are today.”
I totally disagree. Yes Apple did not make tons of cheap machines for business to buy the lowest cost machines. And yes, Apple did not make complicated software so they could sell software and certificates to be able to change their business machines on line.
Business that bought Apple got the same or better service than windows users, but their machines cost their value, not sold cheap so you can make it up in services.
Just saying.
Windows!!! Really!? Wow, that’s a surprise! /s
Not trying to hijack the thread, but I used Apple Pay at our local HD yesterday and it worked fine.
Apple fans can’t claim superiority if they don’t have a horse in the race.
What’s Apple’s comprehensive Point of Sale solution?
Everyone here says Apple Pay is the future, but Apple doesn’t offer the comprehensive hardware and software to get the job done for a retailer. Hell, Apple doesn’t even have the servers to manage its own stores — it contracts Amazon and Akamai services. Up until a few years ago, all Apple Store employees were using Windows-based credit card readers. The back end is still not running OS X.
Because Apple has no interest in enterprise business, no cash register or POS terminal in the nation runs OS X. Apple killed off the Xserve and doesn’t have any server software or services to support enterprises.
Thus the backbone of every major enterprise includes Windows and/or Linux, and that decision is usually based on contract pricing, not on technical soundness.
Also, Apple regularly issues security updates too. So while it’s fun to post broad brush strokes panning all things Microsoft, the reality is that it’s going to be a significant mainstay in enterprise computing for a long time to come, at least until Timmy and Ive have finally achieved their vision for flat grey subscription-based consumer-grade media-consumption computing in every consumer home, with all Apple software requiring constant internet connectivity, the Mac dumbed down to the level of iOS..
See you again in 2 years.
iCal’ed
Nobody would be happier than me to see Apple man up and support enterprise. However, since Timmy took the reins, all he’s done is shove iCloud up our collective asses and dumb down Mac hardware and software to make it less user friendly and less user configurable. What new business class software has Apple offered this decade? What server hardware does Apple make? There’s a pile of iCal dates for you to track, but be prepared to wait a while. Timmy has a pride rally to attend, so just wait.
The Threat Vector came from the executives who had their passwords compromised and allowed the culprits to get onto the servers. MacBooks are a way to stop that avenue into the network
It’s the era of the new IT executives who aren’t so beholden to Microsoft. These folks grew up with Macs.