Windows to blame for Home Depot’s gigantic security breach; senior executives given new MacBooks and iPhones

“Earlier this week, The Wall Street Journal published an in-depth look at The Home Depot’s recent security breach of its payment data systems, in which 56 million credit card accounts and 53 million email addresses of customers were compromised,” Joe Rossignol reports for 9to5Mac. “A root cause of the security breach: a Windows vulnerability in the retailer’s main computer network.”

“The report unravels a lot of details related to how the security breach played out, with one anecdote that I found particularly interesting,” Rossignol reports. “Following the breach, an IT employee allegedly purchased two dozen new MacBooks and iPhones for senior executives at The Home Depot, indicating that the home-improvement retailer may have lost at least some confidence in its Microsoft-based systems.”

Read more in the full article here.

MacDailyNews Take: Inexorably, the world awakens; too late, in some cases, for the damage to be avoided, but better late than never, we always say!

[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up]

Related article:
VMware declares that Windows’ reign ‘is coming to an end’ – and Apple’s Mac is taking over – July 5, 2014

35 Comments

  1. The oh SO mighty omnipotent executive decisions procuring MicroSuck technology finally got WinDozed. The corporate ignoramus leading the blind into tech Dell Hell. Idiots. You get what you deserve all the while your customers are the ones who ultimately suffer for your FCK ups.

  2. Typical IT BS response. Bought the execs MacBooks, but did not change the basic system where the breach occurred. The executive suite laptops never access the 53 million credit card accounts. This is just eyewash at this point in time.

  3. Oh the irony of the world’s most insecure OS (or POS) used as the gateway drug FOR security by dingle-brained CEO & CIO and led by disingenuous IT doofus more concerned about preserving their jobs than securing their data. The term “No one got fired using Windows” is about to be flipped.

    I know this won’t happen overnight. I just wish more developers would get with the program and provide more enterprise software solutions to make it a no-brainer.

    1. The EULA Apple ships with Mac OS is written in such a way to make it a poison pill for many enterprise customers.

      “E. YOU FURTHER ACKNOWLEDGE THAT THE APPLE SOFTWARE AND SERVICES ARE NOT INTENDED OR SUITABLE FOR USE IN SITUATIONS OR ENVIRONMENTS WHERE THE FAILURE OR TIME DELAYS OF, OR ERRORS OR INACCURACIES IN THE CONTENT, DATA OR INFORMATION PROVIDED BY, THE APPLE SOFTWARE OR SERVICES COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE, INCLUDING WITHOUT LIMITATION THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, LIFE SUPPORT OR WEAPONS SYSTEMS.”

      That cuts off many potential uses. Most medicine, automated manufacturing, aviation, defense, power generation, etc.

      Tim Cook’s call.

      1. wow, they said it out loud, in clear text! Yey Apple !-)

        Mikkkrosoft said the same thing, only embedded in multiple chapters of obscurespeak and leagaleeze so the IT groupies didn’t have a chance to get to it as they were so busy trying to rescue people from obscure registry issues and the like

  4. The problem is there is no reason for a POS terminal to be running all of the services Windows runs by default.
    A competent IT staff would have configured it correctly and applied updates.

    1. Why is running all Windows services the default for a Point of Sales terminal? Insecure by default is a severely shitty design. The best case scenario with such a design is creating a lot of busy work to occupy a good IT staff – and at worst that’s going to be yet-another-giant-security-breach like this.

    2. It is still Windows. That statement is a fact. Microsoft will NEVER change. Microsoft was The Big Tree and Apple has a small axe ready to cut them down. The Patchwork Family of endless BS security updates.

  5. Quote from our IT guy again last week while using windows training program… “Make sure you’re in compatibility mode and you use one of the approved browsers on the list”. PCs and Microsft suck ass! And not in the good way!

  6. Aside from the Windows problem, the other problem is really that execs tend to use the laptop work gives them for everything, whether that’s personal email or porn. And few executives are good at having really secure passwords and then use the same one or two all over the place.

  7. easy to blame the IT pukes. not a big fan of them and have decades of corporate management work experience in almost mortal combat with them, but while they are an easy and now fun target to amuse ourselves for their struggles, how these large corporate systems came to be and are so woefully insecure is only partially the fault of “lazy” IT folks.

    apple ignored, or was impotent in providing enterprise level end to and solutions since day one and still are today. IBM has a shot at changing that and this is probably the strategic purpose of their new relationship. in the 90’s, i was working with apple federal located in reston. they were trying to make inroads into the federal procurement sector. they had some marginal success, but in the end failed because they didn’t have a product set that didn’t require someone on the buyer’s side doing a bunch of extra work. that extra work is not trivial, because no one was funding anyone on the buyer’s side to take up apple’s slack, especially in the IT departments. at the end of the day, every day, that person had to prove the value of using apple products in the food chain. not as hard today, but in the 90’s those were very cold days.

    often forgotten is non-federal enterprises have serious cost/schedule constraints and the solutions have to be budgeted/funded and stay on budget as they operate. federal is excluded because they can do things like the affordable care website and fund it until it works. no other project could survive that kind of performance. given this financial constraint and the inherent capital cost of an enterprise system, an IT manager survives buy offering an affordable, sustainable solution. many times this is developed by a 3rd party and resold over and over. the vulnerabilities come from lack of maintenance of these “purchased” systems and this can come from cost issues as well as IT competence issues, or the solution was built in house with the same set of sustainability issues. so there is some truth in the “no one ever got fired by using MS” idea, but is is a little more complex than it sounds. the hope of the IT manager is it works until he finds another job or retires. the IT puke that most people interface with has little to do with any of this. they are just doing their job and glad they have one.

    the windows vulnerability is associated with the access to these big iron systems via the input device. almost all of it could be avoided with better security design, not an apple solution. the small scale POS spoofing is a windows vulnerability, but these are not the kind that sears/home depot and target have.

    1. “apple ignored, or was impotent in providing enterprise level end to and solutions since day one and still are today.”

      I totally disagree. Yes Apple did not make tons of cheap machines for business to buy the lowest cost machines. And yes, Apple did not make complicated software so they could sell software and certificates to be able to change their business machines on line.

      Business that bought Apple got the same or better service than windows users, but their machines cost their value, not sold cheap so you can make it up in services.
      Just saying.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.