The estimated 56 million Home Depot accounts exposed to potentially 3 billion in loses – was driven by an old WinXP flaw.–PC Pitstop
Home Depot Hacked with Old WinXP Flaw
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
The massive security breaches and theft of credit card information at The Home Depot and Target have something in common. They were both allowed by a vulnerability in XP embedded that was more than 10 years old!
The XP embedded, used in their POS systems, (yes, both definitions apply) was Win XPe SP3, which is not the last version of the XP-based embedded OSes. This whole disaster could have been avoided if Target and Home Depot upgraded to Win7 for Embedded Systems. Internal IT security people knew about this and told their friends and relatives to pay cash at Home Depot. OUCH.
Specific malware created for embedded XP systems reared up its ugly head in the middle of the last decade. They use a technique called “RAM scraping”, as WinXP has relatively weak memory access protection. Win 7’s memory protection is much better.
