According to the article, they were able to compromise a web server to gain access to the network. From there they could deploy the malicious code to the POS devices and also set up a data collection point on another one of Target's servers. The malicious code on the POS devices would send the credit card data to this collection point as the card was swiped. The bad guys were able to log on to the collection server to gather the data whenever they felt like it.
I guess the net admins never heard of router security protocols. There shouldn't be open routes (unauthorized IP addresses) between internal servers. We can rest easy at night that our grid is just a secure.
Wimpy userids and passwords.
We had a break-in on a box and my Server2008 box was audited because the pwn3d server tried to get in. When I told them my only local user id, they responded “How did you think of something that convoluted?”.
I guess the same way you thought of using “fred” as a local acct on your server.
Now the server emails me for every incorrect login.
I'll say! Actually I do. Devices that are targets for this kind of attack shouldn't be able to be remotely flashed with new software. It's convenient for the people who manage them, but so what, it's not their money to be putting at risk.