Full Disclosure mailing list archives
Re: Wireless ISPs
From: KUIJPERS Jimmy <jimmy.kuijpers () swift com>
Date: Wed, 12 May 2004 12:25:25 +0200
Isn't it also the responsibility of the site where your ordering? To have any data submitted by e-mail to be delivered securely. For example by having the e-mail itself encrypted? [devil's advocate mode] Sure, one can also have the debate that wireless links should be encrypted but that's something else entirely, even a wired link is sniffable and they we're never encrypted. So why encrypt the wireless links? [/devil's advocate mode] my 2ct, Jimmy Sean Milheim wrote:
I agree with Brian. I feel that merchants sending information through email is irresponsible and this is a customer service issue. We have online ordering and do not send sensitive data via email. None of the merchants that I have made online purchases with recently have done this either. However there is also pop3s and imaps. -- Sean Milheim <sean () idreus com> iDREUS Corporation ------------------------------------------------------------------------------------------------------------------------------------ Subject: Re: [Full-disclosure] Wireless ISPs Date: Tue, 11 May 2004 12:20:45 -0700 (PDT) From: D B <geggam692000 () yahoo com> To: Brian Toovey <btoovey () igxglobal com> CC: full-disclosure () lists netsys com Hi Brian Sit down sometime inside a wireless ISPs area and run kismet. You can see someone connect to a service via SSL, then immediately after they purchase something they check the email. Guess what ? the Credit card # and address are in that email. Doesn't take some 15 year veteran of the internet to see how this is a bad thing. Go flame some newb who has no brain. Dan Becker --- Brian Toovey <btoovey () igxglobal com> wrote:Dan, Your post is troubling, if not confusing - You are talking about two seperate issues - email confirmations with companies that you buy goods and services from online and wireless data transmission. Most wireless "computer equipment" that is sold now by default comes with some kind of encryption, completely hackable but "encrypted" - so it becomes the end user's responsibility to use the proper equipment / software to protect yourself. The other issue, automatic replies with sensitive data, are best directed to the customer service department of the company in transgression. Dan, the internet is an unsafe place for sensitive data. I would suggest some study in different encryption methodlogies to educate yourself. Education leads to positive, well thought out data communication, which leads to peace of mind. Regards, Brian On May 11, 2004 02:33 PM, D B <geggam692000 () yahoo com> wrote:I'm not real sure how to post this, nor am I sureofthe scope. I am still learning about computers. All transactions done via secure websites aresecure,however the auto mailing feature to confirm orders sometimes contains sensitive data. When thecustomeris on a wireless connection, be it ISP or home LAN that data is broadcasted in the clear for anyone within range to eavesdrop. A wired internetconnectionlimits the number of people who have access tothisdata simply by the nature of the internet puttingitwithin acceptable risk. It is legal according to US law to eavesdrop on wireless connections.http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htmThe only solutions I can offer are one of twothings.1. Quit sending auto confirmations with sensitivedata2. Encrypt all wireless transmissions at leastmakingsomeone who gains access to this dataprosecutable.Please direct all flames to /dev/null Dan Becker __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobshttp://hotjobs.sweepstakes.yahoo.com/careermakeover_______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.netsys.com/full-disclosure-charter.html Brian Toovey igxglobal 389 Main Street Suite 206 Hackensack, NJ 07601 Ph: 201-498-0555x2225 btoovey () igxglobal com Subscribe to the igxglobal Daily Security Briefing http://www.igxglobal.com/dsb/register.html igxglobal announces Daily Security Briefing newsletter http://www.prweb.com/releases/2004/5/prweb123759.htm The electronic message that you have received and any attachments are solely intended for the use of the addressee(s) and may contain information that is confidential. If you receive this email in error, please advise us by responding to NOC () igxglobal com. You are required to delete the contents and destroy any copies immediately. igxglobal is not liable for the views expressed in this electronic message or for the consequences of any computer viruses that may be unknowingly transmitted within this message. This electronic message is also subject to standard copyright/ownership laws. It is not intended to be reproduced, or re-transmitted without the consent of the originator.__________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Wireless ISPs, (continued)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Konstantin Gavrilenko (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Jeff Workman (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs KUIJPERS Jimmy (May 12)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Kurt Seifried (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Chris Adams (May 11)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)