IP: WLAN @ Best Buy is cleartext?

[Dave Farber <dave () farber net>]

Unverified djf


------ Forwarded Message
From: "Rob McMillin" <rlm () pricegrabber com>
Organization: PriceGrabber.com
Date: Wed, 1 May 2002 14:08:04 -0700
To: "David Farber" <Dave () farber net>
Subject: WLAN @ Best Buy is cleartext?

http://online.securityfocus.com/archive/82/270364/2002-04-28/2002-05-04/
0

"This past week I went to bestbuy to purchase a D-link wlan card...
[eager] to 
get my laptop up and running while in the car I put my card in and
installed the driver. I noticed the traffic light was lit up as if I had
a 
connection. Out of curriosity I fired up kismet and sure enough there
were 
packets flying through the air right infront of BestBuy. Well I decided
to 
run in an try to make a Credit Card purchase real quick to verify that
my 
info was not going all over the parking lot in the clear. Well after
sorting out my logs I noticed what looked to be like SQL queries and
table 
headers in my logs ... things such as CUSTOMER_ROUTEID, BANKNAME,
REGISTER_ID and things of that nature... luckily no where in that data
did 
I find my own credit card. Non the less I decided to run to the store
next 
to BestBuy while I left me PC on grabbing packets. Well yesterday I
sorted 
through the data collected and this time I did indeed find a RAW clear
text 
credit card number....not mine ... but definately a credit card number."

[...]

--
rlm () pricegrabber com
  "We're smarter individually." -- Larry Niven



------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/