Vulnerability Development mailing list archives

Re: Wlan @ bestbuy is cleartext?

From: Sarah Kenna Groark <sarah () procinct com>
Date: Thu, 02 May 2002 09:52:34 -0700

From BestBuy:

Thank you for contacting Best Buy's corporate headquarters with your
concerns.  Regarding this issue, Best Buy has deactivated our temporary
wireless cash registers that transmit information via LAN connections.
These registers are not Best Buy's main register terminals and represent a
small percentage of the transactions processed within our stores.  Please be
assured that customer privacy is of the utmost importance to Best Buy and we
will further investigate this matter.

We do appreciate your taking the time to share your concerns with us.

Respectfully,
Alex Reynolds
Contact Center Escalations 
Best Buy Enterprise Customer Care


I have no way of assessing their explanation for the limited nature
of their exposure.

// Sarah


"Duffy, Shawn" wrote:

This was exactly the point I was trying to make in my first email.

-----Original Message-----
From: Michael Cunningham
To: H C; vuln-dev () securityfocus com
Sent: 5/1/02 6:05 PM
Subject: RE: Wlan @ bestbuy is cleartext?

This information is already going public.
I have gotten several emails from newspapers
and online websites (big names to).

The faster it is exposed the less damage people
with not the best of intentions can do. Realisticaly
the underground community probably makes up
half or more of this mailing list.

I personally am going to scan my local stores tonight
to see if I can detect this problem. I cant trust
a company with my credit card info who cant even
setup a 802.11b lan correctly. I will let everyone
know what I find.

Thanks,
Mike

When you consider that it's names like Wal-Mart and

Best

Buy, both large retailers, the benefits of making
this information known
has been a equally weighed against what said
retailer would do to us in
the courts if we made the information public.


Thus far on the thread, I'm not aware of anyone asking
you to make the information public.

However, let me ask you this...since you've now been
doing this for 2 yrs, what steps have you taken to
address the situation?


__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

Current thread:

Re: Wlan @ bestbuy is cleartext?, (continued)
- Re: Wlan @ bestbuy is cleartext? El C0chin0 (May 01)
- FW: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 01)
- RE: Wlan @ bestbuy is cleartext? Mariusz Mazur (May 01)
  - RE: Wlan @ bestbuy is cleartext? Dom De Vitto (May 01)
    - Re: Wlan @ bestbuy is cleartext? Meritt James (May 02)
  - Re: Wlan @ bestbuy is cleartext? John Hall (May 02)
- Re: Wlan @ bestbuy is cleartext? Kris Herzog (May 01)
  - Re: Wlan @ bestbuy is cleartext? Jonathan E. Katz (May 01)
- Re: Wlan @ bestbuy is cleartext? El C0chin0 (May 01)
- RE: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 02)
  - Re: Wlan @ bestbuy is cleartext? Sarah Kenna Groark (May 02)
- Re: Wlan @ bestbuy is cleartext? El C0chin0 (May 02)
- RE: Fwd: Re: Wlan @ bestbuy is cleartext? Vachon, Scott (May 02)
- RE: Wlan @ bestbuy is cleartext? Joe Harrison (May 02)
  - RE: Wlan @ bestbuy is cleartext? Matt Andreko (May 02)
- RE: Wlan @ bestbuy is cleartext? Steve Maks (May 02)
- RE: Wlan @ bestbuy is cleartext? Yanek Korff (May 02)
- RE: Wlan @ bestbuy is cleartext? Hundley, Gordon - Princeton (May 02)
- RE: Wlan @ bestbuy is cleartext? OBrien, Brennan (May 02)
  - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 02)
    - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)

(Thread continues...)