Interesting People mailing list archives
IP: RE: WLAN @ Best Buy is cleartext?
From: David Farber <dfarber () earthlink net>
Date: Thu, 02 May 2002 06:48:30 -0500
Quick. Some one tell them about secure approaches. -----Original Message----- From: Jim Brenton <brentonj () swbell net> Date: Thu, 02 May 2002 06:26:27 To: farber () cis upenn edu Subject: RE: WLAN @ Best Buy is cleartext? Dave, Looks like msnbc.com has picked up this story and reports that Best Buy has responded by shutting down their wireless cash registers. http://www.msnbc.com/news/746380.asp?0dm=N11JT "...a hacker can sit in a store's parking lot and "listen in" to the data. Indeed, consumer electronics retailer Best Buy Co. shut off wireless cash registers at its stores Wednesday after being alerted to the potential problem, saying it was investigating the issue." Jim Brenton, CISSP -----Original Message----- From: owner-ip-sub-1 () admin listbox com [mailto:owner-ip-sub-1 () admin listbox com]On Behalf Of Dave Farber Sent: Wednesday, May 01, 2002 5:40 PM To: ip Subject: IP: WLAN @ Best Buy is cleartext? Unverified djf ------ Forwarded Message From: "Rob McMillin" <rlm () pricegrabber com> Organization: PriceGrabber.com Date: Wed, 1 May 2002 14:08:04 -0700 To: "David Farber" <Dave () farber net> Subject: WLAN @ Best Buy is cleartext? http://online.securityfocus.com/archive/82/270364/2002-04-28/2002-05-04/ 0 "This past week I went to bestbuy to purchase a D-link wlan card... [eager] to get my laptop up and running while in the car I put my card in and installed the driver. I noticed the traffic light was lit up as if I had a connection. Out of curriosity I fired up kismet and sure enough there were packets flying through the air right infront of BestBuy. Well I decided to run in an try to make a Credit Card purchase real quick to verify that my info was not going all over the parking lot in the clear. Well after sorting out my logs I noticed what looked to be like SQL queries and table headers in my logs ... things such as CUSTOMER_ROUTEID, BANKNAME, REGISTER_ID and things of that nature... luckily no where in that data did I find my own credit card. Non the less I decided to run to the store next to BestBuy while I left me PC on grabbing packets. Well yesterday I sorted through the data collected and this time I did indeed find a RAW clear text credit card number....not mine ... but definately a credit card number." [...] -- rlm () pricegrabber com "We're smarter individually." -- Larry Niven ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/ For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: RE: WLAN @ Best Buy is cleartext? David Farber (May 02)