Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: RE: WLAN @ Best Buy is cleartext?

From: David Farber <dfarber () earthlink net>
Date: Thu, 02 May 2002 06:48:30 -0500
Quick. Some one tell them about secure approaches. 


-----Original Message-----
From: Jim Brenton <brentonj () swbell net>
Date: Thu, 02 May 2002 06:26:27 
To: farber () cis upenn edu
Subject: RE: WLAN @ Best Buy is cleartext?

Dave,

Looks like msnbc.com has picked up this story and reports that Best Buy has
responded by shutting down their wireless cash registers.
http://www.msnbc.com/news/746380.asp?0dm=N11JT

"...a hacker can sit in a store's parking lot and "listen in" to the data.
Indeed, consumer electronics retailer Best Buy Co. shut off wireless cash
registers at its stores Wednesday after being alerted to the potential
problem, saying it was investigating the issue."

Jim Brenton, CISSP


-----Original Message-----
From: owner-ip-sub-1 () admin listbox com
[mailto:owner-ip-sub-1 () admin listbox com]On Behalf Of Dave Farber
Sent: Wednesday, May 01, 2002 5:40 PM
To: ip
Subject: IP: WLAN @ Best Buy is cleartext?


Unverified djf


------ Forwarded Message
From: "Rob McMillin" <rlm () pricegrabber com>
Organization: PriceGrabber.com
Date: Wed, 1 May 2002 14:08:04 -0700
To: "David Farber" <Dave () farber net>
Subject: WLAN @ Best Buy is cleartext?

http://online.securityfocus.com/archive/82/270364/2002-04-28/2002-05-04/
0

"This past week I went to bestbuy to purchase a D-link wlan card...
[eager] to
get my laptop up and running while in the car I put my card in and
installed the driver. I noticed the traffic light was lit up as if I had
a
connection. Out of curriosity I fired up kismet and sure enough there
were
packets flying through the air right infront of BestBuy. Well I decided
to
run in an try to make a Credit Card purchase real quick to verify that
my
info was not going all over the parking lot in the clear. Well after
sorting out my logs I noticed what looked to be like SQL queries and
table
headers in my logs ... things such as CUSTOMER_ROUTEID, BANKNAME,
REGISTER_ID and things of that nature... luckily no where in that data
did
I find my own credit card. Non the less I decided to run to the store
next
to BestBuy while I left me PC on grabbing packets. Well yesterday I
sorted
through the data collected and this time I did indeed find a RAW clear
text
credit card number....not mine ... but definately a credit card number."

[...]

--
rlm () pricegrabber com
  "We're smarter individually." -- Larry Niven



------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/

For archives see:
http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: