Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: more best buy media coverage

From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Thu, 02 May 2002 12:49:17 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 09:32 AM 5/2/2002, you wrote:



http://www.silicon.com/public/door?6004REQEVENT=&REQINT1=53089&REQSTR1=silicon.com

regards,



Well, let's hear it for journalistic integrity!  Someone turns BB's 
voluntary deactivation of some wireless registers into this:

"Major stores beam credit card details to the car park
Hacking into people's private data is as easy as parking a car...

Major US retail chain Best Buy has been forced to close down its wireless 
cash registers after security experts revealed it had been making credit 
card information available to anyone in the vicinity with the equipment to 
detect wireless networks."

The fact that there may be an issue is bad enough- it is really unfortunate 
that the authors of these articles have to sensationalize it with FUD like 
"forced to close down" and "experts revealed it had been making cc info 
available".   No one has revealed *anything*.   We have someone who 
*thinks* it was Best Buy, and who *thinks* it might be a CC number.

The article *should* have gone like this:

"Best Buy Does the Right Thing"
"Under allegations that Best Buy's wireless POS network may be transmitting 
confidential customer data which could be intercepted by wireless sniffers, 
Best Buy has voluntarily disabled the devices so that they can conduct an 
investigation."

This is nothing new *at all*.  Hell, the article I wrote on wireless is 
almost a year old, and I came to the game quite late.  People use 
un-encrypted wlan all the time.  I agree that if they are transmitting 
confidential data that this is wrong, but no one has verified this.

Best Buy has shut it all down- the OP needs to post the captures.  It can't 
do any harm at this point.  Put up, or shut up!  Email it to me and *I'LL* 
post it!!

AD













  
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPNGYPYhsmyD15h5gEQJrOACgycODNSNFxCuOcsDTy8x5VBZ3AAYAn1Cw
pTnenNr8IL1y5uP7rn/4LGg3
=8Aes
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: