RE: Wlan @ bestbuy is cleartext?

[Keith Tyler <ktyler () unicornfinancial com>]

I think what would be even worse is forging credit approvals. Let say you
had a credit card and it was dead or expired. Im sure with enough time you
could forge approvals into their wlan. That seems very possible.

-----Original Message-----
From: Philip Rowlands [mailto:phr () doc ic ac uk]
Sent: Wednesday, May 01, 2002 11:06 AM
To: vuln-dev () securityfocus com
Subject: Re: Wlan @ bestbuy is cleartext?


On Wed, 1 May 2002, Blue Boar wrote:

> Heres my delima... I checked out a few of the other best buy stores for
> "beacon packets" and everyone I drove by was sending them out...so I assume
> all BestBuy's are wlan enabled. What I need to find out is ... are
> BestBuys's Cash register terminals indeed using wlan and are they indeed
> sending out MY data in the clear... I am NOT comfortable using my credit
> card at ANY BestBuy as of right now...  due to legality though I don't feel
> comfortable walking into the store and confronting someone about it....

You could contact an investigative journalist, even anonymously.
Assuming your motives are to protect ignorant customers' CC numbers,
rather than extortion, you'd probably get a fair hearing.

Search for "whistleblowers guide" on Google :)

http://members.tripod.com/whistle20/resources.htm


Cheers,

Phil