RE: Wlan @ bestbuy is cleartext?

[verbal () mrverbal com]

There's also the possibility of depleating a store's inventory,
virtually.  Not only would that cause problems at the registers, but
a number of man-hours going through the entire stock to repopulate
their datastore.

-----Original Message-----
From: Keith Tyler [mailto:ktyler () unicornfinancial com]
Sent: Wednesday, May 01, 2002 1:51 PM
To: 'Philip Rowlands'; vuln-dev () securityfocus com
Subject: RE: Wlan @ bestbuy is cleartext?


I think what would be even worse is forging credit approvals. Let say
you
had a credit card and it was dead or expired. Im sure with enough
time you
could forge approvals into their wlan. That seems very possible.

-----Original Message-----
From: Philip Rowlands [mailto:phr () doc ic ac uk]
Sent: Wednesday, May 01, 2002 11:06 AM
To: vuln-dev () securityfocus com
Subject: Re: Wlan @ bestbuy is cleartext?


On Wed, 1 May 2002, Blue Boar wrote:

> Heres my delima... I checked out a few of the other best buy stores
for
> "beacon packets" and everyone I drove by was sending them out...so I
assume
> all BestBuy's are wlan enabled. What I need to find out is ... are
> BestBuys's Cash register terminals indeed using wlan and are they
indeed
> sending out MY data in the clear... I am NOT comfortable using my
credit
> card at ANY BestBuy as of right now...  due to legality though I
don't feel
> comfortable walking into the store and confronting someone about
it....

You could contact an investigative journalist, even anonymously.
Assuming your motives are to protect ignorant customers' CC numbers,
rather than extortion, you'd probably get a fair hearing.

Search for "whistleblowers guide" on Google :)

http://members.tripod.com/whistle20/resources.htm


Cheers,

Phil