Re: Wlan @ bestbuy is cleartext?

[El C0chin0 <mr.nasty () ix netcom com>]

In-Reply-To: <NEBBKCHGCLMNNIGJCAMKEEBIMFAA.m.cunningham () xpedite com>

My .02 cents;

I'm not here to tout any specific legal knowledge, hacker 
expertise, or 
I know what to do banter.  The first thing to do is to 
notify the 
company of the vulnerability as stated earlier.  It is 
their 
responsibility to their customers to protect their 
purchases.  If the 
company does nothing within a reasonable time frame (and 
this is 
equalivant to approx 5 working days) then it is fare game 
for the press.

I've read somewhere after the DDOS attacks in 1999, that 
the Justice 
Department was considering allowing a liability suite 
against 
individuals/companies who don't take the necessary security 
measures.  I 
think this would be one such case where not only are the 
credit card 
numbers transferred in the clear but also certain privacy 
issues may 
arise.  Release of phone number, address, item purchased 
etc.

I have notified BB and HomeDepot from their web site.  I 
don't know if 
they will do anything.  They have been notified now all we 
can do is sit 
and wait.  Then the lawsuits.  Then the store closures.  
Then John 
Ashcroft blames the economy, then we can all run in and 
ransack BB and 
take advantage of all the great sales.    [;-)] 

Frank Kenisky IV, CISSP