Vulnerability Development mailing list archives

RE: Wlan @ bestbuy is cleartext?

From: Yanek Korff <yanek () cigital com>
Date: Thu, 2 May 2002 12:51:19 -0400

I was on the West coast some time back and noticed a nice big antenna where
I rented my Budget Rent-A-Car.  Looks like it handled traffic from the POS
to some central server on another floor.  Didn't have hardware on me, but
rental car places may also be suspect.

-Yanek.

-----Original Message-----
From: Erik Parker [mailto:eparker () mindsec com]
Sent: Wednesday, May 01, 2002 7:44 PM
To: Mariusz Mazur
Cc: vuln-dev () securityfocus com
Subject: Re: Wlan @ bestbuy is cleartext?

Let me know if you find any. From what I heard from a media 
source, when they approached Best Buy about it today, best buy ordered 
their stores to shut off the wireless registers.

My local Best Buy checked out an hour ago, to not have 
wireless running.

However, Petsmart, and DSW shoes do the same thing.. 
unencrypted customer data.

MM> On Wednesday 01 May 2002 22:38, Michael Cunningham wrote:
MM> > Folks,
MM> >
MM> > I assume half the mailing list is going to be driving
MM> > around their towns tonight scanning for this problem. I
MM> > know I will. I am not about to give my credit card to a
MM> > store that cant even keep the number secure.
MM> >
MM> > Might I suggest we begin reporting confirmed stores and the
MM> > issues found here so the media can get the word out effectivily.
MM> > The more names that are listed here means more pressure the
MM> > general public and the media will place on these stores to
MM> > rapidly fix the problem. Obviously this mailing list is read
MM> > by many in the underground community. I am sure many will
MM> > begin scanning almost immediatly if they aren't already.
MM> > A rapid response by the security community might prevent
MM> > widespread identity theft.
MM>
MM> Would be nice if someone could suggest a rather neutral 
database for
MM> gathering such information. CERT? SecurityFocus (Blue Boar?)?
MM>
MM>
MM> --
MM> "If you want to help - do only what you are capable of. 
Doing miracles leave
MM> to others" - kloczek
MM>

Current thread:

Re: Wlan @ bestbuy is cleartext?, (continued)
- Re: Wlan @ bestbuy is cleartext? Kris Herzog (May 01)
  - Re: Wlan @ bestbuy is cleartext? Jonathan E. Katz (May 01)
- Re: Wlan @ bestbuy is cleartext? El C0chin0 (May 01)
- RE: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 02)
  - Re: Wlan @ bestbuy is cleartext? Sarah Kenna Groark (May 02)
- Re: Wlan @ bestbuy is cleartext? El C0chin0 (May 02)
- RE: Fwd: Re: Wlan @ bestbuy is cleartext? Vachon, Scott (May 02)
- RE: Wlan @ bestbuy is cleartext? Joe Harrison (May 02)
  - RE: Wlan @ bestbuy is cleartext? Matt Andreko (May 02)
- RE: Wlan @ bestbuy is cleartext? Steve Maks (May 02)
- RE: Wlan @ bestbuy is cleartext? Yanek Korff (May 02)
- RE: Wlan @ bestbuy is cleartext? Hundley, Gordon - Princeton (May 02)
- RE: Wlan @ bestbuy is cleartext? OBrien, Brennan (May 02)
  - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 02)
    - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
    - RE: Wlan @ bestbuy is cleartext? Paul Kierstead (May 03)
    - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 03)
    - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
    - RE: Wlan @ bestbuy is cleartext? Frank (May 03)
- RE: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 03)
- RE: Wlan @ bestbuy is cleartext? Peter Gutmann (May 06)

(Thread continues...)