Vulnerability Development mailing list archives

RE: Wlan @ bestbuy is cleartext?

From: "Duffy, Shawn" <SDuffy () NCIINC com>
Date: Fri, 3 May 2002 09:22:17 -0400

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our company is currently conducting requests with Best Buy.
We can certainly verify the claims, but not without permission.  It's
a LEGAL thing with me ;)

Shawn.



- -----Original Message-----
From: Matthew Leeds [mailto:mleeds () theleeds net]
Sent: Thursday, May 02, 2002 5:17 PM
To: vuln-dev () securityfocus com
Subject: RE: Wlan @ bestbuy is cleartext?


Unless I've missed it, I've yet to see anyone positively confirm that
credit card numbers or other data is flying around in the clear on
these networks. I've been amazed (and disappointed) to see press
coverage that appears to be little more than hearsay. Has there been
independent confirmation of credit cards numbers in the clear done by
any member of the press, or done by any individual or organization
acting as a source to the press with a methodology that allows for
independent confirmation (packet captures)?

- ---Matthew

*********** REPLY SEPARATOR  ***********

On 5/2/2002 at 1:01 PM OBrien, Brennan wrote:

Just so I'm clear... I know I remember the discussion of "security
by obscurity" going the way of the dodo bird, but when did we decide
"security through humiliation" was a good technique??  

From the Best Buy response below, it sure looks like they made an
honest mistake in their practices -- SOMETHING EVERY ONE OF US HAS
DONE IN THE PAST.  So, now we're going to raise fear, uncertainty
and doubt in the (already a little flighty) buying public which
could scare away more consumers and really hurt these guys.  Is this
issue fact? Yes.  Does the public at large get it?  Nope, not
really. 

Funny thing about guns... When you pull the trigger, you not only
need to know what you're hitting, but what's beyond it in case the
bullet goes all the way through.. 

Sarah, it was really cool of you to send them your note.  Good job.




-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPNKPs89b0XjZv5u0EQK70gCggdmNvcPsDlg/tZpG5DI4i1pUGu0AoNXS
7HQ2WdHqPoseqB5isqpsNRfJ
=7oJP
-----END PGP SIGNATURE-----

Current thread:

RE: Wlan @ bestbuy is cleartext?, (continued)
- RE: Wlan @ bestbuy is cleartext? Steve Maks (May 02)
- RE: Wlan @ bestbuy is cleartext? Yanek Korff (May 02)
- RE: Wlan @ bestbuy is cleartext? Hundley, Gordon - Princeton (May 02)
- RE: Wlan @ bestbuy is cleartext? OBrien, Brennan (May 02)
  - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 02)
    - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
    - RE: Wlan @ bestbuy is cleartext? Paul Kierstead (May 03)
    - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 03)
    - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
    - RE: Wlan @ bestbuy is cleartext? Frank (May 03)
- RE: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 03)
- RE: Wlan @ bestbuy is cleartext? Peter Gutmann (May 06)
  - RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 07)
    - RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 07)