Vulnerability Development mailing list archives
RE: Wlan @ bestbuy is cleartext?
From: "Matthew Leeds" <mleeds () theleeds net>
Date: Fri, 03 May 2002 11:02:57 -0700
It turns out that Best Buy has confirmed the possibility of a risk:
Laurie Bauer, a Best Buy spokeswoman, said security officials ``were aware of the possibility'' and decided to suspend the wireless registers after the posting. She confirmed that credit card numbers were among the data potentially sent through the wireless system.
See the full story, an AP wire item picked up nationally at: http://wire.ap.org/APnews/main.html?PACKAGEID=BIZwireless&SLUG=WIRELESS-INSECURITY This may be the first public confirmation of a possible risk presented by a non-anon person. Doesn't excuse the earlier press coverage which lacked such a confirmation. My issue is with the press handling of this and many other earlier 'security' stories. ---Matthew *********** REPLY SEPARATOR *********** On 5/3/2002 at 12:05 AM Ron DuFresne wrote:
I suspect there must have been something to the claims made. Otherwise we might well have seen Best Buy defend their secuirty integrity with wireless, and not just close down the toys <smile>. Thanks, Ron DuFresne On Thu, 2 May 2002, Matthew Leeds wrote:Unless I've missed it, I've yet to see anyone positively confirm thatcredit card numbers or other data is flying around in the clear on these networks. I've been amazed (and disappointed) to see press coverage that appears to be little more than hearsay. Has there been independent confirmation of credit cards numbers in the clear done by any member of the press, or done by any individual or organization acting as a source to the press with a methodology that allows for independent confirmation (packet captures)?---Matthew *********** REPLY SEPARATOR *********** On 5/2/2002 at 1:01 PM OBrien, Brennan wrote:Just so I'm clear... I know I remember the discussion of "security by obscurity" going the way of the dodo bird, but when did we decide "security through humiliation" was a good technique?? From the Best Buy response below, it sure looks like they made an honest mistake in their practices -- SOMETHING EVERY ONE OF US HAS DONE IN THE PAST. So, now we're going to raise fear, uncertainty and doubt in the (already a little flighty) buying public which could scare away more consumers and really hurt these guys. Is this issue fact? Yes. Doesthepublic at large get it? Nope, not really. Funny thing about guns... When you pull the trigger, you not only needtoknow what you're hitting, but what's beyond it in case the bullet goesallthe way through.. Sarah, it was really cool of you to send them your note. Good job.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- RE: Fwd: Re: Wlan @ bestbuy is cleartext?, (continued)
- RE: Fwd: Re: Wlan @ bestbuy is cleartext? Vachon, Scott (May 02)
- RE: Wlan @ bestbuy is cleartext? Joe Harrison (May 02)
- RE: Wlan @ bestbuy is cleartext? Matt Andreko (May 02)
- RE: Wlan @ bestbuy is cleartext? Steve Maks (May 02)
- RE: Wlan @ bestbuy is cleartext? Yanek Korff (May 02)
- RE: Wlan @ bestbuy is cleartext? Hundley, Gordon - Princeton (May 02)
- RE: Wlan @ bestbuy is cleartext? OBrien, Brennan (May 02)
- RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 02)
- RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
- RE: Wlan @ bestbuy is cleartext? Paul Kierstead (May 03)
- RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 03)
- RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 03)
- RE: Wlan @ bestbuy is cleartext? Frank (May 03)
- RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 02)
- RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 07)
- RE: Wlan @ bestbuy is cleartext? Matthew Leeds (May 07)