Re: Wlan @ bestbuy is cleartext?
From: Erik Parker (eparker@mindsec.com)Date: 05/01/02
- Previous message: TUTTLE, TERESA A (SBCSI): "RE: AOL passwords"
- In reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
- Next in thread: Ron DuFresne: "Re: Wlan @ bestbuy is cleartext?"
- Next in thread: Ron DuFresne: "Re: Wlan @ bestbuy is cleartext?"
- Reply:(deleted message) Ron DuFresne: "Re: Wlan @ bestbuy is cleartext?"
- Reply:(deleted message) Hans Barboza: "RE: Wlan @ bestbuy is cleartext?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 1 May 2002 12:01:05 -0500 (CDT) From: Erik Parker <eparker@mindsec.com> To: Blue Boar <BlueBoar@thievco.com>
There was a thread about this, on the Kismet list previously. All Best
Buys use 802.11b, without WEP. With some strange SSID's (That almost look
random).
As for legality.. That's not a thread we really want to get into. It
depends on the person you report it, the brains in the cops head they
call, and district attorneys brains.
Either way, if they feel like having you arrested, and the cop is stupid
enough to do it.. You'll be paying enough legal fee's to hate life.
However, it's best buys decision on what they want to do with their
customers data.. Even though I'm pretty sure there are legal consequences
for them as well.. At least with their insurers.
I imagine, the best buy networks are setup by people with similar
knowledge of computers as their techs, if that gives you any idea.
BB> This past week I went to bestbuy to purchase a D-link wlan card... egar to
BB> get my laptop up and running while in the car I put my card in and
BB> installed the driver. I noticed the traffic light was lit up as if I had a
BB> connection. Out of curriosity I fired up kismet and sure enough there were
BB> packets flying through the air right infront of BestBuy. Well I decided to
BB> run in an try to make a Credit Card purchase real quick to verify that my
BB> info was not going all over the parking lot in the clear. Well after
BB> sorting out my logs I noticed what looked to be like SQL queries and table
BB> headers in my logs ... things such as CUSTOMER_ROUTEID, BANKNAME,
BB> REGISTER_ID and things of that nature... luckily no where in that data did
BB> I find my own credit card. Non the less I decided to run to the store next
BB> to BestBuy while I left me PC on grabbing packets. Well yesterday I sorted
BB> through the data collected and this time I did indeed find a RAW clear text
BB> credit card number....not mine ... but definately a credit card number.
- Previous message: TUTTLE, TERESA A (SBCSI): "RE: AOL passwords"
- In reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
- Next in thread: Ron DuFresne: "Re: Wlan @ bestbuy is cleartext?"
- Next in thread: Ron DuFresne: "Re: Wlan @ bestbuy is cleartext?"
- Reply:(deleted message) Ron DuFresne: "Re: Wlan @ bestbuy is cleartext?"
- Reply:(deleted message) Hans Barboza: "RE: Wlan @ bestbuy is cleartext?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
