Re: Wlan @ bestbuy is cleartext?
From: Ron DuFresne (dufresne@winternet.com)Date: 05/01/02
- Previous message: TUTTLE, TERESA A (SBCSI): "RE: AOL passwords"
- In reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
- Next in thread: Philip Rowlands: "Re: Wlan @ bestbuy is cleartext?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 1 May 2002 12:05:19 -0500 (CDT) From: Ron DuFresne <dufresne@winternet.com> To: Blue Boar <BlueBoar@thievco.com>
bestbuy reads the firewalls list, I forget the name of their contact on
the list, perhaps this should be x-posted there for clarification.
Additionally, their corporate headquarters is in Minnesota, and one might
find an address on their wbsite or a phone number to direct concerns.
this is a BIG issue, and should be clarified.
Thanks,
Ron DuFresne
On Wed, 1 May 2002, Blue Boar wrote:
> I was asked to anonymously proxy this question to the list. Here ya go.
>
> BB
>
> ----------------------------------------------------------------------------------------------------
>
> This past week I went to bestbuy to purchase a D-link wlan card... egar to
> get my laptop up and running while in the car I put my card in and
> installed the driver. I noticed the traffic light was lit up as if I had a
> connection. Out of curriosity I fired up kismet and sure enough there were
> packets flying through the air right infront of BestBuy. Well I decided to
> run in an try to make a Credit Card purchase real quick to verify that my
> info was not going all over the parking lot in the clear. Well after
> sorting out my logs I noticed what looked to be like SQL queries and table
> headers in my logs ... things such as CUSTOMER_ROUTEID, BANKNAME,
> REGISTER_ID and things of that nature... luckily no where in that data did
> I find my own credit card. Non the less I decided to run to the store next
> to BestBuy while I left me PC on grabbing packets. Well yesterday I sorted
> through the data collected and this time I did indeed find a RAW clear text
> credit card number....not mine ... but definately a credit card number.
>
> Heres my delima... I checked out a few of the other best buy stores for
> "beacon packets" and everyone I drove by was sending them out...so I assume
> all BestBuy's are wlan enabled. What I need to find out is ... are
> BestBuys's Cash register terminals indeed using wlan and are they indeed
> sending out MY data in the clear... I am NOT comfortable using my credit
> card at ANY BestBuy as of right now... due to legality though I don't feel
> comfortable walking into the store and confronting someone about it.... for
> all I know it could be standard BestBuy corp. practices to use nonsecure
> wlan. I figured by starting a thread other people that have attempted this
> may have more info or some from BestBuy may be reading the list and they
> may pipe up.
>
> ----------------------------------------------------------------------------------------------------
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
- Previous message: TUTTLE, TERESA A (SBCSI): "RE: AOL passwords"
- In reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
- Next in thread: Philip Rowlands: "Re: Wlan @ bestbuy is cleartext?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
