Re: Wlan @ bestbuy is cleartext?

From: Sarah Kenna Groark (sarah@procinct.com)
Date: 05/02/02


Date: Thu, 02 May 2002 09:52:34 -0700
From: Sarah Kenna Groark <sarah@procinct.com>
To: "'vuln-dev@securityfocus.com '" <vuln-dev@securityfocus.com>

From BestBuy:

> Thank you for contacting Best Buy's corporate headquarters with your
> concerns. Regarding this issue, Best Buy has deactivated our temporary
> wireless cash registers that transmit information via LAN connections.
> These registers are not Best Buy's main register terminals and represent a
> small percentage of the transactions processed within our stores. Please be
> assured that customer privacy is of the utmost importance to Best Buy and we
> will further investigate this matter.
>
> We do appreciate your taking the time to share your concerns with us.
>
> Respectfully,
> Alex Reynolds
> Contact Center Escalations
> Best Buy Enterprise Customer Care

I have no way of assessing their explanation for the limited nature
of their exposure.

// Sarah

"Duffy, Shawn" wrote:
>
> This was exactly the point I was trying to make in my first email.
>
> -----Original Message-----
> From: Michael Cunningham
> To: H C; vuln-dev@securityfocus.com
> Sent: 5/1/02 6:05 PM
> Subject: RE: Wlan @ bestbuy is cleartext?
>
> This information is already going public.
> I have gotten several emails from newspapers
> and online websites (big names to).
>
> The faster it is exposed the less damage people
> with not the best of intentions can do. Realisticaly
> the underground community probably makes up
> half or more of this mailing list.
>
> I personally am going to scan my local stores tonight
> to see if I can detect this problem. I cant trust
> a company with my credit card info who cant even
> setup a 802.11b lan correctly. I will let everyone
> know what I find.
>
> Thanks,
> Mike
>
> > > When you consider that it's names like Wal-Mart and
> > Best
> > > Buy, both large retailers, the benefits of making
> > > this information known
> > > has been a equally weighed against what said
> > > retailer would do to us in
> > > the courts if we made the information public.
> >
> > Thus far on the thread, I'm not aware of anyone asking
> > you to make the information public.
> >
> > However, let me ask you this...since you've now been
> > doing this for 2 yrs, what steps have you taken to
> > address the situation?
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Health - your guide to health and wellness
> > http://health.yahoo.com