http://www.computerworld.com/securitytopics/security/story/0,10801,70840,00.html Date: May 06, 2002 Author: Bob Brewin and Dan Verton White-hat hackers last week discovered vulnerabilities in the wireless networks of two major retailers' holes that they claimed exposed data that appeared to include customer information. On May 1, an anonymous hacker posted a message on an online security mailing list stating that he had discovered holes in the wireless LANs operated by Best Buy Co. Later that day, Jonas Luster, co-founder of security consultancy D-fensive Networks Inc. in Campbell, Calif., told Computerworld that he had conducted a test of networks operated by a San Jose outlet of The Home Depot Inc. and found similar vulnerabilities. Best Buy said it shut down its wireless LANs shortly after the initial report surfaced. The San Jose Home Depot network, which Luster said exposed what appeared to be SQL database queries, shut down May 2, he said. Don Harris, a Home Depot spokesman, declined to say whether the company had turned off its wireless LAN in the San Jose store. Spokeswoman Jennifer Bohuslavsky said Eden Prairie, Minn.-based Best Buy on May 1 deactivated its "wireless temporary cash registers," which transmit information via a wireless LAN connection. "These registers are not Best Buy's main register terminals and represent a small percentage of our transactions," she said. Bohuslavsky declined to provide any security or deployment details on the wireless network used by Best Buy throughout its 480 stores. Dave Ellis, vice president for information systems at Atlanta-based Home Depot, sharply denied a published report that hackers had captured data from wireless point-of-sale terminals or cash registers in any of the company's 1,200-plus stores. "That dog does not hunt," Ellis said. "All our registers are hard-wired." Ellis declined to discuss Home Depot's wireless LAN security or whether white-hat hackers could have penetrated its wireless network. John Pescatore, an analyst at Gartner Inc., said the fact that someone was able to sniff data from a Best Buy wireless LAN indicated to him that the company hadn't turned on the simplest form of security available on any 802.11b wireless LAN: encryption based on the Wired Equivalent Privacy (WEP) protocol. Not turning on WEP is "just stupid," Pescatore said. Dennis Eaton, chairman of the Wireless Ethernet Compatibility Alliance, a wireless LAN industry group in Mountain View, Calif., said that, in fact, most users fail to turn on WEP, despite widespread publicity about the inherent lack of security in wireless LANs. Rick Doten, a program manager at security consultant NetSec Inc. in Herndon, Va., said that only 30% to 40% of enterprises turn on WEP, though some companies run more powerful forms of encryption. Pescatore said enterprises also routinely fail to change the factory-default Service Set Identifier (SSID) on their wireless LAN access points. Access points broadcast the SSID in packet headers so access cards in PCs or handheld computers can find the LAN. Doten said the failure to properly secure wireless LANs is being exploited by what he called wireless LAN "war drivers" who use freeware tools such as NetStumbler to locate access points. Wayne Slavin, the San Diego-based founder and webmaster of Netstumbler.com, said there have been more than 200,000 downloads of the company's software. He said that to date he has identified over 25,000 access points in the U.S. and Canada, with more than 80% broadcasting in the clear. "[That's] a pretty scary statistic," Slavin said. - ISN is currently hosted by Attrition.org To unsubscribe email email@example.com with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri May 10 2002 - 04:43:54 PDT