bestbuy reads the firewalls list, I forget the name of their contact on the list, perhaps this should be x-posted there for clarification. Additionally, their corporate headquarters is in Minnesota, and one might find an address on their wbsite or a phone number to direct concerns. this is a BIG issue, and should be clarified. Thanks, Ron DuFresne On Wed, 1 May 2002, Blue Boar wrote: > I was asked to anonymously proxy this question to the list. Here ya go. > > BB > > ---------------------------------------------------------------------------------------------------- > > This past week I went to bestbuy to purchase a D-link wlan card... egar to > get my laptop up and running while in the car I put my card in and > installed the driver. I noticed the traffic light was lit up as if I had a > connection. Out of curriosity I fired up kismet and sure enough there were > packets flying through the air right infront of BestBuy. Well I decided to > run in an try to make a Credit Card purchase real quick to verify that my > info was not going all over the parking lot in the clear. Well after > sorting out my logs I noticed what looked to be like SQL queries and table > headers in my logs ... things such as CUSTOMER_ROUTEID, BANKNAME, > REGISTER_ID and things of that nature... luckily no where in that data did > I find my own credit card. Non the less I decided to run to the store next > to BestBuy while I left me PC on grabbing packets. Well yesterday I sorted > through the data collected and this time I did indeed find a RAW clear text > credit card number....not mine ... but definately a credit card number. > > Heres my delima... I checked out a few of the other best buy stores for > "beacon packets" and everyone I drove by was sending them out...so I assume > all BestBuy's are wlan enabled. What I need to find out is ... are > BestBuys's Cash register terminals indeed using wlan and are they indeed > sending out MY data in the clear... I am NOT comfortable using my credit > card at ANY BestBuy as of right now... due to legality though I don't feel > comfortable walking into the store and confronting someone about it.... for > all I know it could be standard BestBuy corp. practices to use nonsecure > wlan. I figured by starting a thread other people that have attempted this > may have more info or some from BestBuy may be reading the list and they > may pipe up. > > ---------------------------------------------------------------------------------------------------- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Wed May 01 2002 - 11:35:53 PDT