('binary' encoding is not supported, stored as-is) In-Reply-To: <NEBBKCHGCLMNNIGJCAMKEEBIMFAA.m.cunninghamat_private> My .02 cents; I'm not here to tout any specific legal knowledge, hacker expertise, or I know what to do banter. The first thing to do is to notify the company of the vulnerability as stated earlier. It is their responsibility to their customers to protect their purchases. If the company does nothing within a reasonable time frame (and this is equalivant to approx 5 working days) then it is fare game for the press. I've read somewhere after the DDOS attacks in 1999, that the Justice Department was considering allowing a liability suite against individuals/companies who don't take the necessary security measures. I think this would be one such case where not only are the credit card numbers transferred in the clear but also certain privacy issues may arise. Release of phone number, address, item purchased etc. I have notified BB and HomeDepot from their web site. I don't know if they will do anything. They have been notified now all we can do is sit and wait. Then the lawsuits. Then the store closures. Then John Ashcroft blames the economy, then we can all run in and ransack BB and take advantage of all the great sales. [;-)] Frank Kenisky IV, CISSP
This archive was generated by hypermail 2b30 : Wed May 01 2002 - 15:17:31 PDT