RE: Wlan @ bestbuy is cleartext?

From: Oliver Petruzel (opetruzelat_private)
Date: Wed May 01 2002 - 23:20:35 PDT

Next message: Meritt James: "Re: Wlan @ bestbuy is cleartext?"

Previous message: mikedat_private: "Re: Fwd: Re: Wlan @ bestbuy is cleartext?"
In reply to: Valdis.Kletnieksat_private: "Re: Wlan @ bestbuy is cleartext?"
Next in thread: Art Stine: "Re: Wlan @ bestbuy is cleartext?"
Next in thread: Kris Herzog: "Re: Wlan @ bestbuy is cleartext?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI: local circuit cities suffer too, or the one near me atleast... (I
heard!: they have a lan at the local CC that has ssid "CCsecurelan" and
no WEP... all cleartext and dhcp... rumor though=not MY findings!)
perhaps just a demo wlan...?

/oliver p.



-----Original Message-----
From: Valdis.Kletnieksat_private [mailto:Valdis.Kletnieksat_private] 
Sent: Thursday, May 02, 2002 12:27 AM
To: Jonathan Bloomquist
Cc: vuln-devat_private
Subject: Re: Wlan @ bestbuy is cleartext? 

On Wed, 01 May 2002 18:21:23 PDT, Jonathan Bloomquist said:
> Corporate IT staff are paid to know better than to put
> insecure technology into production and they need to
> be held accountable if they make such a boneheaded
> move.

How many corporate networks have dumped Outlook so far?

How many corporate sites still run IIS because a conversion to
Apache would be even more costly than getting hacked every 2 months?

It's *quite* possible that at least some of these IT staffers did
the calculation: "Hmm... if we deploy this, we can expect $2M/year in
writeoffs due to guys out in the parking lot with pringle-can yagis, but
we'll save $4M/year, so we'll be ahead anyhow..."  It's all trade-offs,
and nothing news to the big corporations - I'm *positive* that the
master
financial plan for Best Buy already has a line item for "write off 2.3%
of all credit card transactions" and that such write-offs are a standard
part of doing business.  They may decide that it's easier and cheaper to
just raise their write-off margin to 2.7% rather than fix the
problem....

And factor *THIS* into the equation - let's say that Very Large Chain
Q-Mart decides to run wireless without any security.  Perhaps they had
a *reason*.  Like - if any security is disabled, you can deploy devices
that can hop onto the net without any assistance - so it's safe to give
these handheld scanners/etc to a $7/hour functional illiterate.  On the
other hand, if security is enabled, it's quite possible for the device
to get confused and be unable to talk.  This not only means that you've
just idled the $7/hour worker until it's fixed, it means you need to
find
an actual *literate* and *competent* person, who's probably costing you
a lot MORE than $7/hour, to unsnarl the mess and figure out what
happened.

				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

Next message: Meritt James: "Re: Wlan @ bestbuy is cleartext?"
Previous message: mikedat_private: "Re: Fwd: Re: Wlan @ bestbuy is cleartext?"
In reply to: Valdis.Kletnieksat_private: "Re: Wlan @ bestbuy is cleartext?"
Next in thread: Art Stine: "Re: Wlan @ bestbuy is cleartext?"
Next in thread: Kris Herzog: "Re: Wlan @ bestbuy is cleartext?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 02 2002 - 08:43:21 PDT