RE: Wlan @ bestbuy is cleartext?

From: Yanek Korff (yanekat_private)
Date: Thu May 02 2002 - 09:51:19 PDT

Next message: Sebastian: "Re: static char overflow"

Previous message: Sarah Kenna Groark: "Re: Wlan @ bestbuy is cleartext?"
Maybe in reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
Next in thread: Hundley, Gordon - Princeton: "RE: Wlan @ bestbuy is cleartext?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was on the West coast some time back and noticed a nice big antenna where
I rented my Budget Rent-A-Car.  Looks like it handled traffic from the POS
to some central server on another floor.  Didn't have hardware on me, but
rental car places may also be suspect.

-Yanek.

> -----Original Message-----
> From: Erik Parker [mailto:eparkerat_private]
> Sent: Wednesday, May 01, 2002 7:44 PM
> To: Mariusz Mazur
> Cc: vuln-devat_private
> Subject: Re: Wlan @ bestbuy is cleartext?
> 
> 
> 
> Let me know if you find any. From what I heard from a media 
> source, when they approached Best Buy about it today, best buy ordered 
> their stores to shut off the wireless registers.
> 
> My local Best Buy checked out an hour ago, to not have 
> wireless running.
> 
> However, Petsmart, and DSW shoes do the same thing.. 
> unencrypted customer data.
> 
> 
> MM> On Wednesday 01 May 2002 22:38, Michael Cunningham wrote:
> MM> > Folks,
> MM> >
> MM> > I assume half the mailing list is going to be driving
> MM> > around their towns tonight scanning for this problem. I
> MM> > know I will. I am not about to give my credit card to a
> MM> > store that cant even keep the number secure.
> MM> >
> MM> > Might I suggest we begin reporting confirmed stores and the
> MM> > issues found here so the media can get the word out effectivily.
> MM> > The more names that are listed here means more pressure the
> MM> > general public and the media will place on these stores to
> MM> > rapidly fix the problem. Obviously this mailing list is read
> MM> > by many in the underground community. I am sure many will
> MM> > begin scanning almost immediatly if they aren't already.
> MM> > A rapid response by the security community might prevent
> MM> > widespread identity theft.
> MM>
> MM> Would be nice if someone could suggest a rather neutral 
> database for
> MM> gathering such information. CERT? SecurityFocus (Blue Boar?)?
> MM>
> MM>
> MM> --
> MM> "If you want to help - do only what you are capable of. 
> Doing miracles leave
> MM> to others" - kloczek
> MM>
>

Next message: Sebastian: "Re: static char overflow"
Previous message: Sarah Kenna Groark: "Re: Wlan @ bestbuy is cleartext?"
Maybe in reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
Next in thread: Hundley, Gordon - Princeton: "RE: Wlan @ bestbuy is cleartext?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 02 2002 - 12:58:25 PDT