RE: Wlan @ bestbuy is cleartext?

From: Duffy, Shawn (SDuffyat_private)
Date: Fri May 03 2002 - 06:22:17 PDT

Next message: alrferreiraat_private: "Re: Preventing XSS in PHP..."

Previous message: William N. Zanatta: "Re: Preventing XSS in PHP..."
Maybe in reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
Next in thread: Peter Gutmann: "RE: Wlan @ bestbuy is cleartext?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our company is currently conducting requests with Best Buy.
We can certainly verify the claims, but not without permission.  It's
a LEGAL thing with me ;)

Shawn.

- -----Original Message-----
From: Matthew Leeds [mailto:mleedsat_private]
Sent: Thursday, May 02, 2002 5:17 PM
To: vuln-devat_private
Subject: RE: Wlan @ bestbuy is cleartext?

Unless I've missed it, I've yet to see anyone positively confirm that
credit card numbers or other data is flying around in the clear on
these networks. I've been amazed (and disappointed) to see press
coverage that appears to be little more than hearsay. Has there been
independent confirmation of credit cards numbers in the clear done by
any member of the press, or done by any individual or organization
acting as a source to the press with a methodology that allows for
independent confirmation (packet captures)?

- ---Matthew

*********** REPLY SEPARATOR  ***********

On 5/2/2002 at 1:01 PM OBrien, Brennan wrote:

>Just so I'm clear... I know I remember the discussion of "security
>by obscurity" going the way of the dodo bird, but when did we decide
>"security through humiliation" was a good technique??  
>
>From the Best Buy response below, it sure looks like they made an
>honest mistake in their practices -- SOMETHING EVERY ONE OF US HAS
>DONE IN THE PAST.  So, now we're going to raise fear, uncertainty
>and doubt in the (already a little flighty) buying public which
>could scare away more consumers and really hurt these guys.  Is this
>issue fact? Yes.  Does the public at large get it?  Nope, not
>really. 
>
>Funny thing about guns... When you pull the trigger, you not only
>need to know what you're hitting, but what's beyond it in case the
>bullet goes all the way through.. 
>
>Sarah, it was really cool of you to send them your note.  Good job. 
> 
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPNKPs89b0XjZv5u0EQK70gCggdmNvcPsDlg/tZpG5DI4i1pUGu0AoNXS
7HQ2WdHqPoseqB5isqpsNRfJ
=7oJP
-----END PGP SIGNATURE-----

Next message: alrferreiraat_private: "Re: Preventing XSS in PHP..."
Previous message: William N. Zanatta: "Re: Preventing XSS in PHP..."
Maybe in reply to: Blue Boar: "Wlan @ bestbuy is cleartext?"
Next in thread: Peter Gutmann: "RE: Wlan @ bestbuy is cleartext?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 03 2002 - 11:05:47 PDT