It turns out that Best Buy has confirmed the possibility of a risk: >Laurie Bauer, a Best Buy spokeswoman, said security officials ``were aware of the possibility'' and decided to suspend the wireless registers after the posting. She confirmed that credit card numbers were among the data potentially sent through the wireless system. See the full story, an AP wire item picked up nationally at: http://wire.ap.org/APnews/main.html?PACKAGEID=BIZwireless&SLUG=WIRELESS-INSECURITY This may be the first public confirmation of a possible risk presented by a non-anon person. Doesn't excuse the earlier press coverage which lacked such a confirmation. My issue is with the press handling of this and many other earlier 'security' stories. ---Matthew *********** REPLY SEPARATOR *********** On 5/3/2002 at 12:05 AM Ron DuFresne wrote: >I suspect there must have been something to the claims made. Otherwise >we might well have seen Best Buy defend their secuirty integrity with >wireless, and not just close down the toys <smile>. > >Thanks, > >Ron DuFresne > >On Thu, 2 May 2002, Matthew Leeds wrote: > >> Unless I've missed it, I've yet to see anyone positively confirm that >credit card numbers or other data is flying around in the clear on these >networks. I've been amazed (and disappointed) to see press coverage that >appears to be little more than hearsay. Has there been independent >confirmation of credit cards numbers in the clear done by any member of >the press, or done by any individual or organization acting as a source to >the press with a methodology that allows for independent confirmation >(packet captures)? >> >> ---Matthew >> >> *********** REPLY SEPARATOR *********** >> >> On 5/2/2002 at 1:01 PM OBrien, Brennan wrote: >> >> >Just so I'm clear... I know I remember the discussion of "security by >> >obscurity" going the way of the dodo bird, but when did we decide >> >"security through humiliation" was a good technique?? >> > >> >From the Best Buy response below, it sure looks like they made an honest >> >mistake in their practices -- SOMETHING EVERY ONE OF US HAS DONE IN THE >> >PAST. So, now we're going to raise fear, uncertainty and doubt in the >> >(already a little flighty) buying public which could scare away more >> >consumers and really hurt these guys. Is this issue fact? Yes. Does >the >> >public at large get it? Nope, not really. >> > >> >Funny thing about guns... When you pull the trigger, you not only need >to >> >know what you're hitting, but what's beyond it in case the bullet goes >all >> >the way through.. >> > >> >Sarah, it was really cool of you to send them your note. Good job. >> > >> >> >> > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >"Cutting the space budget really restores my faith in humanity. It >eliminates dreams, goals, and ideals and lets us get straight to the >business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > >OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Fri May 03 2002 - 11:52:40 PDT