|
Vulnerability Development
mailing list archives
Re: Wlan @ bestbuy is cleartext?
From: El C0chin0 <mr.nasty () ix netcom com>
Date: 1 May 2002 20:14:13 -0000
In-Reply-To: <NEBBKCHGCLMNNIGJCAMKEEBIMFAA.m.cunningham () xpedite com>
My .02 cents;
I'm not here to tout any specific legal knowledge, hacker
expertise, or
I know what to do banter. The first thing to do is to
notify the
company of the vulnerability as stated earlier. It is
their
responsibility to their customers to protect their
purchases. If the
company does nothing within a reasonable time frame (and
this is
equalivant to approx 5 working days) then it is fare game
for the press.
I've read somewhere after the DDOS attacks in 1999, that
the Justice
Department was considering allowing a liability suite
against
individuals/companies who don't take the necessary security
measures. I
think this would be one such case where not only are the
credit card
numbers transferred in the clear but also certain privacy
issues may
arise. Release of phone number, address, item purchased
etc.
I have notified BB and HomeDepot from their web site. I
don't know if
they will do anything. They have been notified now all we
can do is sit
and wait. Then the lawsuits. Then the store closures.
Then John
Ashcroft blames the economy, then we can all run in and
ransack BB and
take advantage of all the great sales. [;-)]
Frank Kenisky IV, CISSP
 By Date 
By Thread
Current thread:
- RE: Wlan @ bestbuy is cleartext?, (continued)
|
Intro
