Vulnerability Development mailing list archives
Re: Wlan @ bestbuy is cleartext?
From: <rhandorf () mail russells-world com>
Date: Wed, 1 May 2002 12:47:25 -0400 (EDT)
hehe- yeah, this is a known thing in the underground. ever been to a homedepo? lucent equipment everywhere. let this be a lesson to everyone that paying in cash is STILL the better thing to do :) -r On Wed, 1 May 2002, Blue Boar wrote:
I was asked to anonymously proxy this question to the list. Here ya go.
BB
----------------------------------------------------------------------------------------------------
This past week I went to bestbuy to purchase a D-link wlan card... egar to
get my laptop up and running while in the car I put my card in and
installed the driver. I noticed the traffic light was lit up as if I had a
connection. Out of curriosity I fired up kismet and sure enough there were
packets flying through the air right infront of BestBuy. Well I decided to
run in an try to make a Credit Card purchase real quick to verify that my
info was not going all over the parking lot in the clear. Well after
sorting out my logs I noticed what looked to be like SQL queries and table
headers in my logs ... things such as CUSTOMER_ROUTEID, BANKNAME,
REGISTER_ID and things of that nature... luckily no where in that data did
I find my own credit card. Non the less I decided to run to the store next
to BestBuy while I left me PC on grabbing packets. Well yesterday I sorted
through the data collected and this time I did indeed find a RAW clear text
credit card number....not mine ... but definately a credit card number.
Heres my delima... I checked out a few of the other best buy stores for
"beacon packets" and everyone I drove by was sending them out...so I assume
all BestBuy's are wlan enabled. What I need to find out is ... are
BestBuys's Cash register terminals indeed using wlan and are they indeed
sending out MY data in the clear... I am NOT comfortable using my credit
card at ANY BestBuy as of right now... due to legality though I don't feel
comfortable walking into the store and confronting someone about it.... for
all I know it could be standard BestBuy corp. practices to use nonsecure
wlan. I figured by starting a thread other people that have attempted this
may have more info or some from BestBuy may be reading the list and they
may pipe up.
----------------------------------------------------------------------------------------------------
Current thread:
- Wlan @ bestbuy is cleartext? Blue Boar (May 01)
- Re: Wlan @ bestbuy is cleartext? rhandorf (May 01)
- Re: Wlan @ bestbuy is cleartext? Ron DuFresne (May 01)
- Re: Wlan @ bestbuy is cleartext? Philip Rowlands (May 01)
- <Possible follow-ups>
- RE: Wlan @ bestbuy is cleartext? Duffy, Shawn (May 01)
- RE: Wlan @ bestbuy is cleartext? H C (May 01)
- RE: Wlan @ bestbuy is cleartext? Michael Cunningham (May 01)
- Re: Wlan @ bestbuy is cleartext? John (May 01)
- RE: Wlan @ bestbuy is cleartext? RayW (May 01)
- Re: Wlan @ bestbuy is cleartext? Nick Lange (May 01)
- RE: Wlan @ bestbuy is cleartext? H C (May 01)
- RE: Wlan @ bestbuy is cleartext? Ron DuFresne (May 01)