Re: Wlan @ bestbuy is cleartext?

[Valdis.Kletnieks () vt edu]

On Wed, 01 May 2002 18:21:23 PDT, Jonathan Bloomquist said:
> Corporate IT staff are paid to know better than to put
> insecure technology into production and they need to
> be held accountable if they make such a boneheaded
> move.

How many corporate networks have dumped Outlook so far?

How many corporate sites still run IIS because a conversion to
Apache would be even more costly than getting hacked every 2 months?

It's *quite* possible that at least some of these IT staffers did
the calculation: "Hmm... if we deploy this, we can expect $2M/year in
writeoffs due to guys out in the parking lot with pringle-can yagis, but
we'll save $4M/year, so we'll be ahead anyhow..."  It's all trade-offs,
and nothing news to the big corporations - I'm *positive* that the master
financial plan for Best Buy already has a line item for "write off 2.3%
of all credit card transactions" and that such write-offs are a standard
part of doing business.  They may decide that it's easier and cheaper to
just raise their write-off margin to 2.7% rather than fix the problem....

And factor *THIS* into the equation - let's say that Very Large Chain
Q-Mart decides to run wireless without any security.  Perhaps they had
a *reason*.  Like - if any security is disabled, you can deploy devices
that can hop onto the net without any assistance - so it's safe to give
these handheld scanners/etc to a $7/hour functional illiterate.  On the
other hand, if security is enabled, it's quite possible for the device
to get confused and be unable to talk.  This not only means that you've
just idled the $7/hour worker until it's fixed, it means you need to find
an actual *literate* and *competent* person, who's probably costing you
a lot MORE than $7/hour, to unsnarl the mess and figure out what happened.

                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech