Announcement

Collapse
No announcement yet.

Best Buy and 802.11

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Best Buy and 802.11

    "Major US retail chain Best Buy has been forced to close down its wireless cash registers after security experts revealed it had been making credit card information available to anyone in the vicinity with the equipment to detect wireless networks. And global supermarket giant WalMart and US pet store PetSmart are under pressure to investigate claims their systems have exactly the same flaws. According to US reports, Best Buy closed down its wireless cash registers last night to investigate the issue.

    Best Buy's action follows a day of heated discussion on security newsgroups after an anonymous person said he had accidentally picked up credit card numbers while testing his newly purchased WLAN (wireless local area network) equipment in the retail shop's car park. Other newsgroup subscribers confirmed they had also noticed the same problem."

    Wow, I've thought about something like this happening, but which idiot decided to make all the registers wireless? Is it that difficult to draw a cable to the register? Any thoughts or experience regarding this?

  • #2
    It should be noted that I don't have very much expertise in this area, but it is very surprising to me that they do not encrypt this data. Whether is is wireless or wired, it should be encrypted. this is very disturbing and I really hope that some changes are made soon to any other stores doing this.

    Comment


    • #3
      Even if it is encrypted, it can still be crakced.
      Also, another thing which is quite disturbing. While at a fast food joint, with an ATM machine inside, I noticed that the ATM was connected through a phone line. I wonder if that information is encrypted, and how secure that telephone line is. Has anyone else seen the ATMs which use phone lines?

      Comment


      • #4
        ATM...

        At one of the places I work (a gas station.) The atm has a free ethernet jack in the back..to allow for software upgrades, diagnostics, etc. when it was put in the sofware was loaded from a windows 98 laptop.
        Also it uploads the account data stored in it once a night via either phoneline or ethernet (not sure wasn't that interested at the time).
        Nuke 'um till they glow
        then shoot 'um in the dark
        babalyon(sp)5

        Comment


        • #5
          Re: ATM...

          Originally posted by d0gcomplex
          At one of the places I work (a gas station.) The atm has a free ethernet jack in the back..to allow for software upgrades, diagnostics, etc. when it was put in the sofware was loaded from a windows 98 laptop.
          Also it uploads the account data stored in it once a night via either phoneline or ethernet (not sure wasn't that interested at the time).
          I don't know the exact machine you're talking about, but from what I've seen there's two main varieties: the ones that use dial-up for fund verification/transfer, and those that use ISDN. I've never seen one that's running strictly over ethernet; you might want to look a little closer at the connector and see if it's RJ-45 (ethernet) or RJ-48 (ISDN).

          For what it's worth, most of the 'get-your-pre-reserved-movie-ticket' machines out front of the theatres in malls here seem to use ISDN for their connectivity - as do many of the payphones and mall stores (for Southern Californians, take a trip to the Block at Orange to see what I mean). Bizarrely enough, there are even unlocked weatherproofed cases in several of the planters housing anywhere from two to eight standard RJ-48 interfaces. It'd be interesting to stick a TA or NT2 on them and see what comes up.

          Comment


          • #6
            As for the original post, DSW shoe warehouse and Petsmart have the same problem.
            the fresh princess of 1338

            What did I do to make you think I give a shit?

            Comment


            • #7
              Somewhat tracked slightly differently, the Ford company has also had it's recent bouts against a similar evil.

              Brief coverage:
              http://quote.bloomberg.com/fgcgi.cgi...TaHhWtRXhwZXJp

              More detailed:
              http://news.com.com/2100-1017-916940.html


              aaahh... the power of being socially creative
              if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

              Comment


              • #8
                And another 802.11 slipup:

                http://geek.com/news/geeknews/2002ma...0520011784.htm

                Is it safe to assume these are probably just icons for the actual security negligence regarding wireless technology?
                if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                Comment


                • #9
                  http://www.msnbc.com/news/746380.asp?0dm=T28DT

                  Comment


                  • #10
                    also growingly popular for surveilance.. kinda expected:
                    http://www.newsbytes.com/news/02/176750.html
                    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                    Comment


                    • #11
                      Common security issues with wireless in it's current existance:
                      http://geek.com/news/geeknews/2002ma...0528011905.htm
                      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                      Comment


                      • #12
                        Originally posted by nulltone
                        While at a fast food joint, with an ATM machine inside, I noticed that the ATM was connected through a phone line. I wonder if that information is encrypted, and how secure that telephone line is. Has anyone else seen the ATMs which use phone lines?
                        There is an ATM in the lobby of the Anchorage, Alaska Hilton... I stuck my card in there and punched in my info PIN, withdraw, yeah I'll pay the 1.50 to get my own damn $$...

                        Then I heard a dial-tone from around behind the machine and beep-beep boop... as it dialed a friggin phone number with the modem speaker cranked up to 90db (ok, not that loud but you get the idea)

                        All kinds of ideas there. I'll leave it to your imagination.

                        ~G
                        Gack
                        "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato

                        Comment


                        • #13
                          sounds like you could have reconstructed packets just from the volume.. heh..
                          if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                          Comment


                          • #14
                            Re: Best Buy and 802.11

                            Originally posted by nulltone
                            [B Any thoughts or experience regarding this? [/B]
                            Best Buy reactivates wireless LAN cash registers
                            http://www.computerworld.com/mobilet...,72024,00.html
                            Favorite Quote:

                            Laurie Bauer, public relations director for Eden Prairie, Minn.-based Best Buy, told Computerworld in an e-mail last night that the company had returned the wireless registers to service after adding additional security measures that she did not identify.

                            Comment

                            Working...
                            X