It comes as no surprise; however, many of these retailers that *claim* that they have "securified" their wireless networks have done nothing shy of a smokescreen to dispel any rumors and raise consumer confidence levels back up again.

If customers *feel* that they're secure, then they'll buy/spend more at those retail shops. Pretty simple, huh? Then again, it's nothing short of a lie on the part of the PR person from said XYZ retail company.

So far, I have found this to be the case at several retail stores locally (here in my metropolitan area) in recent years, and strangely enough, both Home Depot and Best Buy (last time that I checked, and at several locations) continue to operate their wireless networks unsecured.

Now that Lowes has identified a problem with their environments, this also takes the guessing out whether or not if Lowes is really secured or not. I will be checking there as well, more or less a curiousity to see if they truly are secured, or if they will grant me access to their internal networks. In regards to Wal-Mart, that too, like Best Buy and Home Depot, varies from store to store.

Some other places to check for broadcasted, *unsecured* wireless networks: 2 local grocery foodstores, Sears, Target, Circuit City, CompUSA, et. al. Upon doing a routine sniff of the area, I found one of my local grocery stores uses the older-styled Symbol handheld scanners. NO WEP!!! Can I do any damage with that? Dunno, maybe screw up inventory counts? And, since Symbol's data stream formats have been available for some time, it wouldn't take long to figure out which is what from what or where. I might not have credit card information, but I sure as Hell could screw this grocery store chain; they're expensive!

'nuf said; are there more retailing companies out there that use unsecured networks? Hell yeah! And all you need is a decent sniffer (Ethereal, windump, tcpdump, snort, sniffit, et. al), a wardriving tool (Wellenreiter, Kismet, AirSnort, et. al), and some console utilities to mask yourself as a "Macintosh user" (even though you use operating system), you can pose as a legitimate customer, whilst sniffing their networks, during daytime hours when THEY LEAST EXPECT IT! NOT in an empty parking lot WHEN YOU'RE THE ONLY CAR IN THE LOT!!! Use a handheld device; then when someone asks what you are doing, you are jotting notes down from your wife/girlfriend/roommate of things to buy/purchase or are making notes on prices, since you're a fruggal shopper. ;) None of these places have anything to do what that. What's next? Door-to-door security "gestapo grunts" who barely know any English, frisking every single person who walks into their store with a personal item (purse, wallet, etc.)? I don't think so, and if that were the case, I wouldn't shop there any more. Retailers cannot afford to loose what little left of their customer base that they're clinging onto. It's bad enough that we're going into yet-another-dismally-bleak Christmas-time; retailers are hoping NOT to reduce prices to attract customers. Want to hurt a retailer that you don't like? Screw up their inventory, make their POS cash registeres go BOINK (or not operate at all because their network is being saturated with ping-flood attacks), or just flood their entire network with porno pics!

Credit cards are soooo passe.

Mark

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/7438/23749#23749