While these guys should be punished, so should Lowe's for being careless and negligent.

It's easy to say that the sysadmins at Lowe's are clowns and should have done this or that. Chances are, they are not clowns and that project timelines, budgets, and other management criteria forced the rollout of their unsecured WiFi network. The solution to that is to get security on the map for management. Make them realize that the cost of not taking the time to secure a network is higher than the cost of slipped deployment dates, added labor, etc.

How do we do that? A class-action lawsuit on behalf of Lowe's customers would do the trick and send the message to corporations to get their act together. It ought to be an easy case to prove, and you probably have plenty of evidence in the public record from this case.

I'm also surprised that credit card companies aren't taking action against Lowe's or others who don't secure that information. If many card numbers had been released into the wild, those companies could have lost millions in fraudulent charges that they have to cover.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/8835/26681#26681