[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40A1FB94.803A3A16@swift.com>
From: jimmy.kuijpers at swift.com (KUIJPERS Jimmy)
Subject: Wireless ISPs
Isn't it also the responsibility of the site where your ordering? To have any data submitted by e-mail to be delivered securely. For
example by having the e-mail itself encrypted?
[devil's advocate mode] Sure, one can also have the debate that wireless links should be encrypted but that's something else entirely,
even a wired link is sniffable and they we're never encrypted. So why encrypt the wireless links? [/devil's advocate mode]
my 2ct,
Jimmy
Sean Milheim wrote:
> I agree with Brian. I feel that merchants sending information through
> email is irresponsible and this is a customer service issue.
>
> We have online ordering and do not send sensitive data via email. None
> of the merchants that I have made online purchases with recently have
> done this either.
>
> However there is also pop3s and imaps.
>
> --
> Sean Milheim <sean@...eus.com>
> iDREUS Corporation
>
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Subject: Re: [Full-Disclosure] Wireless ISPs
> Date: Tue, 11 May 2004 12:20:45 -0700 (PDT)
> From: D B <geggam692000@...oo.com>
> To: Brian Toovey <btoovey@...global.com>
> CC: full-disclosure@...ts.netsys.com
>
> Hi Brian
>
> Sit down sometime inside a wireless ISPs area and run
> kismet. You can see someone connect to a service via
> SSL, then immediately after they purchase something
> they check the email. Guess what ? the Credit card #
> and address are in that email.
>
> Doesn't take some 15 year veteran of the internet to
> see how this is a bad thing.
>
> Go flame some newb who has no brain.
>
> Dan Becker
>
> --- Brian Toovey <btoovey@...global.com> wrote:
> > Dan,
> >
> > Your post is troubling, if not confusing -
> >
> > You are talking about two seperate issues - email
> > confirmations with companies that you buy goods and
> > services from online and wireless data transmission.
> > Most wireless "computer equipment" that is sold now
> > by default comes with some kind of encryption,
> > completely hackable but "encrypted" - so it becomes
> > the end user's responsibility to use the proper
> > equipment / software to protect yourself.
> >
> > The other issue, automatic replies with sensitive
> > data, are best directed to the customer service
> > department of the company in transgression.
> >
> > Dan, the internet is an unsafe place for sensitive
> > data. I would suggest some study in different
> > encryption methodlogies to educate yourself.
> > Education leads to positive, well thought out data
> > communication, which leads to peace of mind.
> >
> > Regards,
> > Brian
> >
> > On May 11, 2004 02:33 PM, D B
> > <geggam692000@...oo.com> wrote:
> >
> > > I'm not real sure how to post this, nor am I sure
> > of
> > > the scope. I am still learning about computers.
> > >
> > >
> > > All transactions done via secure websites are
> > secure,
> > > however the auto mailing feature to confirm orders
> > > sometimes contains sensitive data. When the
> > customer
> > > is on a wireless connection, be it ISP or home LAN
> > > that data is broadcasted in the clear for anyone
> > > within range to eavesdrop. A wired internet
> > connection
> > > limits the number of people who have access to
> > this
> > > data simply by the nature of the internet putting
> > it
> > > within acceptable risk.
> > >
> > > It is legal according to US law to eavesdrop on
> > > wireless connections.
> > >
> > >
> >
> http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm
> > >
> > > The only solutions I can offer are one of two
> > things.
> > >
> > > 1. Quit sending auto confirmations with sensitive
> > data
> > >
> > > 2. Encrypt all wireless transmissions at least
> > making
> > > someone who gains access to this data
> > prosecutable.
> > >
> > > Please direct all flames to /dev/null
> > >
> > > Dan Becker
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > Win a $20,000 Career Makeover at Yahoo! HotJobs
> > >
> > http://hotjobs.sweepstakes.yahoo.com/careermakeover
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > http://lists.netsys.com/full-disclosure-charter.html
> >
> > Brian Toovey
> > igxglobal
> > 389 Main Street Suite 206
> > Hackensack, NJ 07601
> > Ph: 201-498-0555x2225
> > btoovey@...global.com
> >
> > Subscribe to the igxglobal Daily Security Briefing
> > http://www.igxglobal.com/dsb/register.html
> >
> > igxglobal announces Daily Security Briefing
> > newsletter
> > http://www.prweb.com/releases/2004/5/prweb123759.htm
> >
> >
> > The electronic message that you have received and
> > any attachments are solely intended for the use of
> > the addressee(s) and may contain information that is
> > confidential. If you receive this email in error,
> > please advise us by responding to NOC@...global.com.
> > You are required to delete the contents and destroy
> > any copies immediately.
> > igxglobal is not liable for the views expressed in
> > this electronic message or for the consequences of
> > any computer viruses that may be unknowingly
> > transmitted within this message. This electronic
> > message is also subject to standard
> > copyright/ownership laws. It is not intended to be
> > reproduced, or re-transmitted without the consent of
> > the originator.
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> http://hotjobs.sweepstakes.yahoo.com/careermakeover
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists