EH-Net

Alright, I have a friend who works at Best Buy. He works in the computer section and over there they've partnered with a couple ISP's to help get customers set up with internet at their homes. I was making the ISP switch just last week when I noticed that the computer they were using to sign customers up for internet service had no Anti-Virus / Firewall. It honestly just looked like a default out of box installation of Vista.

Once I noticed this I instantly went, "wow", and mentioned it to my buddy (the guy who works there). He goes, "Yeah, I Know Bro, Can You Believe They Use WEP For Our Routers Encryption Too?". Was in a sort of 'wow' moment there for a second and I thought, "This is the home of the Geek Squad", you'd certainly think they have a networking guy on board somewhere that's concerned with this?

Maybe I'm just rambling on about nothing here, but I definitely see how attackers pull off these mass credit card stings from examples like how TJ Max got hacked awhile back :
http://news.cnet.com/T.J.-Maxx-hack-exposes-consumer-data/2100-1029_3-6151017.html (http://news.cnet.com/T.J.-Maxx-hack-exposes-consumer-data/2100-1029_3-6151017.html) and even more recent ones. I instantly thought to myself, that there could be a guy in a van in the parking lot right now with an ALFA card sniffing traffic and they wouldn't know. I guess I was just surprised to see companies relying on WEP as a security scheme when it can be broke in a matter of minutes. I wouldn't be surprised to hear about this Best Buy getting owned within a few months if they keep this up. It's unpredictable to really say how long they've been using WEP for their encryption and what other computers don't have proper protection.

Just my rant though, any thoughts on the subject?

It's a shame, but people never seem to surprise me when it comes to security.   I have too seen tons of WEP implementations, even in government.   Although, I find that physical security is almost always a lacking.   That brand new shiny firewall isn't going to save you if someone walks out with your server.

There was recently a similar thread at EH-Net, were a weak security was found on some shop iirc. It's no rarity that also companies and other institutions have no proper setup of their security and therefore are vuln. although they should know better.

Like Ketchup, it takes alot to surprise me when it comes to InfoSec.
Even the most basic practices are overlooked. We have to remember though that not every one or organisation shares the passion.

Which is exactly why you shouldn't be surprised.  =P

I was thinking the same thing. I mean, how often do we hear that Geek Squad is stealing data off machines brought in for repair.