"Open" like you can access their internal protected network after receiving an IP address?

Unless you have performed some recon to determine what you can actually touch, this might be a non-issue to them.

At the same time, depending on your local laws, this recon activity may get you in trouble.

What sort of retail store is it?

If it is a coffee shop for instance, it might be open on purpose for customer use... It's a bit too vague for me to make a judgement call.

Hi,

It is LARGE . Google says it has a turn over of 12.5 Billion pounds and has over 350 store, somewhat a bit on the big side I would say!

By the way no internet access once you join the network. So I would guess not for public consumption.

Dav

Ignore it and move on.  It is not your responsibility.  While you are being a nice guy in trying tell management, it is beyond your responsibility.

Now, I'll indulge you for a minute.  If you decide to send a letter, make sure it is certified so you know if/when they get it.

Blowing the PCI DSS whistle may not be enough, because for PCI DSS you only need to encrypt any traffic which touches credit card data.

And time for the reality check.  You are one step above some kid with a new laptop who wants to war drive in his neighborhood to sell their services as a "security professional" by locking down wireless routers.

And last but, not least, you did not obtain permission to access their network.  As mentioned, depending on where you are, simply obtaining an IP and browsing the network is an illegal act.  You've admitted to doing this twice.  Once on your phone and once on a laptop.  You also have tried to use the networks internet.  The internet may have a proxy.  Leading me to believe that you are not familiar with the concepts of networking or security beyond "Let's try to connect to open APs".

Doing something ethically, means not breaking laws, having permission, and signed contracts limiting your liability. You say you are being ethical, since you like movie quotes, "You keep using that word. I do not think it means what you think it means." - The Princes Bride.

Although I have posted something different, I would also recommend to adhere to unsupported's advice as it seems more equitable. Haven't thought of the "it's none of your business" thing.

I just wanted to say a big thank you to you all for your posts.

I actually wrote the letter yesterday, but did not send it. It is still on my desk.

My 'Ethics' are based on honesty and integrity.

You are correct in saying if they do not want to listen - it is their problem.

I just feel that if some took the time to sit down and hack it they may be able to sniff the data between the petrol station and the main store and capture customer data. ( I have now spotted the 2 Cicso wifi antenna bridging the to sites) Or Nessus scan the network break in etc and walk the network from there.

Ok. The Letter is now trashed. I gave it to the dog he is best shredder I ever bought, organic too 

In the words of Paul Mcgee I will S.U.M.O ( Shut Up and Move On)

Cheers!

Dav

Hi Ants,

I only use cash at that store. Although saying that a skimming 'device' was found at the ATM outside the store back in March, so what you gonna do 

Dav