.

Asking To Get Owned?

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Aug 21, 2009 11:38 pm

Asking To Get Owned?

Alright, I have a friend who works at Best Buy. He works in the computer section and over there they've partnered with a couple ISP's to help get customers set up with internet at their homes. I was making the ISP switch just last week when I noticed that the computer they were using to sign customers up for internet service had no Anti-Virus / Firewall. It honestly just looked like a default out of box installation of Vista.

Once I noticed this I instantly went, "wow", and mentioned it to my buddy (the guy who works there). He goes, "Yeah, I Know Bro, Can You Believe They Use WEP For Our Routers Encryption Too?". Was in a sort of 'wow' moment there for a second and I thought, "This is the home of the Geek Squad", you'd certainly think they have a networking guy on board somewhere that's concerned with this?

Maybe I'm just rambling on about nothing here, but I definitely see how attackers pull off these mass credit card stings from examples like how TJ Max got hacked awhile back :
http://news.cnet.com/T.J.-Maxx-hack-exposes-consumer-data/2100-1029_3-6151017.html and even more recent ones. I instantly thought to myself, that there could be a guy in a van in the parking lot right now with an ALFA card sniffing traffic and they wouldn't know. I guess I was just surprised to see companies relying on WEP as a security scheme when it can be broke in a matter of minutes. I wouldn't be surprised to hear about this Best Buy getting owned within a few months if they keep this up. It's unpredictable to really say how long they've been using WEP for their encryption and what other computers don't have proper protection.

Just my rant though, any thoughts on the subject?
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sat Aug 22, 2009 12:39 am

Re: Asking To Get Owned?

It's a shame, but people never seem to surprise me when it comes to security.  I have too seen tons of WEP implementations, even in government.  Although, I find that physical security is almost always a lacking.  That brand new shiny firewall isn't going to save you if someone walks out with your server.
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sat Aug 22, 2009 1:15 am

Re: Asking To Get Owned?

There was recently a similar thread at EH-Net, were a weak security was found on some shop iirc. It's no rarity that also companies and other institutions have no proper setup of their security and therefore are vuln. although they should know better.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Sat Aug 22, 2009 2:14 am

Re: Asking To Get Owned?

Like Ketchup, it takes alot to surprise me when it comes to InfoSec.
Even the most basic practices are overlooked. We have to remember though that not every one or organisation shares the passion.
<<

Laz3r

Post Sat Aug 22, 2009 2:36 am

Re: Asking To Get Owned?

xXxKrisxXx wrote: "This is the home of the Geek Squad"

Which is exactly why you shouldn't be surprised.  =P
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Aug 22, 2009 11:46 am

Re: Asking To Get Owned?

Laz3r wrote:
xXxKrisxXx wrote: "This is the home of the Geek Squad"

Which is exactly why you shouldn't be surprised.  =P


I was thinking the same thing. I mean, how often do we hear that Geek Squad is stealing data off machines brought in for repair.
OSWP, Sec+

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software