Hi Brian Sit down sometime inside a wireless ISPs area and run kismet. You can see someone connect to a service via SSL, then immediately after they purchase something they check the email. Guess what ? the Credit card # and address are in that email.
Doesn't take some 15 year veteran of the internet to see how this is a bad thing. Go flame some newb who has no brain. Dan Becker --- Brian Toovey <[EMAIL PROTECTED]> wrote: > Dan, > > Your post is troubling, if not confusing - > > You are talking about two seperate issues - email > confirmations with companies that you buy goods and > services from online and wireless data transmission. > Most wireless "computer equipment" that is sold now > by default comes with some kind of encryption, > completely hackable but "encrypted" - so it becomes > the end user's responsibility to use the proper > equipment / software to protect yourself. > > The other issue, automatic replies with sensitive > data, are best directed to the customer service > department of the company in transgression. > > Dan, the internet is an unsafe place for sensitive > data. I would suggest some study in different > encryption methodlogies to educate yourself. > Education leads to positive, well thought out data > communication, which leads to peace of mind. > > Regards, > Brian > > On May 11, 2004 02:33 PM, D B > <[EMAIL PROTECTED]> wrote: > > > I'm not real sure how to post this, nor am I sure > of > > the scope. I am still learning about computers. > > > > > > All transactions done via secure websites are > secure, > > however the auto mailing feature to confirm orders > > sometimes contains sensitive data. When the > customer > > is on a wireless connection, be it ISP or home LAN > > that data is broadcasted in the clear for anyone > > within range to eavesdrop. A wired internet > connection > > limits the number of people who have access to > this > > data simply by the nature of the internet putting > it > > within acceptable risk. > > > > It is legal according to US law to eavesdrop on > > wireless connections. > > > > > http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm > > > > The only solutions I can offer are one of two > things. > > > > 1. Quit sending auto confirmations with sensitive > data > > > > 2. Encrypt all wireless transmissions at least > making > > someone who gains access to this data > prosecutable. > > > > Please direct all flames to /dev/null > > > > Dan Becker > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > Win a $20,000 Career Makeover at Yahoo! HotJobs > > > http://hotjobs.sweepstakes.yahoo.com/careermakeover > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > Brian Toovey > igxglobal > 389 Main Street Suite 206 > Hackensack, NJ 07601 > Ph: 201-498-0555x2225 > [EMAIL PROTECTED] > > Subscribe to the igxglobal Daily Security Briefing > http://www.igxglobal.com/dsb/register.html > > igxglobal announces Daily Security Briefing > newsletter > http://www.prweb.com/releases/2004/5/prweb123759.htm > > > The electronic message that you have received and > any attachments are solely intended for the use of > the addressee(s) and may contain information that is > confidential. If you receive this email in error, > please advise us by responding to [EMAIL PROTECTED] > You are required to delete the contents and destroy > any copies immediately. > igxglobal is not liable for the views expressed in > this electronic message or for the consequences of > any computer viruses that may be unknowingly > transmitted within this message. This electronic > message is also subject to standard > copyright/ownership laws. It is not intended to be > reproduced, or re-transmitted without the consent of > the originator. > > > > > > > > __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html