> AFAIK all Symbol WLAN equipment support WEP and almost all of their > equipment supports their kerberos authentication capability.
I don't think kerberos would help protect the SQL payload. > So why roll out a insecure implementation in the first place? If the > device has no security capabilities, why use it? Security is only one in a list of priorities. Another might be interoperability with existing equipment. If a secure solution would require replacing tens of thousands of dollars of equipment and a major upheaval, I imagine there are companies would take the risk. > There are many other retailers with the exact same problem It's long past time for the use of credit card numbers in retailers to be phased out... All card-present authentication could have been done with a secure challenge-response mechanism using smartcards for a couple of years now. Card readers are so much cheaper than magnetic stripe readers that even retailers still using carbon-paper authentications could have moved over by now without prohibitive expense. There's no reason for any data handed over in a transaction to be able to validate another transaction. If the credit card issuers are only *just* getting to grips with this kind of secure technology, I don't think it's particularly damning that a retailer has problems with transmitting data insecurely. At this point in time, it's probably more likely for an employee to skim the cards and produce a duplicate than for someone to capture them off-air. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
