Cracking wise

A couple kids hacked into a Lowes store database and grabbed a bunch of credit card numbers. They did it wirelessly from the parking lot no less and frankly I’m surprised it was even possible. When I ordered a custom item a couple weeks ago, I noticed that Lowes’ internal systems are all tied into open source programs. Custom ordering terminals are running what looked like Redhat, and my order was entered into a mozilla browser (with the URL address bar hidden), running a web app with basic web forms for all data entry.

I suspect these dorks in the parking lot sniffed the traffic and got in. Hopefully Lowes starts using ssh tunnels and https for all communication on the wire, and puts a more robust wireless security system in place. It’d be nice if they released their software somewhere or left it open to public review, so the open source community could find these gaping holes and fix them before they become a problem.

Published by mathowie

I build internet stuff.

%d bloggers like this: