Another WiFi Security Breach
- Thread starter rpadula
- Start date
kimberlyanne546
Final Approach
OMG hackers are taking over the world!
wanttaja
En-Route
poadeleted21
Touchdown! Greaser!
- Joined
- Aug 18, 2011
- Messages
- 12,332
If I were so inclined, I think i'd find something better to do with my time than put porn on Best Buy TVs. Juvenile script kiddies. Good hacking goes unnoticed :wink2:
kimberlyanne546
Final Approach
Kind of like when you have a good waiter and you don't notice them refilling your water glass? Then you look and think "I thought that glass was more empty than that." Like magic...
I was gonna say *just* that.
"Nothing could be done about it" because there's not a Best Buy employee within 100 miles who knows jack sh* about the stuff they sell.
"Nothing could be done about it" You know. once a picture is uploaded to a TV it burns itself into the screen permanently.
Maybe I should offer my technical services to Best Buy. I'll the company "Nerd Squad.
"Nothing could be done about it" You know. once a picture is uploaded to a TV it burns itself into the screen permanently.
Maybe I should offer my technical services to Best Buy. I'll the company "Nerd Squad.
gprellwitz
Touchdown! Greaser!
- Joined
- Jun 19, 2005
- Messages
- 12,765
- Location
- Romeoville, IL
- Display Name
Display name:
Grant Prellwitz
Hmmm, Missa had that problem with another kind of glass at Wings a couple years ago!
woodstock
Final Approach
That's happened to me with wine. Except I never did notice until it was time to get up and leave.
Palmpilot
Touchdown! Greaser!
Good use of comedy, but the news story says the image was "up for several minutes," and that "we worked immediately to disable the inappropriate content," so apparently something WAS done about it within "several minutes."
Maybe the "nothing could be done about it" meant that they didn't know about the upload from the previous night until it was seen in the morning.
woodstock
Final Approach
Why does this remind me of the movie "40 year old virgin"?
wsuffa
Touchdown! Greaser!
It's Best Buy. Nothing else need be said.
She was offended by it. Positioning for a lawsuit?
She was offended by it. Positioning for a lawsuit?
Capt. Geoffrey Thorpe
Touchdown! Greaser!
- Joined
- Jun 7, 2008
- Messages
- 15,688
- Location
- DXO124009
- Display Name
Display name:
Light and Sporty Guy
Good use of comedy, but the news story says the image was "up for several minutes," and that "we worked immediately to disable the inappropriate content," so apparently something WAS done about it within "several minutes."
How hard can it be to turn a TV off?
gprellwitz
Touchdown! Greaser!
- Joined
- Jun 19, 2005
- Messages
- 12,765
- Location
- Romeoville, IL
- Display Name
Display name:
Grant Prellwitz
At Best Buy? Remember, that requires technical expertise!How hard can it be to turn a TV off?
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
Palmpilot
Touchdown! Greaser!
How hard can it be to turn a TV off?
Monday morning quarterbacking is easy. Given that it probably took them by surprise, I'm guessing that they were in a panic, and the quickest, easiest solution may not have immediately occurred to them. Also, if it was every TV in the store, that might not have seemed like the quickest solution.
Palmpilot
Touchdown! Greaser!
Would you necessarily expect the salespersons who happened to be on duty to know that there was a router, where it was, and that unplugging it would terminate the display?
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
Well, one would hope that the "agents" at the store's Geek Squad "precinct" would know those details.
(Unless, of course, they outsourced the installation and setup of the system, for which I wouldn't blame them.)
-Rich
jjflys
Pre-takeoff checklist
If this was Geek Squad I'm sure they would charge at least $300 to fix this.. 
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
If this was Geek Squad I'm sure they would charge at least $300 to fix this..
And they would have reformatted the TV so it couldn't display anything ever again...and say that was how it was when it got there.
denverpilot
Tied Down
There's never cause for panic.
It's a wall of TVs with boobs on it, not 100 confirmed nuclear-tipped MIRVs inbound. Sheesh.
"Best Buy: Reaping the benefits of our pay-scale."
Palmpilot
Touchdown! Greaser!
rainsux
Line Up and Wait
denverpilot
Tied Down
More Monday morning quarterbacking. Gotta have somebody to feel superior to.
That's not the definition of "Monday Morning Quarterbacking". That's usually a phrase reserved for people who've never done the job.
I've dealt with worse tech "crises".
A bunch of boobs on TVs in a Best Buy is a prank that will be forgotten (especially these days with a flood of new crises to talk about every few minutes from the Internet) in a couple of days. The funny part is not being able to turn them off. To me anyway. I can imagine that even if there was one sharp cookie who suggested killing the breaker to that area as a definitive way to black out the dreaded human boobies (ha!), there'd be at least one or two "frightened" managers with access to the breaker panel who'd veto it.
The kinds of "don't panic" stuff I've seen, shuts down entire companies, and if you panic and don't respond correctly, the shutdown will be permanent or at least long enough to shake your customer's trust to the point that they won't be renewing their contracts next year. You fix it, now.
Script kiddies posting porn isn't even worthy of a news article, really. For multiple reasons. Mainly 'cause there's a lot worse going on out there these days.
So I have no need to "feel" superior. I simply stated the facts that at that pay scale, no one there is exactly responsible for the long term overall health of Best Buy, Inc. critical decision-making isn't high on the hiring skills priority list at a Best Buy.
From a friend's stories of working there, Best Buy's management style really does prefer that employees don't do much thinking. They actually prefer it that way.
Consistently mediocre service with a bunch of lip-service towards wanting feedback on how to do things better -- which is exactly what they don't want -- was his experience.
This one falls in the "won't matter by next week" round file. Thus, my "don't panic" statement. It's closer to the "grab some popcorn and watch the show" level of network security, honestly. Hackers indeed.
This was the cybersecurity equivalent of putting a flaming bag of poo on the front porch and ringing the doorbell.
Palmpilot
Touchdown! Greaser!
I apologize for my lack of writing skill!
What I meant to convey is that it's easy to second guess how people deal with unexpected situations after the fact, while sitting in front of our computers with no angry customers around.
I was thinking more in terms of the "dealing with upset retail customers" crisis! I can only imagine what it must have been like to be in the sales personnel's shoes.
They did get the unwanted pictures off. "Several minutes" does not sound like an inordinate amount of time to me, given that the sales personnel were probably not trained to deal with this kind of problem.
Unless I knew for sure that I knew how to reboot any equipment that was on those breakers, *I* would be reluctant to turn off the breaker, and I'm an EE. I wouldn't want to do it if there was any chance of shutting down sales for the rest of the day, or even a couple of hours.
But there's something else I don't understand about your comments: If you feel that the "dreaded human boobies" are not that big a deal in the grand scheme of things (and I agree), why the criticism that they didn't get them taken down fast enough?
True, but I'm just trying to imagine what it must be like for a person working in retail to be confronted with something that is upsetting customers.
No reason I can see why it should be.
Sounds like an excellent source of applicants for the TSA!
This one falls in the "won't matter by next week" round file. Thus, my "don't panic" statement. It's closer to the "grab some popcorn and watch the show" level of network security, honestly. Hackers indeed.
This was the cybersecurity equivalent of putting a flaming bag of poo on the front porch and ringing the doorbell.
"Don't panic" is easy to say when you're not the one who is confronted with upset customers.
Of course, I don't KNOW that they were in a panic; I'm just imagining what it would be like to be working in retail and confronted with that situation. "Your mileage may vary."
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
The boobies on the screen issue is somewhat of a smokescreen, actually.
I think considering the fact that Best Buy, through its Geek Squad "precincts," offers services including setting up WiFi networks to residential and business clients, the company probably would rather that the publicity center around boobies rather than the more serious questions of how their security was breached in the first place, and what else besides the video server may have been exposed during the breach.
It's quite possible, as Palmpilot alluded to, that the same network that runs the register also handles the video to the display televisions. Is it that big a stretch to postulate that the "hackers" used the boobies as a diversion while they downloaded the data they really wanted?
I think considering the fact that Best Buy, through its Geek Squad "precincts," offers services including setting up WiFi networks to residential and business clients, the company probably would rather that the publicity center around boobies rather than the more serious questions of how their security was breached in the first place, and what else besides the video server may have been exposed during the breach.
It's quite possible, as Palmpilot alluded to, that the same network that runs the register also handles the video to the display televisions. Is it that big a stretch to postulate that the "hackers" used the boobies as a diversion while they downloaded the data they really wanted?
denverpilot
Tied Down
Ahh... I see. Perhaps it's a bad thing to say this, but the average Best Buy customer being angry about naughty stuff on all the TV's would probably just make me laugh. Whether or not I could allow the grin to sneak out to my face, would be more of how the bosses were reacting to the situation than anything.
What a great story to tell over beers later! "So... there was this one lady who was about to have a conniption fit... she apparently didn't know that if you don't want to look at something, you can turn around..."
Something I read said upwards of 30 minutes, but I don't have the link now. I'm sure Best Buy's PR said "several minutes" to the press. LOL!
Understood, again... situational. If customers are apoplectic and someone felt they had to act "now, now, now"... kill it. If the Point-of-Sale system in that area is hanging off the breaker the TVs are on, that shouldn't be a big deal.
If someone was stupid enough to put the PoS SERVER or other critical stuff on a breaker that's feeding displays on the floor... that's just god-awful design and probably needs to be fixed anyway.
Labeling the breaker might also be in their future... 
But there's something else I don't understand about your comments: If you feel that the "dreaded human boobies" are not that big a deal in the grand scheme of things (and I agree), why the criticism that they didn't get them taken down fast enough?
See 30 minute note above.
Just by working in retail and walking up to me asking if I "need something" you're upsetting me... but that's me... I'll come find ya if I need ya... and I'm not exactly going to expect you know the answers.
Best Buy is kinda like Radio Shack... "You've got questions, we've got blank stares."
Ahh... it's not that bad. I've had a customer's EVP yell at me (well, really just yell at anything on the conference call) in a mini-panic...
What they always want is an ETRS time that's at least something based in reality.(That particular customer is umm... listed as the Fortune 100's 12th position right now...)
So, you learn it's not personal. But, it does take a while and a tad bit of confidence to figure that out the first few times.
I will admit, it's easier when they're that high up the food chain, because if they want you fired, you're going to be fired... your only hope is just to remain calm and fix the problem at that point.
Most retail customers don't have the power to make a phone call to another EVP and have you terminated instantly -- a few do -- but then again, front-line Retail managers aren't exactly known for their leadership skills and understanding, or for creating a true team environment where they have your back... so it could be a lot more intimidating to have Joe Sixpack or his Wife yelling at you in a Best Buy store, than some guy making $500K+ a year yelling on a conference call.
(He was actually a really nice guy in person, super driven, smart... but man you didn't want to tick him off. He didn't suffer fools well. He also knew his tech well enough to tell when a vendor was BSing him. I never even thought about trying to make up things around him or sugar-coat it... he could handle the truth and also knew what it meant. "The database is in a recovery mode, so the cluster is down and the tool says it'll come out of recovery in approximately 12 minutes." - he was the semi-rare EVP that didn't hear that as "Blah, blah... blah, blah, blah... Database... Blah, Blah... Broken... Blah, Blah... Lost Revenue... Blah.")
In a properly designed network... no. But at Best Buy? Perhaps.
All bets are off when you start mixing Production Financial and Product Demo networks.
Haven't seen any PoS systems since PCI really got rolling that were allowed to mix that traffic, though.
Who knows... there's so many holes in most networks, the only thing saving anyone is encryption technology, and some folks here on PoA believe strongly that the most widely used encryption tech (SSL) is completely compromised, or nearly so... (from discussions in other threads).
Pick your paranoia level. It's a Choose Your Own Adventure book/game at this point.
Palmpilot
Touchdown! Greaser!
30 minutes, yikes!
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
I actually was thinking more along the lines of the router itself, not the video server pulling double duty handling data that would come under PCI. I don't think even Best Buy is that clueless.
But I am assuming that the video system has Internet access to download content, ads, and so forth. Being of the caliber that Best Buy is, I wouldn't be surprised if they shared an Internet connection between the video and POS systems (as well as everything else in the store needing access), most likely using the cheapest consumer-grade wireless router they had on the shelf -- and with weak encryption at that.
Not very long ago, I came across a branch of a very well-known, very high-end, national bedding chain that was running its POS and credit card processing, as well as the terminals in the showroom that customers used to apply for credit, through an insecure (WEP-64) wireless router. The same router also fed the office PCs, as well as the system that provided the ads to the video monitors scattered throughout the store.
Guess which company had set up the system?
Last edited:
SkyHog
Touchdown! Greaser!
- Joined
- Feb 23, 2005
- Messages
- 18,431
- Location
- Castle Rock, CO
- Display Name
Display name:
Everything Offends Me
From the description, I say it had to have been something like tub girl, otherwise its not really "offensive" so much as it is "funny."
kimberlyanne546
Final Approach
OK so random question: what static JPG would YOU post if you knew that it would be on screens for at least 30 minutes, viewed by the public, at a Best Buy? (And if you knew you would not get caught)
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
A still frame of Otto the Autopilot.
denverpilot
Tied Down
Rpadulla's bunny with the pancake on it's head would be good...
[Edit: Oolong the Pancake Rabbit is explained here... http://www.squidoo.com/top-10-internet-memes ]
[Edit: Oolong the Pancake Rabbit is explained here... http://www.squidoo.com/top-10-internet-memes ]
Last edited:
silver-eagle
En-Route
Wow. Have I led a sheltered life. Memes, indeed.
silver-eagle
En-Route
One persons porn is another's daily fair. Who was it that said "I can't define pornography but I'll know it when I see it." (Justice Stewart in Jacobellis v. Ohio 378 US 184 (1964)). The best definition I can come up with (personally) is similar to what is PC. It's the venue. It might nott be considered porn if it were on the screens in a strip club.
kimberlyanne546
Final Approach
I saw that Showgirls movie (without sound) on a huge screen in a "regular" bar once. I didn't like it (there are some naked parts) because we were in a public place for my female friend's birthday party. Tough to take photos with those chicks in the movie in the background.... made us look like we were all somewhere less G-rated than a bar for a birthday party.
poadeleted21
Touchdown! Greaser!
- Joined
- Aug 18, 2011
- Messages
- 12,332
jesse
Touchdown! Greaser!
When I worked there the "agents" had nothing to do with in store systems like that. Those were setup by corporate installation folks that would travel store to store. They wouldn't tell anyone in the store how it worked, or give out any passwords. If you had a problem you just had to call them and wait. Awhile.
Even in the year 2005 the only internet solution the geeksquad had officially was dialup. We conned the cable company into giving us a free connection without telling the best buy corporate folks.
denverpilot
Tied Down
rainsux
Line Up and Wait
Probably, this one.
