Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video)

Roblimo posted more than 2 years ago | from the monitor-your-people-without-them-ever-finding-out dept.

Security 74

Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices. Their website says, 'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses.' Hardware buffs will recognize this unit as a SheevaPlug, but the value-add is that it's preloaded with Ubuntu Linux and and a rich suite of intrusion/testing tools. The company's 'Founder and CEO and everything else' is Dave Porcello. The video is an interview with Dave, in which he shows off and demonstrates some Pwnie Express products.

cancel ×

74 comments

Sorry! There are no comments related to the filter you selected.

Pwnie Express (0, Offtopic)

elrous0 (869638) | more than 2 years ago | (#39208051)

Okay, that's pretty cheesy. But I'll admit it did make me giggle.

When I giggle I also get an erection. But that's probably irrelevant information.

Re:Pwnie Express (2, Funny)

Anonymous Coward | more than 2 years ago | (#39208109)

Where is the -1 Disturbing when you need it?

Re:Pwnie Express (0)

Anonymous Coward | more than 2 years ago | (#39210251)

Haters gonna hate, pwnies gonna pwn [mylittlefacewhen.com]

Where is the -1 Disturbing when you need it?

One thumbnail to the left: odd, no? [mylittlefacewhen.com] :)

Re:Pwnie Express (0)

Anonymous Coward | more than 2 years ago | (#39212761)

Where is the -1 Disturbing when you need it?

You mean your post it disturbed everypony [mylittlefacewhen.com] ?

Re:Pwnie Express (5, Funny)

miknix (1047580) | more than 2 years ago | (#39208171)

Okay, that's pretty cheesy. But I'll admit it did make me giggle.

When I giggle I also get an erection. But that's probably irrelevant information.

Do you also giggle when you get an erection? That can be dangerous, you can die of exploding penis due to infinite recursion.

Re:Pwnie Express (1, Offtopic)

wbr1 (2538558) | more than 2 years ago | (#39208609)

Okay, that's pretty cheesy. But I'll admit it did make me giggle.

When I giggle I also get an erection. But that's probably irrelevant information.

Do you also giggle when you get an erection? That can be dangerous, you can die of exploding penis due to infinite recursion.

Not possible, the erection the OP gets is not their own, but belongs to someone else doing 'penetration testing'.

Re:Pwnie Express (1)

miknix (1047580) | more than 2 years ago | (#39209997)

Not possible, the erection the OP gets is not their own, but belongs to someone else doing 'penetration testing'.

LOL, that makes perfect sense with today's slashdot quote:
http://i41.tinypic.com/2mmkp1.jpg [tinypic.com]

Re:Pwnie Express (2, Insightful)

gtch (1977476) | more than 2 years ago | (#39208185)

But is that funnier than the fact there are people in offices all over the world talking about "Penetration Testing" with a straight face?

Re:Pwnie Express (-1)

Anonymous Coward | more than 2 years ago | (#39208345)

Not only that but they said "penetration testing." huhhuhuhuhuh

Re:Pwnie Express (0, Funny)

Anonymous Coward | more than 2 years ago | (#39208351)

Penetration Testing using the Plug of the Destroyer God and you have an erection. Somehow a Goatse link feels safe and comforting right now. I'm going to crawl back into bed and cry myself to sleep.

Any sexual reference (0)

aglider (2435074) | more than 2 years ago | (#39208091)

is pretty intentional!

Shoulda used a GuruPlug Server... (5, Interesting)

nweaver (113078) | more than 2 years ago | (#39208263)

The SheevaPlug is Ethernet only. The GuruPlug Server adds 802.11b/g networking.

And there is an even older trick: Take ye-jailbroken-smartphone of choice (a cheap prepaid Android is probably the best). Put it in a box with a big-ol-battery, and mail it to your target. From within the mailroom, you now can attack any WiFi network or Bluetooth device in the vicinity, and you have a cellular data connection to exfiltrate all you want.

Re:Shoulda used a GuruPlug Server... (4, Informative)

Anonymous Coward | more than 2 years ago | (#39208569)

Guru plug has massive heat issues. We tested them extensively.

Re: phone checkout http://pwnieexpress.com/pwn_phone.html

Re:Shoulda used a GuruPlug Server... (0)

Anonymous Coward | more than 2 years ago | (#39209125)

Actually, the SheevaPlug had the massive heat issues. The GuruPlug only had issues if you used both GigE ports at GigE speeds. Which is why they made one just 100.

Re:Shoulda used a GuruPlug Server... (1)

Sancho (17056) | more than 2 years ago | (#39217269)

Or the Gig port and the eSATA port at the same time.

The fact that they didn't sufficiently test very reasonable use cases made me decide never to buy anything from them again.

Re:Shoulda used a GuruPlug Server... (3, Informative)

timothy (36799) | more than 2 years ago | (#39208629)

Internal would be cooler, I agree, but (sorry, it didn't make the video), the Pwnie Express works with both Wi-Fi and 3G dongles. (Not as stealthy, but this is already big enough it wouldn't exactly disappear without camouflage anyhow ;))

timothy

Re:Shoulda used a GuruPlug Server... (-1)

Anonymous Coward | more than 2 years ago | (#39208993)

my classmate's aunt makes $83/hr on the computer. She has been out of work for six months but
last month her income was $12521 just working on the computer for a few hours. Here's the site to read more
go to lazycash24.com then click entertainment

Re:Shoulda used a GuruPlug Server... (1)

Paracelcus (151056) | more than 2 years ago | (#39209965)

Yes, and "if found" ALL the incoming connections can be backtracked! You should only contact the device from an anonymous number!

Re:Shoulda used a GuruPlug Server... (1)

operagost (62405) | more than 2 years ago | (#39212821)

And that's why we built a Faraday cage around our mail room. Unfortunately, someone sent us an iPhone with a Sony battery and it burned the place down.

Re:Shoulda used a GuruPlug Server... (1)

bill_mcgonigle (4333) | more than 2 years ago | (#39213203)

3 points. :)

Missing Feature (2)

pntkl (2187764) | more than 2 years ago | (#39208279)

He didn't say anything about the coveted self-destruct button. > : )

Re:Missing Feature (1)

GameboyRMH (1153867) | more than 2 years ago | (#39212093)

sudo echo "SELFDESTRUCT" > /dev/detonator

dark humor (0)

bigbangnet (1108411) | more than 2 years ago | (#39208283)

I can't help myself after reading this line specifically:

'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform

I seriously hope there not talking about the next generation of buttplugs.

You know what else plugs into a 110 VAC socket? (1)

windcask (1795642) | more than 2 years ago | (#39208319)

Every computer sold in North America, ever.

Re:You know what else plugs into a 110 VAC socket? (0)

Anonymous Coward | more than 2 years ago | (#39208459)

Yep. You could load a bootable usb key with pun-testing distro of your choice. But where's the fun (and profit) in that?

Re:You know what else plugs into a 110 VAC socket? (0)

Anonymous Coward | more than 2 years ago | (#39208565)

only ever worked with peecees, eh sonny?
Heck, I've seen coompootars that run off batteries, so you're wrong even on that account.

ACHTUNG! ALLES LOOKENSPEEPERS!

Das computermachine ist nicht fuer gefingerpoken und mittengrabben. Ist easy schnappen der springenwerk, blowenfusen und poppencorken mit spitzensparken. Ist nicht fuer gewerken bei das dumpkopfen. Das rubbernecken sichtseeren keepen das cotten-pickenen hans in das pockets muss; relaxen und watchen das blinkenlichten.

Re:You know what else plugs into a 110 VAC socket? (0)

Anonymous Coward | more than 2 years ago | (#39208719)

While I don't have a specific counterexample, I'm quite certain you're wrong.

You seem to forget computers existed before the home computer market. All those old minis and mainframes; you're telling me none of them ran on 220V? Bullshit.

Re:You know what else plugs into a 110 VAC socket? (1)

The Grim Reefer (1162755) | more than 2 years ago | (#39210583)

Just try plugging a Cray-1 into a 110 line. It'll pull 115 kW with the memory maxed out. That would be over 1000 amps on a 110 line.

Re:You know what else plugs into a 110 VAC socket? (0)

Anonymous Coward | more than 2 years ago | (#39212851)

Why don't you plug yourself into a 110 line

I hope (1)

unsanitary999 (2482414) | more than 2 years ago | (#39208433)

I hope they create an "upsell" service or product and they call it the "Pwn15 Club"

Where's the Line? (4, Insightful)

sycodon (149926) | more than 2 years ago | (#39208441)

In some states, possession of tools for picking locks or breaking into cars is illegal. Sure, they can have legitimate uses, but at some point government decided that the potential illegal uses far outweighed the legal uses and subsequently outlawed them

Now look at this device. Seemingly innocent with a legitimate purpose, but apparently a perfect platform for more nefarious use.

So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network? Should it ever be considered that?

If not, what additional software or form factor enhancements would change your mind?

Discuss amongst yourselves.

Re:Where's the Line? (4, Insightful)

g0bshiTe (596213) | more than 2 years ago | (#39208531)

The problem is that this needs to be plugged in physically. So you would need a patsy to plug it in or physical access. On the other hand by your thinking since I can carry a usb stick with the same toolset it should be illegal as well, but since usb sticks have legitimate uses they are allowed, how would one know it was a nefarious hacking tool, without violating my privacy by asking me to expose the data it contained?

Slimjims and lockpick sets are not as easily dismissed as innocuous. I do see your parallel.

Re:Where's the Line? (1)

sycodon (149926) | more than 2 years ago | (#39208687)

I was actually thinking about the utility provided by having the OS installed an operable on such a device.

But your point is still valid because you can't know what's on the device without looking in a manner that is far more intrusive than just checking out the back seat of a car.

Interesting.

Re:Where's the Line? (1)

Jawnn (445279) | more than 2 years ago | (#39208913)

Context, as in the role of those possessing lock-picks and slim-jims, is everything. The locksmith or the tow-truck driver (whom AAA sends when I lock my keys in the car), has a perfectly legit reason to carry those tools. Same goes for things like nmap or nikto.

Re:Where's the Line? (0)

Anonymous Coward | more than 2 years ago | (#39209211)

For unlocking most cars, all you need is a blood pressure cuff and a stick.

Re:Where's the Line? (0)

Anonymous Coward | more than 2 years ago | (#39210035)

or a hammer

Re:Where's the Line? (0)

Anonymous Coward | more than 2 years ago | (#39209247)

Uhh, don't locksmiths generally have lock picks and slimjims?

Re:Where's the Line? (1)

HTH NE1 (675604) | more than 2 years ago | (#39211375)

So you would need a patsy to plug it in or physical access.

That would be easier if it doubled as a USB charger.

Re:Where's the Line? (3, Insightful)

Mister Whirly (964219) | more than 2 years ago | (#39209701)

At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

The moment it is actually used to illegally break into a network, and never before it happens. Devices themselves have no intent and therefore cannot be "evil" until put to an "evil" use. If you have permission to do testing, using a device like this can be a great tool.

Re:Where's the Line? (0)

Anonymous Coward | more than 2 years ago | (#39212049)

^This. FOREVER this.

Criminalize behavior, not tools.

Re:Where's the Line? (1)

Rasperin (1034758) | more than 2 years ago | (#39213245)

"Guns don't kill people. People kill people."

Re:Where's the Line? (1)

VortexCortex (1117377) | more than 2 years ago | (#39214541)

"Guns don't kill people. People kill people."

Automated Guns don't kill people. Installers of Automated Guns kill people.
AI doesn't kill people. People convince AI that killing people is fun.
Sentient Machines don't kill people, People are extinct.

Mission complete.

Re:Where's the Line? (0)

Anonymous Coward | more than 2 years ago | (#39211407)

Well, not entirely accurate.
In many states it is illegal to own or carry lock picks / car tools, etc. UNLESS you are a working in that field (i.e. locksmith, tow truck driver, etc.).
After all a locksmith without a pick will do you no good when you lose the keys to your house, so someone is allowed.

So your analogy should be that this device should only be sold to "security" professionals.
With locksmith tools the seller is generally required to get proof that the buyer of the tools is acceptable.

Now here the line becomes grey because the states do not directly license those professions so it is possible to have locksmith credentials (a business card or letterhead in some areas) or other reasonably easy to create proof that you are one of the "good guys".
I suspect the same could be true in this case.

Mere possession is rarely concrete proof of bad intent and proof of lawful right to posses can be difficult to regulate.

Re:Where's the Line? (2)

RoknrolZombie (2504888) | more than 2 years ago | (#39212231)

So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

When a crime is committed. Until then, no laws have been broken. As much as our government would like to think that they can prevent crimes by banning items that could be used in a crime, until a crime is committed they are infringing on the rights of the Americans in question.

I know that's not how it works in real life. I understand (although disagree) with that line of thinking...I'm just one of those that believes that until a crime is committed, you don't have a criminal.

Re:Where's the Line? (1)

operagost (62405) | more than 2 years ago | (#39212855)

Please let the radical gun control advocates know.

Re:Where's the Line? (1)

RoknrolZombie (2504888) | more than 2 years ago | (#39214991)

Yeah, well, if the world were mine to control it would be a vastly different place. There are a whole lot of people that could benefit from understanding the difference between a criminal act and an object, but obviously our Public School system is failing in the areas of logic and reason (among others).

Oblig (3, Funny)

g0bshiTe (596213) | more than 2 years ago | (#39208477)

ZoMg pWniez

Re:Oblig (0)

Anonymous Coward | more than 2 years ago | (#39211079)

You nearly made me spit out my drink. +1 internet to you!

Re:Oblig (0)

Anonymous Coward | more than 2 years ago | (#39211699)

Interestingly, my primary domain is zomgponies.com :)

Stick one to the side of a big pirnter / copier (2)

Joe_Dragon (2206452) | more than 2 years ago | (#39208507)

Stick one to the side of a big pirnter / copier maybe put a HP sticker or some vender sticker on it and it can blend in. Even better if you have one with duel Ethernet ports on it.

Re:Stick one to the side of a big pirnter / copier (3, Funny)

Joehonkie (665142) | more than 2 years ago | (#39208745)

Even better if you have one with duel Ethernet ports on it.

The ethernet ports would fight each other?

Re:Stick one to the side of a big pirnter / copier (2)

Thanshin (1188877) | more than 2 years ago | (#39209387)

Even better if you have one with duel Ethernet ports on it.

The ethernet ports would fight each other?

Yes. And every time a punch lands they both must stop for a random amount of time.

Re:Stick one to the side of a big pirnter / copier (1)

operagost (62405) | more than 2 years ago | (#39213725)

The token ring version comes from a more civilized time, when the ports must take turns hitting each other. Fisticuffs!

Etherkiller wins (0)

Anonymous Coward | more than 2 years ago | (#39209433)

http://fun.net.pl/_fun/Zestawy_2010/2010-09-07/etherkiller.jpg [fun.net.pl]

This would defeat any ethernet port. You might get some casualties among investigating network engineers as a bonus.

Re:Stick one to the side of a big pirnter / copier (1)

Gothmolly (148874) | more than 2 years ago | (#39209859)

What do you think "collision" means?

Re:Stick one to the side of a big pirnter / copier (2)

the_fat_kid (1094399) | more than 2 years ago | (#39210395)

ah, to reminisce about the old Apple Talk networks...

Re:Stick one to the side of a big pirnter / copier (1)

roc97007 (608802) | more than 2 years ago | (#39213109)

Even better, put a "removal violates warranty" sticker on it.

Good name (1)

gzipped_tar (1151931) | more than 2 years ago | (#39209043)

Good luck explaining to the corporate suites what a "pwn" is.

Re:Good name (2)

Sez Zero (586611) | more than 2 years ago | (#39210797)

Good luck explaining to the corporate suites what a "pwn" is.

Luckily I don't have to justify my purchases to a type of hotel room or musical piece

But if my boss did wear a suit, I'm probably say something like "Professional Wireless Network". "Pro Whiteboard Notes" and "insert PHB catch-phrase buzzword here" would probably also work.

Re:Good name (0)

Anonymous Coward | more than 2 years ago | (#39218553)

How about "Porn Watchers Network?"

Re:Good name (0)

Anonymous Coward | more than 2 years ago | (#39214805)

Good luck explaining what a "suite" means in that context...

What about exterior/lobby outlets? (1)

kannibul (534777) | more than 2 years ago | (#39209077)

I have them on my house. Most businesses have them outside their doors. How easy would it be to just walk up to a building you want to crack....how many banks have wifi that touches the "real" network? How many of those have outlets in the lobby area or on the exterior of the building that's close enough for wifi? The potential for bad is far greater than for good...the thing should at least be required to make a beeping noise every couple minutes...

Re:What about exterior/lobby outlets? (0)

Anonymous Coward | more than 2 years ago | (#39209571)

The potential for bad is far greater than for good...the thing should at least be required to make a beeping noise every couple minutes...

Yeah, cause anyone planning to use this for nefarious ends will definitely not think to pop the case and remove the offending buzzer? Oh, sorry, you said "required", meaning it might be breaking the law to remove the buzzer. Well, that'll stop 'em for sure.

Re:What about exterior/lobby outlets? (1)

kannibul (534777) | more than 2 years ago | (#39229629)

If filled with epoxy, it's amazing to what level of PITA it would be to disable said buzzer, especially if chipping off epoxy manages to break PCB traces.

Re:What about exterior/lobby outlets? (1)

PPH (736903) | more than 2 years ago | (#39210217)

Parking lot. Car. Laptop plugged into auto's 12V.

This does nothing that can't be done with current tech. Other than hang around for a few days while the suspicious vehicle parked overnight gets towed.

Re:What about exterior/lobby outlets? (1)

kannibul (534777) | more than 2 years ago | (#39229635)

Agreed, just a car is a bit 'bigger' than a wall-wart sized device that does the same thing.

Meh (1)

ajlitt (19055) | more than 2 years ago | (#39209513)

I was more amused by the slogan of the next booth over in the video, "Security at the speed of Innovation". What the hell does that even mean?

Re:Meh (1)

Yvan256 (722131) | more than 2 years ago | (#39210049)

Same thing as PC LOAD LETTER.

Some similar, less expensive projects (1)

bongk (251028) | more than 2 years ago | (#39209959)

The MiniPwner is a similar device built on a TP Link TL-Wr703N router, so you can build one for under $40. http://www.minipwner.com/ [minipwner.com]

Also Hak5 has had their Wifi Pineapple available for a few years that is similar, however their MarkIV version which should come out really soon I think will trump both the Pwnie Express and the MiniPwner. http://hakshop.myshopify.com/products/wifi-pineapple [myshopify.com]

Slashdot penetration testing (0)

Anonymous Coward | more than 2 years ago | (#39211061)

If it comes straight from Roblimo, is it suddenly not a revenue-boosting advertisement? News might be the use of this in some noteworthy fashion, otherwise the mere existence of the device is not unique, as others in the thread have pointed out.

Pwnie Express Pwn Phone (0)

Anonymous Coward | more than 2 years ago | (#39211751)

The plug is cool in my opinion, but I think the Pwn Phone is much more awesome. As of right now, a cellular device, if you can even really call the N900 just that, is extremely discrete and useful. I feel it usefulness spawns from the fact that it is pretty much invisible. Who isn't glued to the screen of their smartphone? I know that I personally don't even give those glued to their smartphone's a second look, but if I see someone on their laptop sitting around the building I feel it is worth looking into and even more so if they have an external wireless card such as an Alfa.
What do you guys think?

plugbot (0)

Anonymous Coward | more than 2 years ago | (#39212103)

but it doesn't have an API and mangement system like http://theplugbot.com

meh (0)

Anonymous Coward | more than 2 years ago | (#39214455)

Is it just me or does anyone else immediately disqualify a company that uses PayPal as their sole payment processor?

Re:meh (1)

SeNtM (965176) | more than 2 years ago | (#39225805)

No, only Bitcoin.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?