×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wi-Fi Pineapple Hacking Device Sells Out At DEF CON

Unknown Lamer posted about 9 months ago | from the but-it-doesn't-taste-like-a-pineapple dept.

Security 132

darthcamaro writes "At the recent DEF CON conference over the weekend, vendor were selling all kinds of gear. But one device stood out from all the others: the Wi-Fi Pineapple — an all in one Wi-Fi hacking device that costs only $80 (a lot cheaper than a PwnPlug) and powered by a very vibrant open source community of users. Pineapple creator Darren Kitchen said that 1.2 Pineapple's per minute were sold on the first day of DEF CON (and then sold out). The Pineapple run Linux, based on OpenWRT, is packed with open source tools including Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep, and more and is powered by g a 400MHz Atheros AR9331 MIPS processor, 32MB of main memory and a complete 802.11 b/g/n stack. Is this a tool that will be used for good — or for evil?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

132 comments

Holy False Dichotomy Batman! (5, Funny)

fuzzyfuzzyfungus (1223518) | about 9 months ago | (#44483297)

I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.

Re:Holy False Dichotomy Batman! (1)

Anonymous Coward | about 9 months ago | (#44483415)

can be used for both good and evil at the same time.

What's the difference?

Re:Holy False Dichotomy Batman! (4, Insightful)

Opportunist (166417) | about 9 months ago | (#44483449)

Interpretation.

pineapple (-1, Troll)

noh8rz10 (2716597) | about 9 months ago | (#44483529)

so, what's the dealio? is the whole thing packed into a real pinapple, or what?

MODERATOR ALERT (-1)

Anonymous Coward | about 9 months ago | (#44483863)

noh8rz10 is one of many reputation management sockpuppet accounts used by Social Media Marketing companies to promote products in Slashdot. The account is currently "farming" karma and mod points by asking questions and posting comments that can be moderated up by other managed accounts.

Please disrupt this process on behalf of all Slashdot readers who prefer to keep their advertising on the side.

Re:MODERATOR ALERT (1)

thunderclap (972782) | about 9 months ago | (#44484291)

So 'framing' Karma is bad now? pretty bold statement from and AC. I think it looks like you are complianing where there is no problem.

Re:MODERATOR ALERT (0)

Anonymous Coward | about 9 months ago | (#44484657)

So 'framing' Karma is bad now? pretty bold statement from and AC. I think it looks like you are complianing where there is no problem.

There's nothing wrong with 'framing' karma if you can get away with it. In fact I've been blaming it for most of the bad things in my life for years. Now, 'farming' karma is a completely different issue. I'm pretty sure you can't do that without licensing it from Dice (courtesy of an IP sharing agreement with Monsanto).

Re:MODERATOR ALERT (0)

Anonymous Coward | about 9 months ago | (#44486121)

Yeah, because there is such a value to slashdot karma that someone is being paid to increase it.

Jesus fucking christ but the stupidity of people on a site that claims to be for educated techies is staggering.

The percentage of slashdotters so immature as to give a fuck about karma is in the single digits - not worth paying anyone anything to garner.

Re:pineapple (1)

thunderclap (972782) | about 9 months ago | (#44484283)

so, what's the dealio? is the whole thing packed into a real pineapple, or what?

No its packed inside a plastic lime thats inside a plastic coconut. They just call it a pineapple because it confuses the f*** out of the authorities.

Re:Holy False Dichotomy Batman! (2)

Thanshin (1188877) | about 9 months ago | (#44483977)

The difference in distance from yourself of the people favored and unfavored by the action.

Which is closed differentiates good and evil.
The shorter the distance, the greater the evil and the smaller the good. And vice versa.

Re:Holy False Dichotomy Batman! (4, Informative)

schnell (163007) | about 9 months ago | (#44483769)

vendor were selling all kinds of gear.

1.2 Pineapple's per minute were sold

The Pineapple run Linux, based on OpenWRT, is packed with open source tools

I, for one, am imagining a world where a Slashdot "editor" can parse the English language and fix typos. Blows my mind, but there it is.

Re:Holy False Dichotomy Batman! (2)

FatdogHaiku (978357) | about 9 months ago | (#44485357)

I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.

gooevil (goo-we-vil) adjective:
good and evil at the same time

This will vastly improve the communication accuracy of Professor Hubert J. Farnsworth (e.g. "Gooevil news everyone!")

Well done sir!

Only 32MB of RAM (0)

Anonymous Coward | about 9 months ago | (#44483309)

Zomg it's a call for piggy backing another chip.

Such a waste.

Re:Only 32MB of RAM (0)

Anonymous Coward | about 9 months ago | (#44483359)

https://forum.openwrt.org/viewtopic.php?id=38994 [openwrt.org]

Seems like the AR9331 SoC won't even allow that without hassle.

Cost reductions couldn't have possibly been done in a more wrong place, people wouldn't mind paying 1$ more for a whole new range of capabilities and now you need an hot air station...

According to the government (0)

Anonymous Coward | about 9 months ago | (#44483311)

Unequivocally evil. It doesn't matter who you are or what you use it for, you're an evil hacker that needs to be monitored.

Re:According to the government (0)

Anonymous Coward | about 9 months ago | (#44483325)

But, the NSA monitoring a hacker using monitoring devices against NSA's infrastructure is like a full circle human centipede ?

Re:According to the government (3, Funny)

cheater512 (783349) | about 9 months ago | (#44483329)

Then the FBI places an order for 1,000 of them.

Re:According to the government (0)

Anonymous Coward | about 9 months ago | (#44485373)

Why would any TLA need this when the NSA already scoops up all of your traffic?

Good or evil? (0, Insightful)

Anonymous Coward | about 9 months ago | (#44483327)

Is this a tool that will be used for good — or for evil?

Yes.

"Yes" (3, Interesting)

Anonymous Coward | about 9 months ago | (#44483331)

Is this a tool that will be used for good -- or for evil?

There is only one answer to this: Yes. Yes it will.

Too bad packing its functions up in an easy appliance means it now no longer has anything to do with "hacking" at all. You aren't a "hacker" if all you do is run some appliance.

Might as well call yourself a master baker for using a bread baking machine... or even a toaster. Well, no, no you aren't.

That the security industry claims otherwise means that they are deluding themselves... and us. We're not getting our money's worth in security out of their efforts. But we do get nice toaster equivalents, complete with instant "hacker" label. Nice, innit?

Re:"Yes" (5, Interesting)

Opportunist (166417) | about 9 months ago | (#44483473)

It kinda hurts to admit it, but yes, you're right. Most of the security industry is a bunch of charlatans who are unable to produce more than cheap tricks to impress those that know even less than they do.

Every time we're about to hire some security consultants (which we have to, regulations require us to have my security system tested by outsiders) I kinda think I know how Penn&Teller feel when they host "Fool us". Only that the amount of half-talented stage magicians who show off ancient tricks is way higher for me.

Re:"Yes" (2)

Tom (822) | about 9 months ago | (#44484023)

And what stops you from sticking with the good ones?

It really is the same in every professional career. You hear much the same about lawyers, doctors and mechanics - the good ones are hard to find. In IT security, it is comparatively easy, just check what they publish.

Re:"Yes" (1)

Opportunist (166417) | about 9 months ago | (#44484247)

Sadly, it's kinda hard to convince Bruce to fly over to Europe at a rate my boss is willing to pay...

Re:"Yes" (1)

Tom (822) | about 9 months ago | (#44484493)

Contact me by mail (tom@lemuria.org) and tell me which country you're in. I am in Germany and I have a couple contacts to pretty good people in several european countries. And if they can't help, they can point you onwards.

Re:"Yes" (0)

Anonymous Coward | about 9 months ago | (#44484937)

Yes yes. Please contact the security expert who leaves his email in plain text (not even a bit obfuscated) on a message board.

Re:"Yes" (0)

Anonymous Coward | about 9 months ago | (#44484907)

Publish?!?!? really. You expect the good security testers to publish? What is this a university or business.

Re:"Yes" (1)

nucrash (549705) | about 9 months ago | (#44485411)

A good pen tester has to not only give you results to what he is doing, but also inform the company of how to fix what they are doing wrong. An example would be something as simple as upping their password complexity. Use Enterprise WPA2 instead of Personal WPA. Lock off your ports or lock up your switches. Upping password complexity. Opportunist is correct in that there are the security testers who just invade and churn out a report that says: blah. These guys get paid, but aren't worth much. Many of them probably don't understand the tools they are using or how they work. The problem is, the security industry really doesn't have much credibility yet. There have been improvements. But as with all gold rush opportunities, there has been a flood of applicants claiming they know what's going on. This is the same as any industry though. Security is picked on, not unfairly mind you, because a lot more money is tossed around.

Re:"Yes" (0)

Anonymous Coward | about 9 months ago | (#44486233)

One word: STRATFOR

Re:"Yes" (2)

laffer1 (701823) | about 9 months ago | (#44485101)

Not only do I agree with you, but I have an example. Many years ago, I worked at an ISP as a sys admin. It was very early in my career. I had no college experience, and I was starting to learn to program and administer servers.

We were hired by a credit union as security consultants. They needed an audit of their new online banking system. The first thing I did was run Retina against their public server and a few script kiddie tools I had. I found that they had no firewall, an open SQL Server with no sa password and some very ugly IIS defaults. In 45 minutes, I had a script to dump their account data and list tables in their database. The sales guy asked me to print a few pages of that and he drove over and dumped it on the CU president's desk. It was very dramatic and fast, and we were then hired to setup a firewall and secure their network. We were never allowed to look at that VB code for their web app. Looking back, I wonder what I missed.

Reading 2600 and having a few apps lying around does not make me a security consultant. Of course, I can say I legally hacked a bank but in reality it's really lame.

A Minus Minus - Not a Pineapple (5, Funny)

Artea (2527062) | about 9 months ago | (#44483407)

Instead of wireless enabled fruit, device is actually just some plastic and electronic bits. I was under the impression this device would be concealed in a pineapple for stealth hacks. (Nobody suspects the fruit with an antenna)

Re:A Minus Minus - Not a Pineapple (5, Funny)

93 Escort Wagon (326346) | about 9 months ago | (#44483435)

(Nobody suspects the fruit with an antenna)

This was conclusively proven in a Hogans Heroes episode - except it was a WW2-era walkie-talkie hidden in a potted plant.

Re:A Minus Minus - Not a Pineapple (1)

Anonymous Coward | about 9 months ago | (#44483537)

I am really not sure what is funnier:

1. "conclusively proven in a Hogans Heroes episode"
2. the Insightful mods that followed
3. "Pineapple" was the nickname for a US handgrade
4. This all rode in on a 93 Escort Wagon

Re:A Minus Minus - Not a Pineapple - A Handgrenade (0)

Anonymous Coward | about 9 months ago | (#44483557)

I am really not sure what is funnier:

1. "conclusively proven in a Hogans Heroes episode"
2. the Insightful mods that followed
3. "Pineapple" was the nickname for a US handgrade
4. This all rode in on a 93 Escort Wagon

5. Too late to put the pin back in on that typo.

Re:A Minus Minus - Not a Pineapple - A Handgrenade (0)

Anonymous Coward | about 9 months ago | (#44486279)

Well played sir. Kaboom!

Re:A Minus Minus - Not a Pineapple (1)

thunderclap (972782) | about 9 months ago | (#44484319)

what! I wanted a wireless enabled fruit! I mean Apple has never produced any wireless or wired apples. Just things with apples on them. A red, apple shaped router would have been awesome and a conversation piece. Just think no one would suppect hacking with a pineapple sitting beside your laptop. (they would just you are crazy in starbucks. Damn, there is the perfect wifi hacking toolcase. A starbucks mug!)

Re:A Minus Minus - Not a Pineapple (1)

Minwee (522556) | about 9 months ago | (#44485865)

I was also disappointed by that, but then realized that it is small enough that, with a little creativity, you could put it _inside_ a pineapple.

Cooling might be a minor problem, and the smell of Hawaiian pizza may tip people off to the illicit contents of the fruit basket which was just delivered, but at least it wouldn't need a pineapple-shaped sticker to justify its name.

Re:A Minus Minus - Not a Pineapple (0)

Anonymous Coward | about 9 months ago | (#44483441)

Maybe you should check out their Hello Kitty backpack! [youtube.com]
It's actually a backpack so that should help your preconceptions a bit.

Re:A Minus Minus - Not a Pineapple (0)

Anonymous Coward | about 9 months ago | (#44483467)

(Nobody suspects the fruit with an antenna)

Thanks, now I'm getting flashbacks of Get Smart.

Re:A Minus Minus - Not a Pineapple (1)

Em Adespoton (792954) | about 9 months ago | (#44483593)

Funny... when I heard it was called a pineapple, I presumed it looked like this:
http://en.wikipedia.org/wiki/File:MkII_07.JPG [wikipedia.org]
Of course, that's not going to help for stealth; I think anyone seeing one of those lying around is probably going to notice, duck and run (and then call out the bomb squad).

Re:A Minus Minus - Not a Pineapple (0)

Anonymous Coward | about 9 months ago | (#44483713)

"Instead of office chair package contained bobcat. Would not buy again."

Re:A Minus Minus - Not a Pineapple (0)

Anonymous Coward | about 9 months ago | (#44485415)

The first version they sold was in a novelty pineapple case.
i think the ones they're selling now a days are V4 or V5

!Funny (0)

Anonymous Coward | about 9 months ago | (#44485703)

Seriously. Why isn't this thing the least bit pinapple-looking?

Some security experts are idiots (2)

TubeSteak (669689) | about 9 months ago | (#44483423)

Going a step further, if a Pineapple user is inside a coffee shop (or office location), the research can execute what is known as a "deauth" attack, essentially disconnecting the end user from legitimate access point, then reconnecting him or her to the Pineapple.

However, some security experts say that weaknesses in WiFi and user behavior need to be identified and weeded out in order to make organizations more secure. If the Pineapple is able to help security researchers do that, they say, than it will improve security for us all.

As a user, how the fuck can my behavior be modified to deal with a deauthorization attack?
WiFi has become so stupid simple to use that it leaves us vulnerable, despite all the encryption in the world.

Re:Some security experts are idiots (1)

Anonymous Coward | about 9 months ago | (#44483481)

Use a VPN. Either a paid one or a home one will do. If your connection is encrypted to a known safe point (the VPN provider), then it doesn't matter that they can sniff your traffic. This is why I have my machine set up to disconect from wifi when it can't connect to my VPN.

Mind you, this isn't a solution to the problems of WiFi, but is a solution to that particular attack.

Re:Some security experts are idiots (3, Interesting)

Opportunist (166417) | about 9 months ago | (#44483495)

Some? SOME? Most of them are!

Old joke: You can tell by how the techs three-piece suit fits whether he's a hack: If he wears one, he is.

But seriously, it's by no means short of frightening how many quacks and hacks (and I don't mean that as a compliment...) litter the field. Which is quite logical if there is little if any reputable and generally accepted (especially amongst management) certification system. And don't come with things like CISA and the like, I am not looking for a security manager, I'm looking for someone who can actually test a security implementation, not design it.

Now add that the average manager knows little beyond how to plug some device relatively accident free into some hole on his computer and you can easily see how knowledge free idiots who can navigate the surfaces of some "hack tool" (I'll use the term loosely here) can convince said managers that they are "security experts". In the kingdom of the blind and so on...

Re:Some security experts are idiots (0)

Anonymous Coward | about 9 months ago | (#44484689)

if you use wifi, use openvpn or openssh vpn (to a trusted endpoint) on top of it.

Re:Some security experts are idiots (0)

Anonymous Coward | about 9 months ago | (#44486909)

I don't know about you, but if I see someone coming into a coffee shop (or office location) carrying a WW2-style "Pineapple", I'm going to put as much distance between me and that user as I possibly can.

Hide your kids, hide your wife (1)

PhotonSphere (193108) | about 9 months ago | (#44483443)

...or just disable auto-join.

Keep an eye out for DEFCON 21 t-shirts in your local coffee shops this next week...

Python offers self-defense against fresh fruit... (1)

Anonymous Coward | about 9 months ago | (#44483455)

3rd Man: You could stand and scream for help.

Sergeant: Yeah, you try that with a pineapple down your windpipe.

3rd Man: A pineapple?

Sergeant: Where? Where?

3rd Man: No I just said: a pineapple.

Sergeant: Oh. Phew. I thought my number was on that one.

3rd Man: What, on the pineapple?

Sergeant: Where? Where?

3rd Man: No, I was just repeating it.

Sergeant: Oh. Oh. I see. Right. Phew. Right that's bananas then. Now the raspberry. There we are. 'Armless looking thing, isn't it? Now you, Mr. Tin Peach.

Re:Python offers self-defense against fresh fruit. (0)

Anonymous Coward | about 9 months ago | (#44485193)

Now the raspberry. There we are. 'Armless looking thing,

Ha! But as we all know, the Raspberry [Pi] is anything but ARM-less.

Convenient, but still overpriced (3, Interesting)

evilviper (135110) | about 9 months ago | (#44483519)

I can see buying one for the convenience of having all the software pre-installed for you, but the specs for the hardware aren't any different than a dozen home WiFi routers, which can run OpenWRT and sell for $40 [amazon.com] .

I'd think giving those aging home routers a second life as security tools would be better than everyone buying another new product for twice the price, and eventually throwing both away. I recently added a USB sound card on mine, for use as a streaming audio player.

Re:Convenient, but still overpriced (4, Informative)

Demonantis (1340557) | about 9 months ago | (#44483929)

I have met Darren. He is a pretty decent guy. The hardware isn't what people care about. Its the software package it comes with. You can basically mitm wifi cards. Its based off of Jasager so anyone can do it. He did a show about setting one up. Its just lazy people buying the whole kit and he probably sold out cause he was selling them at a discount. This isn't news in any regards though. These have been around for years. Last time I saw one it was white. Hak5 finally getting a wikipedia page that would be news.

Re:Convenient, but still overpriced (0)

Anonymous Coward | about 9 months ago | (#44484227)

You don't get the concept of F/LOSS do you? There's nothing stopping anybody from just installing the software image on any other computer. Maybe adapt the drivers a bit if it's much different... done.

It's bad enough that consumers buy computers with pre-installed Windows... but what kind of incredible loser script kiddie buys a computer with pre-installed "l33t h4x0rt00lz"?
There's hardly any clearer sign that, to use a security expert technical term... /retarded/... than this.

No grasp of F/LOSS concept? (4, Informative)

SplatMan_DK (1035528) | about 9 months ago | (#44484941)

While you claim others "don't get the concept", you seem to have totally missed the cornerstone of how F/LOSS is monetized.

It makes perfect sense for someone knowledgeable and skilled to assemble exactly the right hardware components, and compile+install just the right F/LOSS software components, into an easy-to-use appliance, and sell these at whatever price point the market is willing to pay. People are not paying for the "licenses" they are paying for the labor that went into combining all the supplied pieces together - and perhaps also for getting future support and developmen. In other words people are paying for professional services in a nice and understandable package.

I have no idea why you feel the need to bash this concept with such contempt, but this approach is just about the most popular way to monetize F/LOSS on the planet. It is also shows the clear strengths of F/LOSS: that anyone can take the software, modify it, expand it, improve it, and share it with all other customers without negative impact to the original supplier.

If you want to take the software and install it on a PC, go right ahead. Feel free to install other drivers in the process. Make a laptop-version and share it as much as you like. Go right ahead. But while you may be perfectly willing to spend loads of time on this, others may not. Not all network experts want to mess with assembling their own hardware. Or spend endless nights compiling new versions of [insert-whatever-FLOSS-component-here] just to make a brief packet analysis in the field. It is not trivial to compile and combine all the right F/LOSS products included in the packaged mentioned here and some people are happy to pay someone else to get that job done.

The fact that people are willing to put money on the table for the service and labor this man has produced with F/LOSS software is by no means "retarded". It is a testament to the viability of F/LOSS economy, and clear proof that customer value can be added to F/LOSS without bogging customers down in complex licenses and EULAs.

Ah, damn, I noticed too late you posted as AC. Well, since you won't stand by your words, I guess producing a decent and intelligent answer was a waste of time...

- Jesper

Re:No grasp of F/LOSS concept? (0)

Anonymous Coward | about 9 months ago | (#44486463)

No. I reject your so-called "cornerstone". You cannot "monetize" infinitely abundant information. Only the organized crime (like the post-Bill-Gates software sector) that made up the lie about imaginary property to be able to create artificial scarcity and /steal money/ from people, acts like you can.
In reality, it is fundamentally incompatible with the concept of FLOSS. Either you give out the source and thereby lose control over its distribution, or you can ask money. As soon as it's abundant because freely distributable, it becomes worthless. That's a simple law of the marketplace.

You "monetize" the SERVICE of writing code & co. Just like literally every other service-based industry out there. From the guy who fixes your sink and the delivery guy to prostitution and industry consultants.
Which is exactly, why I always suggested adding a price tag and "voting with your money" (Kickstarter style) feature to Bugzilla.

Re:Convenient, but still overpriced (0)

Anonymous Coward | about 9 months ago | (#44484947)

>There's nothing stopping anybody from just installing the software image on any other computer.
Except sometimes the documentations or lack of (or out of date) or the community.

So it is either a $12 router and DIY and hope it compiles and work right away or pay $40 to get a working firmware/hardware bundle.

Re:Convenient, but still overpriced (1)

drinkypoo (153816) | about 9 months ago | (#44484805)

Of the ten or twelve routers I've bought over the years, only one has had a USB port and it doesn't run Linux. Most of us don't have a useful AP with USB just lying around, even if we are enthusiasts.

Re:Convenient, but still overpriced (1)

evilviper (135110) | about 9 months ago | (#44485013)

Most of us don't have a useful AP with USB just lying around, even if we are enthusiasts.

A decent number of people here specifically look for routers that can run some kind of Linux firmware before buying. There's really no reason NOT TO these days, since they're just as cheap as the worst junk hardware. And it's a great fail-safe even if you don't plan to use it, as you're in good shape even if the manufacturer's software is complete junk (like that D-Link).

Re:Convenient, but still overpriced (1)

drinkypoo (153816) | about 9 months ago | (#44485075)

A decent number of people here specifically look for routers that can run some kind of Linux firmware before buying. There's really no reason NOT TO these days, since they're just as cheap as the worst junk hardware.

Well, my reason not to has been that I didn't have a cellphone with data, and I buy most of my APs at yard sales. But now I do (albeit GPRS) so I can look up router compatibility...

Re:Convenient, but still overpriced (1)

AmiMoJo (196126) | about 9 months ago | (#44484809)

The problem with buying random routers off eBay is you never know what you are going to get. Linksys are the worst, often having several very different hardware revisions under the same model number. As such you can't be sure if the one you buy will have the chipset you are expecting, and thus be able to run all the exploits you want and so forth.

For the sake of simplicity I don't think $40 for a guaranteed working and pre-installed solution is at all bad. If you waste an hour with your off-the-shelf router it would have paid for itself.

frsit grammer nazi pozt (4, Funny)

Hognoxious (631665) | about 9 months ago | (#44483595)

1.2 Pineapple's

Their what?

Second grammer nazi pozt (1)

skirmish666 (1287122) | about 9 months ago | (#44483777)

  • the vendor were
  • Ngrep, and more
  • powered by g a 400MHz Atheros

Re:Second grammer nazi pozt (1)

Anonymous Coward | about 9 months ago | (#44483831)

Not seeing your point about the second one. Comma is optional. That is the problem with prescriptive grammarians - half the time they themselves don't understand the rules they try to force on people.

Re:Second grammer nazi pozt (0)

Anonymous Coward | about 9 months ago | (#44484477)

a comma is NOT fucking optional...use either 'and' OR a comma, not both

it is you who does not have a clear understanding of 'the rules' regardless of what you may think.

!! Re:Second grammer nazi pozt (!!) (0)

Anonymous Coward | about 9 months ago | (#44485191)

, and

is business form. It is so called because it de-confuses the objects. I'll throw in some semi-colons if I'm up to it; even commas can be insufficient (and no, not that one).

It was a rainy night in Georgia. A rainy night in Georgia. And the golden shower I drenched upon Georgia, who by the way walked like a woman, talked like a man, and then some.

As you can see, removing the comma from man, makes it seems like she talked like a man and then some, but no, I drenched (Georgia) and then some. See? You can learn something at /.

Re:Second grammer nazi pozt (0)

Anonymous Coward | about 9 months ago | (#44486221)

you can use the conjunction and the comma or just the conjunction, thats been the standard for fucking years moron.

Logging in to say... (1)

sockman (133264) | about 9 months ago | (#44483657)

I hope it can be used for evil, because "good" these days amounts to a circle jerk with NSA, DEA debauchery. Your privacy is yours to own, and if other people begin to realize how screwed they are maybe they will choose a better path.

WiFi Pineapple is scary! (0)

Anonymous Coward | about 9 months ago | (#44483749)

When your phone/tablet/laptop has WiFi set to "Automatically connect to any known network" mode, it sends out probe requests with the SSID of all your known networks, something that looks like "HomeWifi,WorkNetwork,PocketWifi,Starbucks".

WiFi Pineapple has a mode where it captures these packets, starts a new open WiFi network called "HomeWifi" (or whatever's in your list), waits for you to connect, and now... they're the man in the middle. Scary stuff...

Already been done - in a coconut (1)

PassMark (967298) | about 9 months ago | (#44483771)

Old news, they have had wireless devices in coconuts for years. Maybe they are expecting better antenna diversity from the rough end of the pineapple, I dunno.
See, http://goo.gl/VoirWo [goo.gl]

Overpriced, have some slightest creativty? (0)

Anonymous Coward | about 9 months ago | (#44483903)

Are you serious? $80? I'm just wondering if these people are lazy.

You know how many SoC's there are out there that can run entire OS's like Kali Linux or Ubuntu? Kali Linux supports plug-and-play on TONS of wifi drivers that are a pain to put on an ARM box.

Re:Overpriced, have some slightest creativty? (4, Insightful)

PerformanceDude (1798324) | about 9 months ago | (#44484035)

Not lazy, just time poor. Some of us security professionals haven't got the time to play with distros, find the right drivers, mess around with package levels , find a proper sturdy case and all the rest. We just need a tool. Even the most expensive version of the Pineapple is less than half of what we charge per hour. I only spend time building my own hacking tools when I'm doing something out of the ordinary or if I have to make a hacking device look like it's not one. The things the Pineapple does is just pen-testing for dummies - but sadly, often that is enough to get through. I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there.

Re:Overpriced, have some slightest creativty? (1)

Gothmolly (148874) | about 9 months ago | (#44484645)

Calling yourself a 'genuine blackhat' and a 'security professional' immediately disqualifies you from both, AND makes you sound like a douche.

Re:Overpriced, have some slightest creativty? (1)

PRMan (959735) | about 9 months ago | (#44484779)

He's not calling himself a black hat. He's saying that he might as well test the same way that a black hat is going to hack.

Re:Overpriced, have some slightest creativty? (1)

Gothmolly (148874) | about 9 months ago | (#44484961)

English, how does it work?

"I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there."

He's calling himself a 'genuine blackhat'.

Re:Overpriced, have some slightest creativty? (0)

Anonymous Coward | about 9 months ago | (#44484993)

"Same as any other genuine blackhat out there."

The word 'other' means that he considers himself one. He should have said "Same as any genuine blackhat out there."

Words. How do they work??

easy (2)

Tom (822) | about 9 months ago | (#44484007)

Is this a tool that will be used for good â" or for evil?"

Both, like any tool. Next question.

SOUNDS LIKE A RAPE KIT !! (0)

Anonymous Coward | about 9 months ago | (#44484275)

Nothing illegal per se but ... well, not according to Ted Bundy. This, and kommie-kopisism and you are all set to take on the world Ted Bundy style !! Enjoy the fruits !!

I'm obviously missing something... (1)

necronom426 (755113) | about 9 months ago | (#44484277)

I don't know anything about this type of device, but looking in from the outside, the question springs to mind "How is this legal?"

It's for hacking into networks, right? Isn't that against the law, like, EVERYWHERE? It says "Stealth Access Point for Man-in-the-Middle attacks" - that sounds illegal. It also says "Easily concealed and battery powered " - nothing dodgy going on there!

How can this be used for good? Maybe a few people may use it to test the security of their network, but that's clearly not what it's for.

I'd have thought that the police would be all over this, but like I said, I'm obviously missing something.

Re:I'm obviously missing something... (1)

N1AK (864906) | about 9 months ago | (#44484325)

It's perfectly legal to use it with permission. Now we can debate just how likely it is that it's main market is for people who are only going to use it, with permission, to test security and demonstrate security risks, but it does have a legitimate legal use. Should we be able to ban products because a lot of their use will be to do something illegal? What threshold should we set? How do you observe and measure the proportions?

Ban it and someone will release a blank version with the ability to download the software instead. Ban that and someone will produce guides on how to produce one and sell the parts. Ban that and people will buy off the shelf bits and find plans online.

Re:I'm obviously missing something... (1)

necronom426 (755113) | about 9 months ago | (#44484407)

If that's the case, then why not sell bombs in kit form at the show?

It looks like they sold out because they were ready made and you could just pick one up. I doubt a lot of these people would have got one if they had to research it, buy parts, build it, etc.

I can understand government and professional organisations having things like this, but not for them to be unregulated and available to buy from a stall. It seems crazy to me.

Re:I'm obviously missing something... (0)

Anonymous Coward | about 9 months ago | (#44484707)

If that's the case, then why not sell bombs in kit form at the show?

Because the equivalent to: "Thou shalt neither possess nor build a bomb without a permit." for computers would be: (wait for it!) "Thou shalt neither possess nor build a computer without a permit."

Re:I'm obviously missing something... (1)

Minwee (522556) | about 9 months ago | (#44485931)

Re:I'm obviously missing something... (1)

necronom426 (755113) | about 9 months ago | (#44486173)

Yes, very good.

But if the book was actually called a "Terrorist Training Handbook", you might have a point, but the hacking thing is advertised as a device to hide on yourself and to hack with.

Retro 2008 (3, Informative)

chill (34294) | about 9 months ago | (#44484519)

Wow. This was news when they were released back in 2008. It is interesting to see the devices becoming popular again.

Back in the day they were demoed by putting the little unit and batteries in a novelty plastic cup shaped like a pineapple. The lid had a hole for a straw that was just the right size for a wifi antenna.

You can buy those cups on Ebay and in party stores.

AND now you gave it (0)

Anonymous Coward | about 9 months ago | (#44484571)

to the nsa for 80 bucks
what a bunch a suckers go to that event

so much for any statement that knoledge should be free

they no better then black hat people that are capitalists.and they are NOT hackers

This just in... (0)

Anonymous Coward | about 9 months ago | (#44484835)

People Waited In Lines at DEFCON. More on that and many other obvious observations at 11.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...