×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wi-Fi Penetration Tester In Your Pocket

kdawson posted more than 7 years ago | from the happy-to-see-me? dept.

Portables 121

00*789*00 writes "ZDNet has a story about the public launch of Immunity's Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

121 comments

Ummm, yeah. (3, Funny)

Vengeance (46019) | more than 7 years ago | (#17934568)

I hope y'all don't mind if I won't keep a penetration tester in my back pocket, mmm'kay?

ob. mae west reference (5, Funny)

hey! (33014) | more than 7 years ago | (#17934592)

is that a penetration tester in your pocket or are you happy to see me?

Re:ob. mae west reference (4, Funny)

The Zon (969911) | more than 7 years ago | (#17934668)

a portable hacking device that can scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
That's what she said!

Re:ob. mae west reference (5, Funny)

romland (192158) | more than 7 years ago | (#17934700)

It could have been funny if the editor had not already made the joke in the 'dept' line.

But, to answer your question. Am I happy to see you? I don't know, are those a pair of boobs on your chest?

Re:Ummm, yeah. (2, Funny)

Anonymous Coward | more than 7 years ago | (#17935202)

"I've got something in my front pocket for youuuuu..."

OBLIG (-1, Redundant)

_PimpDaddy7_ (415866) | more than 7 years ago | (#17934584)

Is THAT a Wi-Fi Penetration Tester in your pocket or are you just happy to see me? ;)

Re:OBLIG (1)

CreatureComfort (741652) | more than 7 years ago | (#17935072)


It's both!

A 'penetration tester' that can scan other connections for open ports, and automatically launch code execution exploits. It has self replicating code, but the doctor says there is no viral payload.

MODS: this was first (0)

Anonymous Coward | more than 7 years ago | (#17937016)

Yes, this has the same time (10:39) as the post just a little above. But the comment number (17934584) is lower.

first post (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17934586)

you know, I was going to put a huge ASCII goatse here but I really can't be bothered.

Vista (0, Flamebait)

mfh (56) | more than 7 years ago | (#17934588)

But Vista has no bugs or security flaws!

Re:Vista (1)

PopeRatzo (965947) | more than 7 years ago | (#17936546)

Since you mentioned Vista, it brings to mind a neighbor of mine who is always leaving his wireless router unsecured. I brought it up to him recently and he told me that he doesn't have to worry about that because he's got a Mac.

Wow.

Re:Vista (2, Insightful)

mrchaotica (681592) | more than 7 years ago | (#17936820)

Just secure it for him yourself. When he suddenly can't access it because you've enabled WPA, he'll understand the importance of security.

(And if he gets upset with you, tell him "just be glad I didn't download a bunch of kiddy pr0n and try to hack the NSA with it!")

hmm.. (0)

Anonymous Coward | more than 7 years ago | (#17934610)

I know a few people who would like the idea of a Penetration Tester In Your Pocket

Its actually just a n770 (0)

Anonymous Coward | more than 7 years ago | (#17934612)

It is actually a nokia n770 "internet tablet"

Honeypot Reverse Attack (4, Funny)

CaffeineAddict2001 (518485) | more than 7 years ago | (#17934624)

\\sharedstuff\My Super Secret Incriminating Documents Conveniently Zipped For You.exe

Re:Honeypot Reverse Attack (2, Informative)

VirusEqualsVeryYes (981719) | more than 7 years ago | (#17934672)

The portable hacking device runs Linux.

Re:Honeypot Reverse Attack (5, Funny)

CaffeineAddict2001 (518485) | more than 7 years ago | (#17934728)

Oh, forgive me: /usr/home/hax0r/My Super Secret Incriminating Documents Conveniently Zipped For You.MP5-R12.1.0.2.3.1.1-ALPHA.tar.gz

Re:Honeypot Reverse Attack (1, Funny)

Anonymous Coward | more than 7 years ago | (#17935514)

"Oh, forgive me: /usr/home/hax0r/ ..."

Joking aside, a user account's /home directory in the system /usr directory? Must be a Windows person who loves spaces in file names.
 

Re:Honeypot Reverse Attack (1)

eosp (885380) | more than 7 years ago | (#17937542)

Yeah, some of us use BSD. And by the way, /home is symlinked to it so both work.

Re:Honeypot Reverse Attack (4, Funny)

Hamoohead (994058) | more than 7 years ago | (#17935750)

/usr/home/hax0r/My\ Super\ Secret\ Incriminating\ Documents\ Conveniently\ Zipped\ For\ You.MP5-R12.1.0.2.3.1.1-ALPHA.tar.gz

There. Fixed it for you.

Re:Honeypot Reverse Attack (0, Redundant)

drinkypoo (153816) | more than 7 years ago | (#17935120)

Well, I don't know about you, but I keep my honeypot penetration tester in my pocket.

Yes I know I'm a bit late on this joke, but I don't think anyone else managed to work the honeypot in there. (Or vice versa, h0 h0 h0.)

happy-to-see-me (1)

romland (192158) | more than 7 years ago | (#17934628)

...open ports, and automatically launch code execution exploits from a built-in exploit platform...
I am betting that someone further down will succeed quite beautifully at making a sexual reference to that.

Loonix distro, please (0)

Anonymous Coward | more than 7 years ago | (#17934636)

It would be spiffy to have such an automated tool on a live cd!

The cost is too high, get a Zaurus (4, Insightful)

Anonymous Coward | more than 7 years ago | (#17934660)

For $3,600, I think it's way over priced. Use a laptop, or home brew a similar device with a mcuh cheaper Zaurus:

http://www.irongeek.com/i.php?submenu=zaurus/zauru sheader&page=zaurus/zaurusmain [irongeek.com]

Skip the Zaurus... (2, Insightful)

Svartalf (2997) | more than 7 years ago | (#17934838)

It's a $3600 Nokia WebPad with custom software on it.

Considering the new WebPads and all being available and supported (unlike the Zaurus...), I think I'll go with that instead...

Re:Skip the Zaurus... (4, Insightful)

Tony Hoyle (11698) | more than 7 years ago | (#17934982)

$3600 for something to detect wireless networks?

For half that money you could get a fully fledged laptop with builtin wireless and run any tools you liked.

From the summary I was expecting a $50 pocket device.

Re:Skip the Zaurus... (1)

Fuyu (107589) | more than 7 years ago | (#17935300)

This device does more than just detect wireless networks. According to the article, it can also "scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space." With 128MB flash memory, a 64MB RS-MMC (Reduced Size - MultiMediaCard), and an option for extended virtual memory (RS-MMC up to 1GB), that's a sizable amount of storage for a walk through.

Re:Skip the Zaurus... (0, Offtopic)

gingerTabs (532664) | more than 7 years ago | (#17935480)

The successor product from Nokia, the N800, actually has 2 SD slots, and with a kernal patch can support the high capacity SD cards, giving you 16GB+ of storage

Re:Skip the Zaurus... (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17936562)

The N800 looks pretty cool. What OS does it run? Can you write code for it?

Re:Skip the Zaurus... (1)

Fuyu (107589) | more than 7 years ago | (#17936816)

According to Nokia's website http://www.nokiausa.com/N800/1,9008,feat:1,00.html [nokiausa.com], it runs Internet Tablet OS 2007 edition, a modified version of Debian/GNU Linux. From http://www.starryhope.com/tech/apple/2007/10-ways- the-nokia-n800-is-better-than-apples-iphone/ [starryhope.com] "Nokia created the open source Maemo development platform for the 770 and N800. They've worked hard to encourage developers to port applications to this platform. You can find more info at http://maemo.org/ [maemo.org]."

Re:Skip the Zaurus... (0)

Anonymous Coward | more than 7 years ago | (#17936506)

Wouldn't it be nice if someone made some sort of bag for a laptop, so you could store it and carry it around with you? Maybe you could even leave it on if the laptop had batteries, and then you could have access to an 80GB HD.

Re:Skip the Zaurus... (1)

dr_dank (472072) | more than 7 years ago | (#17936348)

What I like about the Zaurus is the very fact that its so portable. I can turn on Kismet and keep it in my jacket pocket while out and about, logging APs all the way. You really can't do that with a laptop if you want to go around on foot.

Re:Skip the Zaurus... (1)

Danse (1026) | more than 7 years ago | (#17937308)

What I like about the Zaurus is the very fact that its so portable. I can turn on Kismet and keep it in my jacket pocket while out and about, logging APs all the way. You really can't do that with a laptop if you want to go around on foot.

I guess you could if you have one of those jackets with the big pocket on the back. Perfect for sliding a laptop into. Probably only doable in cold weather though, as the laptop will definitely keep you warm...

Re:Skip the Zaurus... (0)

Anonymous Coward | more than 7 years ago | (#17935870)

Take that webpad and put metasploit [metasploit.com] on it. It probably won't be click and drool, but the attacks will be way more current (hint: who had 802.11 exploits in their product first?)

Re:The cost is too high, get a Zaurus (0)

Anonymous Coward | more than 7 years ago | (#17934872)

Like maybe a zaurus sl-3200 with pdax rom running a debian sid arm port in a chroot and running ruby based metasploit 3 with auto_pwn.

Re:The cost is too high, get a Zaurus (1)

Dekortage (697532) | more than 7 years ago | (#17935896)

Well, let's add it up...

  1. A laptop does not fit covertly into your pocket.
  2. A "home brew" device... let's see, the link you sent suggests ~$200 in hardware. Then it says "Apps I hope to get around to testing" and lists a few possible hacking tools (in other words, he hasn't done it yet). Add up the time it would take a skilled geek to develop and maintain the complete hacking software suite, make it as simple to use and automated, and patch it monthly with the latest exploits... suddenly $3600 sounds not so bad, especially if it includes a support contract (the article doesn't say). $3600 is the equivilent of 80 hours of a $45/hour techie. That's not bad at all for a highly specialized hardware/software product, if it works as advertised right out of the box.

Re:The cost is too high, get a Zaurus (1)

COMON$ (806135) | more than 7 years ago | (#17935950)

ya, a 500 dollar laptop, metasploit, and a decent wireless card and you will have more than you bargained for.

They're careful who they will sell it to... (2, Interesting)

gavink42 (1000674) | more than 7 years ago | (#17934688)

Wow... A hacking device actually being sold by a real company. The article says "We make a fair effort to vet buyers and know where the money is coming from and who we're shipping to."

Even so, it probably won't be long before this device is being used by hackers as well as law enforcement. Actually, after thinking about it a bit, I'm not sure which use bothers me more.

Re:They're careful who they will sell it to... (1)

Svartalf (2997) | more than 7 years ago | (#17935360)

Heh... The hackers are already DOING this stuff- on similar devices, even.

You're going to find that the black/grey hats will be buying a Nokia 770 or it's next generation,
buying one of the alterable PocketPC's, or a cheap laptop and running Metasploit or SPIKE/MOSDEF
on them- all of which are legit tools and available as LGPL or similar licensed code. And, in the
case of SPIKE/MOSDEF, you're using the underlying engine for CANVAS anyhow...

All this does is provide commercial support and exploit updates for a year. $3600 is a bit high for
that sort of thing, but hey...

What I like to do... (5, Interesting)

Ford Prefect (8777) | more than 7 years ago | (#17934692)

... is leave dozens of wireless routers lying around, switched on, broadcasting trivially encrypted 'networks' to the surroundings - except not have anything connected to them. No internet, no servers, no ethernet cable, nothing.

The real network is hidden, strongly encrypted and using 802.11n. Beat that, hackers!

Re:What I like to do... (1)

BrokenHalo (565198) | more than 7 years ago | (#17935408)

... is leave dozens of wireless routers lying around, switched on, broadcasting trivially encrypted 'networks' to the surroundings - except not have anything connected to them. No internet, no servers, no ethernet cable, nothing.

Damn, I just got rid of a couple of wireless access points, and I never thought of that. It might have been kind of fun to browse through the syslogs on those to see who is banging their heads against a brick wall...

Re:What I like to do... (0)

Anonymous Coward | more than 7 years ago | (#17936080)

Use 802.11b without any encryption, but only allow access to OpenVPN on a gateway machine. Much more fun that way. They get a DHCP IP address, they can see traffic, but, dammit, they can't do anything!

Plus, considering how breakable 64bit and 128bit WEP were, and WPA original is, well, I just can't trust anymore wireless encryption. Go hardcore or go home!

I believe... (3, Funny)

russotto (537200) | more than 7 years ago | (#17934744)

...it was Dr. Fronk who said, "Well, I guess it pretty much can only be used for evil".

Re:I believe... (1)

djasbestos (1035410) | more than 7 years ago | (#17934832)

Shadowrun comes to mind...

Re:I believe... (1)

Frigga's Ring (1044024) | more than 7 years ago | (#17935642)

True that. Makes me believe that the gear they present for 2070 is too low-tech considering how fast everything is moving.

Re:I believe... (1)

djasbestos (1035410) | more than 7 years ago | (#17936788)

Well, the 2070 version will have a neurojack on it...although yeah, at the rate things are going, we might see something like that even sooner too.

Z4CK the mobile hacker tool has come to life! (0)

Anonymous Coward | more than 7 years ago | (#17934822)

Back in 2004 I wrote a novel about a fictional hacker utility which was the magic bullet of network penetration. The novel was called Z4CK and the unstoppable hacker tool with built in A.I. ran on a Zaurus SL-5500. Looks like this is all coming to fruition! The novels Z4CK and Digital Force (the follow up) are free downloads from http://www.z4ck.org/ [z4ck.org]

Re:Z4CK the mobile hacker tool has come to life! (0)

Anonymous Coward | more than 7 years ago | (#17935074)

Did the teacher give you a B- or an A+? How many red pen marks were there in the margins of the page?

my nokia can do similar stunts. (1)

MrJerryNormandinSir (197432) | more than 7 years ago | (#17934904)

hmmm. $3,600. Damn. The very first thing I did was put toghether a suite of open source wifi hacking tools.
All they did was put together an easy to use gui so anyone without any computer knolwledge at all can use it.
hmm.. that's against the hackers code!

Recipe for bad humour (5, Funny)

multisync (218450) | more than 7 years ago | (#17934906)

Post an article on slashdot with the words "penetrate" and "open ports" in the summary.

Actually... (4, Funny)

StressGuy (472374) | more than 7 years ago | (#17935490)

It's the same bad joke over and over again until somebody post one of the following....

"In Soviet Russia - Open Ports Penetrate You!"

or..."my back door is impenetrable YOU INSENSITIVE CLOD!!!"

or...perhaps a reference to a Beowulf cluster-f%@k

or...something ending in .... PROFIT!

then we all get sick of it.

Gotta wonder... (3, Funny)

catdevnull (531283) | more than 7 years ago | (#17934934)

Gotta wonder about a picture of a chick with "penetration testing" as a caption.

God, I love IT.

I'll pass... (0)

Anonymous Coward | more than 7 years ago | (#17934936)

Not because this is another slashvertisment but I believe that this product is either incredibly useless or that company will become an incredible scapegoat for the WiFi lobby.

Automated intrusion software (5, Funny)

sshore (50665) | more than 7 years ago | (#17934938)

Over the last year or so, I've considered writing an automated wireless network intrusion tool. It would:

  • capture encrypted packets and attempt to crack wep/wpa keys
  • join wireless networks, enumerate targets
  • retrieve files of interest from shares or recover them from packet dumps
  • launch code attacks, like this tool does

You'd run it on a laptop that you'd carry in your backpack or in your car, on your way to/from work or just cruising around on a Sunday afternoon.

As such, it would be called the Transient Wireless Intrusion Tool, or TWIT. I just get a charge out of network security people writing about twits wandering around near the network.

Re:Automated intrusion software (5, Funny)

mrzaph0d (25646) | more than 7 years ago | (#17935080)

Even worse would be Transient Wireless Attack Tool...

TWAT (1)

sshore (50665) | more than 7 years ago | (#17935292)

Even worse would be Transient Wireless Attack Tool...

That was my original working title, actually :)

Re:TWAT (1)

jftitan (736933) | more than 7 years ago | (#17936434)

Has a nice ring to it.

"We can't have a bunch of twats runing around the office trying to capture senseless packets of the spring break pictures of your mother."

"is it me, or do we have a bunch of twats running around the office?"

"twat was his name?"

OSS version (1)

gingerTabs (532664) | more than 7 years ago | (#17934958)

This is based on the Nokia 770, so it's Linux (debian) based. What apps would we need to put together an put a frontend onto to make this a reality for either the 770 or the newer N800?

Modified Nokia 770 (1)

Werrismys (764601) | more than 7 years ago | (#17934960)

That "PDA" is a Nokia 770. Is it modified hardware-wise, I have no idea, but the device portrayed in the article is Nokia 770 that sells for under $400 (and is now surpassed by N800).

embedded (0)

Anonymous Coward | more than 7 years ago | (#17934964)

Oooh, wow, an embedded CANVAS. How unique. Not really.

d/k has you dave.

Legality? (3, Interesting)

Zeek40 (1017978) | more than 7 years ago | (#17934972)

I would think that the Digital Make everyone a Criminal Act would prevent a company from marketing a device like this...

Now just combine that with OLPC (4, Funny)

kabocox (199019) | more than 7 years ago | (#17935064)

I'd like to see someone program that for the OLPC laptop. I could easily envision a slashdotter transforming a simple educational device into a hightech potentially offensive military IT resource and giving it to 3rd world kids.

Automated intrusion (1)

Drahgkar (945536) | more than 7 years ago | (#17935166)

So...basically this would be akin to running Back|Track, but with a few improvements, like the automation or am I missing something? If this is the case, why wouldn't someone install back|track on one of these things and just add the automation? Then you could forgo most of that hefty price since all you would have to buy is the tablet.

Re:Automated intrusion (1)

soleblaze (628864) | more than 7 years ago | (#17935946)

Because backtrack doesn't run on an arm processor. This is basically a custom distro for the nokia 770. You're mostly paying for them setting up the tools correctly and the GUI interfaces. They might have also created patches for some of these tools for them to run on the Nokia 770 properly. One thing to note, is that since it is Linux if they did patch these programs you can get the source code from them when you buy one and then distribute it (and return the device if you can..heh) Of course I'm sure their GUI isn't under the gpl.

Dupe or Followup? (3, Interesting)

HTH NE1 (675604) | more than 7 years ago | (#17935180)

I remember something about this before [slashdot.org]. Yup, it was about Silica then too.

I posted a theory about sending one to yourself through the mail activated and with a GPS so that the postal delivery vehicle does your wardriving for you. I called it warsmailing [slashdot.org]. So far no results on Google of anyone attempting it using that term.

(Why do I keep being prompted to save a download of comments.pl when I Submit?)

Re:Dupe or Followup? (1)

uuilly (746301) | more than 7 years ago | (#17937024)

We used the same idea during the cold war. We shipped sensitive Geiger counters all over the Russia via rail so they could sniff nukes and nuke facilities. Cool idea. I think we got caught though.

This doesn't change anything. (2, Funny)

pseudosero (1037784) | more than 7 years ago | (#17935326)

You should still keep your wifi open... a criminal needs to be in geographic proximity. wow. This is so much worse than someone on the other side of the country being able to break into your machine. Honestly, if we all keep our wifis open it'll be better in the long run. I don't know why it just will be i swear.

(plus on3 Informative) (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17935356)

person. Ask your argued by Eric take a looQk at the eulogies to BSD's 'I have to kill *BSD is dead. My calling. Now I sales and so on,

Penetration Tester in your Pocket 7333482 (3, Funny)

Anonymous Coward | more than 7 years ago | (#17935370)

For a moment there, I thought I was going to have to implement spam filtering on my RSS feed from Slashdot.

egh (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17935592)

yup, its a nokia 770, with software that costs about $2600. BARGAIN.

the only thing the nokia 770 isnt really capable of already is packet injection, so does that mean they're charging that much money for a product sticker, an injection-capable wifi driver, and some easy front ends to already existing (and compiled for debian / arm / maemo) wifi software?

ill compile a driver for a capable usb wifi card or wait for a monitor mode / packet injection patch for the 770's wifi chipset to become freely available, thanks

Why? (1)

tehfonz (1061548) | more than 7 years ago | (#17935692)

People spend $3600 on this How do u gain your money back? or are these people in it just to be "hackers" 1. Buy wireless exploiter 2. ???? 3. Profit!!!!

Re:Why? (1)

soleblaze (628864) | more than 7 years ago | (#17935982)

If you read the article, they're mainly targeting big businesses and law enforcement. They're being sold as a way for non technical people to preform pentests (I.e. buy this $3600 device and you won't have to buy the $40,000 pentest from company x)

Anyone familiar with pentest tools on the n800? (1)

soleblaze (628864) | more than 7 years ago | (#17936100)

So far I've found kismet (which mostly works, but will crash the n800 if you leave it alone long enough for your screen to blank) (kismet can be found at http://eko.one.pl/maemo [eko.one.pl]) And aircrack and nmap (http://www.mulliner.org/nokia770/). I know that there's a port of metasploit somewhere, but I haven't been able to find it. Also programs that use bluetooth and are designed for the 770 but not the n800 crash the n800 due to bt driver incompatabilities (the n800 uses a newer bluez stack) Does anyone know of any bluetooth scanners for the n800?

Penetration tester in pocket (1)

192939495969798999 (58312) | more than 7 years ago | (#17936140)

That is either the greatest or worst pickup line in the history of the world: "Hey baby, I got a penetration tester in my pocket..."

The story is: Linux is great (2, Funny)

daveaitel (598781) | more than 7 years ago | (#17936230)

The take on this story SHOULD be that it's possible to have a small company choose embedded Linux to deploy innovative and interesting applications on. We could have chosen Windows Mobile, of course, but Linux was technically the better choice. That's the important part here. Open Source tools get you to market faster and cheaper.

Nokia 770 + Kismet (2, Interesting)

ivlad (646764) | more than 7 years ago | (#17936428)

I think, the $3600 device is nothing more, but a Nokia 770 (that is clear from the photos) runnig GUI for Kismet or some sort of other Wifi scanner.

Good margin! ;)

fu34!? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17937138)

of BSD/OS. A There are some hype - BSD's Pallid bodies and tho0gh I have never

What, no mention of Backtrack? (1)

jerkychew (80913) | more than 7 years ago | (#17937244)

I'm disappointed nobody has mentioned BackTrack [remote-exploit.org] yet. Live, bootable Linux CD loaded with wireless scanning and hacking tools. To be honest, I haven't tried it yet, but Free sure is cheaper than $3600!

Wi-Fi Penetration Tester (1)

zuhaifi (1060950) | more than 7 years ago | (#17937252)

Based on the Open Source Linux operating system and the pure Python Immunity CANVAS attack framework, if one of SILICA's built in attack profiles does not fit your needs, you can easily craft one that does.

Stupid! (1)

johnsmit90210 (1002329) | more than 7 years ago | (#17937916)

This is a nokia 770! All smirky comments aside.. (Why even bother with those when you should know what this is) So if this so called 'pen tester in a pocket' is 2500+ dollars, then what in the hell do you call a PocketPC or PDA running MiniStumbler written by Marius Milner? Besides a 2300+ dollars less costing pen tester that is. Stupidest thing I've seen all day! (I just woke up)

Gimmick. (2, Informative)

hrtserpent6 (806666) | more than 7 years ago | (#17938222)

Where do I start with this thing?

The number of applications this device provides that are both legitimate and useful are near zero.

If you are legitimately authorized to do scans, why not do it with proper equipment? I used to warwalk all the time with an open laptop in plain view, and if anyone stopped me, I had a letter from the CIO in my hand.

If you want to truly test security are you gonna hand an idiot-proof device to some intern and tell them to push the pretty red button and run around with it? No, you are going to hire a security expert who will likely prefer proper tools.

From TFA: "...mostly from law enforcement agencies looking to do covert hacking on sensitive networks."

Whee! Illegal wiretapping! I'm sure that's kosher. If you have a warrant, then you shouldn't have any problems. See above. (Oops, I forgot that's 'legal' now. Oh well.)

Also from TFA: "It's aimed at the non-technical user interested in doing drive-by pen-tests. You start it, run a scan, connect, run your exploit, get an HTML report of what was done."

No responsible pentester runs around with surreptitious devices in 'fuck you' mode on production networks. It's a quick ticket to being fired, sued and/or arrested. Pen testing and vulnerability testing is done under strict Rules of Engagement which rarely include secondary exploitation anymore. Most organizations want you to be as hands-off and low-impact as possible. Detect a possible vulnerability, record it, and move on. If they want you to eliminate false positives and/or verify a particular vulnerability later, then you do it carefully. Cutesy shit like grabbing files, printing "OWNZORED" on network printers and AllYourBase.txt in \root is the mark of amateurs.

Nothing to see here. It's a cool toy, but if you want to do this kind of stuff on a real network, hire a real security company.

The only useful thing I see here is that the barrier to entry for wireless shenanigans has just fallen to the floor and organizations had better start ditching WEP and WPA/WPA2 and moving to 802.1X/EAP/EAPOL.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...