Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi Penetration Tester In Your Pocket

Posted by kdawson on from the happy-to-see-me? dept.

00*789*00 writes "ZDNet has a story about the public launch of Immunity's Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform."

33 of 121 comments (clear)

  1. Ummm, yeah. by Vengeance · · Score: 3, Funny

    I hope y'all don't mind if I won't keep a penetration tester in my back pocket, mmm'kay?

    --
    It was a joke! When you give me that look it was a joke.
    1. Re:Ummm, yeah. by Anonymous Coward · · Score: 2, Funny

      "I've got something in my front pocket for youuuuu..."

  2. ob. mae west reference by hey! · · Score: 5, Funny

    is that a penetration tester in your pocket or are you happy to see me?

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    1. Re:ob. mae west reference by The+Zon · · Score: 4, Funny

      a portable hacking device that can scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
      That's what she said!
      --
      Some attitudes replaced or by cgi optimizes
    2. Re:ob. mae west reference by romland · · Score: 4, Funny

      It could have been funny if the editor had not already made the joke in the 'dept' line.

      But, to answer your question. Am I happy to see you? I don't know, are those a pair of boobs on your chest?

  3. Honeypot Reverse Attack by CaffeineAddict2001 · · Score: 4, Funny

    \\sharedstuff\My Super Secret Incriminating Documents Conveniently Zipped For You.exe

    1. Re:Honeypot Reverse Attack by VirusEqualsVeryYes · · Score: 2, Informative

      The portable hacking device runs Linux.

    2. Re:Honeypot Reverse Attack by CaffeineAddict2001 · · Score: 5, Funny

      Oh, forgive me: /usr/home/hax0r/My Super Secret Incriminating Documents Conveniently Zipped For You.MP5-R12.1.0.2.3.1.1-ALPHA.tar.gz

    3. Re:Honeypot Reverse Attack by benhocking · · Score: 5, Funny

      \home\me\optimize_linux_no_this_is_not_rm_rf

      --
      Ben Hocking
      Need a professional organizer?
    4. Re:Honeypot Reverse Attack by Hamoohead · · Score: 4, Funny

      /usr/home/hax0r/My\ Super\ Secret\ Incriminating\ Documents\ Conveniently\ Zipped\ For\ You.MP5-R12.1.0.2.3.1.1-ALPHA.tar.gz

      There. Fixed it for you.

      --
      "If your parents never had children, chances are you wonât either." -Dick Cavett
  4. The cost is too high, get a Zaurus by Anonymous Coward · · Score: 4, Insightful

    For $3,600, I think it's way over priced. Use a laptop, or home brew a similar device with a mcuh cheaper Zaurus:

    http://www.irongeek.com/i.php?submenu=zaurus/zauru sheader&page=zaurus/zaurusmain

  5. What I like to do... by Ford+Prefect · · Score: 5, Interesting

    ... is leave dozens of wireless routers lying around, switched on, broadcasting trivially encrypted 'networks' to the surroundings - except not have anything connected to them. No internet, no servers, no ethernet cable, nothing.

    The real network is hidden, strongly encrypted and using 802.11n. Beat that, hackers!

    --
    Tedious Bloggy Stuff - hooray?
    1. Re:What I like to do... by drooling-dog · · Score: 4, Funny

      You wouldn't happen to be the guy next door to me, would you?

  6. I believe... by russotto · · Score: 3, Funny

    ...it was Dr. Fronk who said, "Well, I guess it pretty much can only be used for evil".

  7. Skip the Zaurus... by Svartalf · · Score: 2, Insightful

    It's a $3600 Nokia WebPad with custom software on it.

    Considering the new WebPads and all being available and supported (unlike the Zaurus...), I think I'll go with that instead...

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
    1. Re:Skip the Zaurus... by Tony+Hoyle · · Score: 4, Insightful

      $3600 for something to detect wireless networks?

      For half that money you could get a fully fledged laptop with builtin wireless and run any tools you liked.

      From the summary I was expecting a $50 pocket device.

  8. Recipe for bad humour by multisync · · Score: 5, Funny

    Post an article on slashdot with the words "penetrate" and "open ports" in the summary.

    --
    I don't care why you're posting AC
  9. Gotta wonder... by catdevnull · · Score: 3, Funny

    Gotta wonder about a picture of a chick with "penetration testing" as a caption.

    God, I love IT.

    --

    I might know what I'm talkin' about, but then again, this is Slashdot...
  10. Automated intrusion software by sshore · · Score: 5, Funny

    Over the last year or so, I've considered writing an automated wireless network intrusion tool. It would:

    • capture encrypted packets and attempt to crack wep/wpa keys
    • join wireless networks, enumerate targets
    • retrieve files of interest from shares or recover them from packet dumps
    • launch code attacks, like this tool does

    You'd run it on a laptop that you'd carry in your backpack or in your car, on your way to/from work or just cruising around on a Sunday afternoon.

    As such, it would be called the Transient Wireless Intrusion Tool, or TWIT. I just get a charge out of network security people writing about twits wandering around near the network.

    1. Re:Automated intrusion software by mrzaph0d · · Score: 5, Funny

      Even worse would be Transient Wireless Attack Tool...

      --
      this is just a placeholder till i send back my real sig from the future.
  11. Legality? by Zeek40 · · Score: 3, Interesting

    I would think that the Digital Make everyone a Criminal Act would prevent a company from marketing a device like this...

  12. Now just combine that with OLPC by kabocox · · Score: 4, Funny

    I'd like to see someone program that for the OLPC laptop. I could easily envision a slashdotter transforming a simple educational device into a hightech potentially offensive military IT resource and giving it to 3rd world kids.

  13. Dupe or Followup? by HTH+NE1 · · Score: 3, Interesting

    I remember something about this before. Yup, it was about Silica then too.

    I posted a theory about sending one to yourself through the mail activated and with a GPS so that the postal delivery vehicle does your wardriving for you. I called it warsmailing. So far no results on Google of anyone attempting it using that term.

    (Why do I keep being prompted to save a download of comments.pl when I Submit?)

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  14. How did they know??? by master_p · · Score: 4, Funny

    I already have a wife penetration tester in my pocket, thank you very much.

    1. Re:How did they know??? by Quiet_Desperation · · Score: 2, Funny

      Now all you need is a wife. :)

      Hey! I tease! Put that thing down!

  15. This doesn't change anything. by pseudosero · · Score: 2, Funny

    You should still keep your wifi open... a criminal needs to be in geographic proximity. wow. This is so much worse than someone on the other side of the country being able to break into your machine. Honestly, if we all keep our wifis open it'll be better in the long run. I don't know why it just will be i swear.

    --
    sometimes, nothing.
  16. Penetration Tester in your Pocket 7333482 by Anonymous Coward · · Score: 3, Funny

    For a moment there, I thought I was going to have to implement spam filtering on my RSS feed from Slashdot.

  17. Actually... by StressGuy · · Score: 4, Funny

    It's the same bad joke over and over again until somebody post one of the following....

    "In Soviet Russia - Open Ports Penetrate You!"

    or..."my back door is impenetrable YOU INSENSITIVE CLOD!!!"

    or...perhaps a reference to a Beowulf cluster-f%@k

    or...something ending in .... PROFIT!

    then we all get sick of it.

    --
    A goal is a dream with a deadline
  18. The story is: Linux is great by daveaitel · · Score: 2, Funny

    The take on this story SHOULD be that it's possible to have a small company choose embedded Linux to deploy innovative and interesting applications on. We could have chosen Windows Mobile, of course, but Linux was technically the better choice. That's the important part here. Open Source tools get you to market faster and cheaper.

  19. Nokia 770 + Kismet by ivlad · · Score: 2, Interesting

    I think, the $3600 device is nothing more, but a Nokia 770 (that is clear from the photos) runnig GUI for Kismet or some sort of other Wifi scanner.

    Good margin! ;)

  20. Re:Vista by mrchaotica · · Score: 2, Insightful

    Just secure it for him yourself. When he suddenly can't access it because you've enabled WPA, he'll understand the importance of security.

    (And if he gets upset with you, tell him "just be glad I didn't download a bunch of kiddy pr0n and try to hack the NSA with it!")

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  21. Gimmick. by hrtserpent6 · · Score: 2, Informative

    Where do I start with this thing?

    The number of applications this device provides that are both legitimate and useful are near zero.

    If you are legitimately authorized to do scans, why not do it with proper equipment? I used to warwalk all the time with an open laptop in plain view, and if anyone stopped me, I had a letter from the CIO in my hand.

    If you want to truly test security are you gonna hand an idiot-proof device to some intern and tell them to push the pretty red button and run around with it? No, you are going to hire a security expert who will likely prefer proper tools.

    From TFA: "...mostly from law enforcement agencies looking to do covert hacking on sensitive networks."

    Whee! Illegal wiretapping! I'm sure that's kosher. If you have a warrant, then you shouldn't have any problems. See above. (Oops, I forgot that's 'legal' now. Oh well.)

    Also from TFA: "It's aimed at the non-technical user interested in doing drive-by pen-tests. You start it, run a scan, connect, run your exploit, get an HTML report of what was done."

    No responsible pentester runs around with surreptitious devices in 'fuck you' mode on production networks. It's a quick ticket to being fired, sued and/or arrested. Pen testing and vulnerability testing is done under strict Rules of Engagement which rarely include secondary exploitation anymore. Most organizations want you to be as hands-off and low-impact as possible. Detect a possible vulnerability, record it, and move on. If they want you to eliminate false positives and/or verify a particular vulnerability later, then you do it carefully. Cutesy shit like grabbing files, printing "OWNZORED" on network printers and AllYourBase.txt in \root is the mark of amateurs.

    Nothing to see here. It's a cool toy, but if you want to do this kind of stuff on a real network, hire a real security company.

    The only useful thing I see here is that the barrier to entry for wireless shenanigans has just fallen to the floor and organizations had better start ditching WEP and WPA/WPA2 and moving to 802.1X/EAP/EAPOL.

  22. Re:Vista by Pinback · · Score: 2, Funny

    My buddy secured his neighbor's WAP on accident. He thought he was configuring his own.

    The neighbor was confused when told that his router now had a WEP key in place.