Wi-Fi Pineapple Hacking Device Sells Out At DEF CON

darthcamaro writes "At the recent DEF CON conference over the weekend, vendor were selling all kinds of gear. But one device stood out from all the others: the Wi-Fi Pineapple — an all in one Wi-Fi hacking device that costs only $80 (a lot cheaper than a PwnPlug) and powered by a very vibrant open source community of users. Pineapple creator Darren Kitchen said that 1.2 Pineapple's per minute were sold on the first day of DEF CON (and then sold out). The Pineapple run Linux, based on OpenWRT, is packed with open source tools including Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep, and more and is powered by g a 400MHz Atheros AR9331 MIPS processor, 32MB of main memory and a complete 802.11 b/g/n stack. Is this a tool that will be used for good — or for evil?"

Holy False Dichotomy Batman!

[fuzzyfuzzyfungus]

I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.

Re:Holy False Dichotomy Batman!

can be used for both good and evil at the same time.

What's the difference?

Re:Holy False Dichotomy Batman!

[Opportunist]

Interpretation.

Re:Holy False Dichotomy Batman!

[davester666]

Perp or victim?

Re:Holy False Dichotomy Batman!

[schnell]

vendor were selling all kinds of gear.

1.2 Pineapple's per minute were sold

The Pineapple run Linux, based on OpenWRT, is packed with open source tools

I, for one, am imagining a world where a Slashdot "editor" can parse the English language and fix typos. Blows my mind, but there it is.

Re:Holy False Dichotomy Batman!

[Thanshin]

The difference in distance from yourself of the people favored and unfavored by the action.

Which is closed differentiates good and evil.
The shorter the distance, the greater the evil and the smaller the good. And vice versa.

Re:Holy False Dichotomy Batman!

[FatdogHaiku]

I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.

gooevil (goo-we-vil) adjective:
good and evil at the same time

This will vastly improve the communication accuracy of Professor Hubert J. Farnsworth (e.g. "Gooevil news everyone!")

Well done sir!

Re:Holy False Dichotomy Batman!

I blame the submitter for the 2nd one. In the article it says "Kitchen said that 1.2 Pineapples were sold per minute on the first day of DEF CON". He couldn't even copy/paste without inserting the apostrophe where it shouldn't be.

Re:Holy False Dichotomy Batman!

That wouldn't have anything to do with guns, would it?

Re:Holy False Dichotomy Batman!

I For one; am imagining A world where a huMAn being can use the amazing,evolved inference capabilities OF the brain and not contribute to thE masses that kill it with idleness.... and, and also focusing on the topic at hand.

Blow, my mind but there it is.

Re:Holy False Dichotomy Batman!

yeah, Darren runs Hak5, a vlog/Indie TV show with attached forum and community that was originally in Virginia and now is on the west coast. He is a real Hakker, and is comfortable with the good and bad consequences of his ideas. Really awesome guy though, his show used to be on ... oh hell what was the name of that "network" (as in internetwork) i'll remember when I post this. But I am glad to see him out and about.

Only 32MB of RAM

Zomg it's a call for piggy backing another chip.

Such a waste.

Re:Only 32MB of RAM

https://forum.openwrt.org/viewtopic.php?id=38994 [openwrt.org]

Seems like the AR9331 SoC won't even allow that without hassle.

Cost reductions couldn't have possibly been done in a more wrong place, people wouldn't mind paying 1$ more for a whole new range of capabilities and now you need an hot air station...

According to the government

Unequivocally evil. It doesn't matter who you are or what you use it for, you're an evil hacker that needs to be monitored.

Re:According to the government

But, the NSA monitoring a hacker using monitoring devices against NSA's infrastructure is like a full circle human centipede ?

Re:According to the government

[cheater512]

Then the FBI places an order for 1,000 of them.

Re:According to the government

[Opportunist]

So... considering the more recent events... does that mean it is good?

Re:According to the government

Why would any TLA need this when the NSA already scoops up all of your traffic?

Good or evil?

Is this a tool that will be used for good — or for evil?

Yes.

"Yes"

Is this a tool that will be used for good -- or for evil?

There is only one answer to this: Yes. Yes it will.

Too bad packing its functions up in an easy appliance means it now no longer has anything to do with "hacking" at all. You aren't a "hacker" if all you do is run some appliance.

Might as well call yourself a master baker for using a bread baking machine... or even a toaster. Well, no, no you aren't.

That the security industry claims otherwise means that they are deluding themselves... and us. We're not getting our money's worth in security out of their efforts. But we do get nice toaster equivalents, complete with instant "hacker" label. Nice, innit?

Re:"Yes"

[Opportunist]

It kinda hurts to admit it, but yes, you're right. Most of the security industry is a bunch of charlatans who are unable to produce more than cheap tricks to impress those that know even less than they do.

Every time we're about to hire some security consultants (which we have to, regulations require us to have my security system tested by outsiders) I kinda think I know how Penn&Teller feel when they host "Fool us". Only that the amount of half-talented stage magicians who show off ancient tricks is way higher for me.

Re:"Yes"

[Tom]

And what stops you from sticking with the good ones?

It really is the same in every professional career. You hear much the same about lawyers, doctors and mechanics - the good ones are hard to find. In IT security, it is comparatively easy, just check what they publish.

Re:"Yes"

[Opportunist]

Sadly, it's kinda hard to convince Bruce to fly over to Europe at a rate my boss is willing to pay...

Re:"Yes"

[Tom]

Contact me by mail (tom@lemuria.org) and tell me which country you're in. I am in Germany and I have a couple contacts to pretty good people in several european countries. And if they can't help, they can point you onwards.

Re: "Yes"

[blibbo]

Might as well call yourself a master baker for using a bread baking machine... or even a toaster. Well, no, no you aren't.

Call myself a toaster? Sure; why not?

Re:"Yes"

Publish?!?!? really. You expect the good security testers to publish? What is this a university or business.

Re:"Yes"

Yes yes. Please contact the security expert who leaves his email in plain text (not even a bit obfuscated) on a message board.

Re: "Yes"

[Fnord666]

Did someone mention toast?

Re:"Yes"

[laffer1]

Not only do I agree with you, but I have an example. Many years ago, I worked at an ISP as a sys admin. It was very early in my career. I had no college experience, and I was starting to learn to program and administer servers.

We were hired by a credit union as security consultants. They needed an audit of their new online banking system. The first thing I did was run Retina against their public server and a few script kiddie tools I had. I found that they had no firewall, an open SQL Server with no sa password and some very ugly IIS defaults. In 45 minutes, I had a script to dump their account data and list tables in their database. The sales guy asked me to print a few pages of that and he drove over and dumped it on the CU president's desk. It was very dramatic and fast, and we were then hired to setup a firewall and secure their network. We were never allowed to look at that VB code for their web app. Looking back, I wonder what I missed.

Reading 2600 and having a few apps lying around does not make me a security consultant. Of course, I can say I legally hacked a bank but in reality it's really lame.

Re:"Yes"

[nucrash]

A good pen tester has to not only give you results to what he is doing, but also inform the company of how to fix what they are doing wrong. An example would be something as simple as upping their password complexity. Use Enterprise WPA2 instead of Personal WPA. Lock off your ports or lock up your switches. Upping password complexity. Opportunist is correct in that there are the security testers who just invade and churn out a report that says: blah. These guys get paid, but aren't worth much. Many of them probably don't understand the tools they are using or how they work. The problem is, the security industry really doesn't have much credibility yet. There have been improvements. But as with all gold rush opportunities, there has been a flood of applicants claiming they know what's going on. This is the same as any industry though. Security is picked on, not unfairly mind you, because a lot more money is tossed around.

Re:"Yes"

[Basje]

Spam was a problem ten years ago. Get with the times.

Re:"Yes"

One word: STRATFOR

Re:"Yes"

[pnutjam]

His security is so rock solid he isn't worried. Kind of like that lifelock guy and his SS #.

In all seriousness, there is nothing wrong with publishing an email address. They used to have books that listed everyones phone number, imagine that world.

Re:"Yes"

[Opportunist]

The only thing I can say to that without breaking an NDA is "Yep".

Re:"Yes"

[stoatwblr]

where have you been for the last 10 years? It's still a problem even if it's not in _your_ inbox anymore - and it's MUCH more complicated than you might think to keep it out without blocking wanted mail.

Re:"Yes"

[Tom]

lol. Where to start?

First, you are an idiot if you think that the common obfuscation stuff will stop harvest bots. Seriously, you are.
Second, my mail address is all over the net already. It doesn't matter if I post it to one more board. I've had this address for 15 years, it is in publications I've published, websites I run, e-mails, forums, pretty much everywhere.
Third, obfuscation is not security. ;-)
Fourth, I didn't advertise my own services, but offered to make contacts, so even if in some strange parallel universe this says anything about my expertise, it doesn't matter.
Fifth, because of the law of five: fnord

Re:"Yes"

[Tom]

His security is so rock solid he isn't worried. Kind of like that lifelock guy and his SS #.

Back in the days when I was doing SELinux work, I did in fact go to conferences, plug down my notebook, get an IP address, pick up a piece of paper, write the IP and the root password on it in large letters and pin it to the wall above my place.

Fun days. :-)

Re:"Yes"

[Tom]

Actually, yes.

Since most security customers doesn't allow the consultant to talk about what he did and for whom, papers and advisories give me an indication of their skills. Or lack of same.

A Minus Minus - Not a Pineapple

[Artea]

Instead of wireless enabled fruit, device is actually just some plastic and electronic bits. I was under the impression this device would be concealed in a pineapple for stealth hacks. (Nobody suspects the fruit with an antenna)

Re:A Minus Minus - Not a Pineapple

[93+Escort+Wagon]

(Nobody suspects the fruit with an antenna)

This was conclusively proven in a Hogans Heroes episode - except it was a WW2-era walkie-talkie hidden in a potted plant.

Re:A Minus Minus - Not a Pineapple

Maybe you should check out their Hello Kitty backpack!
It's actually a backpack so that should help your preconceptions a bit.

Re:A Minus Minus - Not a Pineapple

(Nobody suspects the fruit with an antenna)

Thanks, now I'm getting flashbacks of Get Smart.

Re:A Minus Minus - Not a Pineapple

[Opportunist]

Talk about a security device going bad...

Re:A Minus Minus - Not a Pineapple

I am really not sure what is funnier:

1. "conclusively proven in a Hogans Heroes episode"
2. the Insightful mods that followed
3. "Pineapple" was the nickname for a US handgrade
4. This all rode in on a 93 Escort Wagon

Re:A Minus Minus - Not a Pineapple

[Em+Adespoton]

Funny... when I heard it was called a pineapple, I presumed it looked like this:
http://en.wikipedia.org/wiki/File:MkII_07.JPG
Of course, that's not going to help for stealth; I think anyone seeing one of those lying around is probably going to notice, duck and run (and then call out the bomb squad).

Re:A Minus Minus - Not a Pineapple

"Instead of office chair package contained bobcat. Would not buy again."

Re:A Minus Minus - Not a Pineapple

[thunderclap]

what! I wanted a wireless enabled fruit! I mean Apple has never produced any wireless or wired apples. Just things with apples on them. A red, apple shaped router would have been awesome and a conversation piece. Just think no one would suppect hacking with a pineapple sitting beside your laptop. (they would just you are crazy in starbucks. Damn, there is the perfect wifi hacking toolcase. A starbucks mug!)

Re:A Minus Minus - Not a Pineapple

The first version they sold was in a novelty pineapple case.
i think the ones they're selling now a days are V4 or V5

Re:A Minus Minus - Not a Pineapple

[Minwee]

I was also disappointed by that, but then realized that it is small enough that, with a little creativity, you could put it _inside_ a pineapple.

Cooling might be a minor problem, and the smell of Hawaiian pizza may tip people off to the illicit contents of the fruit basket which was just delivered, but at least it wouldn't need a pineapple-shaped sticker to justify its name.

Re:A Minus Minus - Not a Pineapple

I would pay triple if they made it look like a real pineapple.

Re:A Minus Minus - Not a Pineapple

A Minus Minus is not a Pineapple. A Minus minus is just

Some security experts are idiots

[TubeSteak]

Going a step further, if a Pineapple user is inside a coffee shop (or office location), the research can execute what is known as a "deauth" attack, essentially disconnecting the end user from legitimate access point, then reconnecting him or her to the Pineapple.

However, some security experts say that weaknesses in WiFi and user behavior need to be identified and weeded out in order to make organizations more secure. If the Pineapple is able to help security researchers do that, they say, than it will improve security for us all.

As a user, how the fuck can my behavior be modified to deal with a deauthorization attack?
WiFi has become so stupid simple to use that it leaves us vulnerable, despite all the encryption in the world.

Re:Some security experts are idiots

Use a VPN. Either a paid one or a home one will do. If your connection is encrypted to a known safe point (the VPN provider), then it doesn't matter that they can sniff your traffic. This is why I have my machine set up to disconect from wifi when it can't connect to my VPN.

Mind you, this isn't a solution to the problems of WiFi, but is a solution to that particular attack.

Re:Some security experts are idiots

[Opportunist]

Some? SOME? Most of them are!

Old joke: You can tell by how the techs three-piece suit fits whether he's a hack: If he wears one, he is.

But seriously, it's by no means short of frightening how many quacks and hacks (and I don't mean that as a compliment...) litter the field. Which is quite logical if there is little if any reputable and generally accepted (especially amongst management) certification system. And don't come with things like CISA and the like, I am not looking for a security manager, I'm looking for someone who can actually test a security implementation, not design it.

Now add that the average manager knows little beyond how to plug some device relatively accident free into some hole on his computer and you can easily see how knowledge free idiots who can navigate the surfaces of some "hack tool" (I'll use the term loosely here) can convince said managers that they are "security experts". In the kingdom of the blind and so on...

Re:Some security experts are idiots

if you use wifi, use openvpn or openssh vpn (to a trusted endpoint) on top of it.

Re:Some security experts are idiots

I don't know about you, but if I see someone coming into a coffee shop (or office location) carrying a WW2-style "Pineapple", I'm going to put as much distance between me and that user as I possibly can.

Re:Some security experts are idiots

[sjames]

The problem is the delusion that managers don't need to know anything about what they manage. It's created a class of basically worthless MBAs that nevertheless get paid more than the people who have a clue what's going on.

Re:Some security experts are idiots

[Opportunist]

Reminds me of something I saw a while ago during a job interview.

Applicant: Well, what do you do here, anyway?
Boss (surprised): You don't know? You want to work here, right?
A: A good manager can manage everything, no matter what.
B: And a good manager also knows that he should do his homework before getting into a meeting. Thanks for your time, no need to call. NEXT.

Hide your kids, hide your wife

[PhotonSphere]

...or just disable auto-join.

Keep an eye out for DEFCON 21 t-shirts in your local coffee shops this next week...

Python offers self-defense against fresh fruit...

3rd Man: You could stand and scream for help.

Sergeant: Yeah, you try that with a pineapple down your windpipe.

3rd Man: A pineapple?

Sergeant: Where? Where?

3rd Man: No I just said: a pineapple.

Sergeant: Oh. Phew. I thought my number was on that one.

3rd Man: What, on the pineapple?

Sergeant: Where? Where?

3rd Man: No, I was just repeating it.

Sergeant: Oh. Oh. I see. Right. Phew. Right that's bananas then. Now the raspberry. There we are. 'Armless looking thing, isn't it? Now you, Mr. Tin Peach.

Convenient, but still overpriced

[evilviper]

I can see buying one for the convenience of having all the software pre-installed for you, but the specs for the hardware aren't any different than a dozen home WiFi routers, which can run OpenWRT and sell for $40.

I'd think giving those aging home routers a second life as security tools would be better than everyone buying another new product for twice the price, and eventually throwing both away. I recently added a USB sound card on mine, for use as a streaming audio player.

Re:Convenient, but still overpriced

[Demonantis]

I have met Darren. He is a pretty decent guy. The hardware isn't what people care about. Its the software package it comes with. You can basically mitm wifi cards. Its based off of Jasager so anyone can do it. He did a show about setting one up. Its just lazy people buying the whole kit and he probably sold out cause he was selling them at a discount. This isn't news in any regards though. These have been around for years. Last time I saw one it was white. Hak5 finally getting a wikipedia page that would be news.

Re:Convenient, but still overpriced

You don't get the concept of F/LOSS do you? There's nothing stopping anybody from just installing the software image on any other computer. Maybe adapt the drivers a bit if it's much different... done.

It's bad enough that consumers buy computers with pre-installed Windows... but what kind of incredible loser script kiddie buys a computer with pre-installed "l33t h4x0rt00lz"?
There's hardly any clearer sign that, to use a security expert technical term... /retarded/... than this.

Re:Convenient, but still overpriced

[drinkypoo]

Of the ten or twelve routers I've bought over the years, only one has had a USB port and it doesn't run Linux. Most of us don't have a useful AP with USB just lying around, even if we are enthusiasts.

Re:Convenient, but still overpriced

[AmiMoJo]

The problem with buying random routers off eBay is you never know what you are going to get. Linksys are the worst, often having several very different hardware revisions under the same model number. As such you can't be sure if the one you buy will have the chipset you are expecting, and thus be able to run all the exploits you want and so forth.

For the sake of simplicity I don't think $40 for a guaranteed working and pre-installed solution is at all bad. If you waste an hour with your off-the-shelf router it would have paid for itself.

Re:Convenient, but still overpriced

>There's nothing stopping anybody from just installing the software image on any other computer.
Except sometimes the documentations or lack of (or out of date) or the community.

So it is either a $12 router and DIY and hope it compiles and work right away or pay $40 to get a working firmware/hardware bundle.

Re:Convenient, but still overpriced

[evilviper]

Most of us don't have a useful AP with USB just lying around, even if we are enthusiasts.

A decent number of people here specifically look for routers that can run some kind of Linux firmware before buying. There's really no reason NOT TO these days, since they're just as cheap as the worst junk hardware. And it's a great fail-safe even if you don't plan to use it, as you're in good shape even if the manufacturer's software is complete junk (like that D-Link).

Re:Convenient, but still overpriced

[drinkypoo]

A decent number of people here specifically look for routers that can run some kind of Linux firmware before buying. There's really no reason NOT TO these days, since they're just as cheap as the worst junk hardware.

Well, my reason not to has been that I didn't have a cellphone with data, and I buy most of my APs at yard sales. But now I do (albeit GPRS) so I can look up router compatibility...

Re:Convenient, but still overpriced

[Demonantis]

So this peaked my interest in putting together one of the new pineapples. The router they use is here; http://www.data-alliance.net/servlet/-strse-642/Alfa-AP121U-802.11n-AP-fdsh-Router/Detail. About $46. Although anything with a Atheros AR9331 I think would work. You also have to have a JTAG for it.

Re:Convenient, but still overpriced

[evilviper]

*piqued*

I'm not usually a pedant, it's just that your wording broke my brain for a good 5 minutes...

Re:A Minus Minus - Not a Pineapple - A Handgrenade

I am really not sure what is funnier:

1. "conclusively proven in a Hogans Heroes episode"
2. the Insightful mods that followed
3. "Pineapple" was the nickname for a US handgrade
4. This all rode in on a 93 Escort Wagon

5. Too late to put the pin back in on that typo.

frsit grammer nazi pozt

[Hognoxious]

1.2 Pineapple's

Their what?

Logging in to say...

[sockman]

I hope it can be used for evil, because "good" these days amounts to a circle jerk with NSA, DEA debauchery. Your privacy is yours to own, and if other people begin to realize how screwed they are maybe they will choose a better path.

You might want to check the security first...

[spinkham]

Sure, get your wifi pineapple, but I've already got a wifi pineapple buster.

WiFi Pineapple is scary!

When your phone/tablet/laptop has WiFi set to "Automatically connect to any known network" mode, it sends out probe requests with the SSID of all your known networks, something that looks like "HomeWifi,WorkNetwork,PocketWifi,Starbucks".

WiFi Pineapple has a mode where it captures these packets, starts a new open WiFi network called "HomeWifi" (or whatever's in your list), waits for you to connect, and now... they're the man in the middle. Scary stuff...

Re:WiFi Pineapple is scary!

All of which can be done with a smartphone that can act as a hotspot.

Already been done - in a coconut

[PassMark]

Old news, they have had wireless devices in coconuts for years. Maybe they are expecting better antenna diversity from the rough end of the pineapple, I dunno.
See, http://goo.gl/VoirWo

Second grammer nazi pozt

[skirmish666]

• the vendor were
• Ngrep, and more
• powered by g a 400MHz Atheros

Re:Second grammer nazi pozt

Not seeing your point about the second one. Comma is optional. That is the problem with prescriptive grammarians - half the time they themselves don't understand the rules they try to force on people.

Re:Second grammer nazi pozt

a comma is NOT fucking optional...use either 'and' OR a comma, not both

it is you who does not have a clear understanding of 'the rules' regardless of what you may think.

Re:Second grammer nazi pozt

you can use the conjunction and the comma or just the conjunction, thats been the standard for fucking years moron.

Re:Second grammer nazi pozt

Actually in that sentence the comma is required. Compare the following:

"To my parents, Ayn Rand and God." -- implies Ayn Rand and God are the parents.
"To my parents, Ayn Rand, and God." -- lists separate entities.
"To my parents, Ayn Rand, God." -- not sound so good.

"Jack, Jill, and Larry went to the store." -- they all went to the store.
"Jack, Jill and Larry went to the store." -- you're telling Jack that Jill and Larry went to the store.
"Jack, Jill, Larry went to the store." -- maybe you're telling Jack and Jill that Larry went to the store.

It is you who does not have a clear understanding of 'the rules' regardless of what you may think.

Re:Second grammer nazi pozt

Why is it necessary? There's no ambiguity without it because the next and is clearly a link to new list. IMHO it reads better (or less shit) without it. It reads marginally less crap still by just ending the list after Ngrep; the "and more" is redundant fluff.

The sensible thing to do would be to start a new sentence for the hardware.

Overpriced, have some slightest creativty?

Are you serious? $80? I'm just wondering if these people are lazy.

You know how many SoC's there are out there that can run entire OS's like Kali Linux or Ubuntu? Kali Linux supports plug-and-play on TONS of wifi drivers that are a pain to put on an ARM box.

Re:Overpriced, have some slightest creativty?

[PerformanceDude]

Not lazy, just time poor. Some of us security professionals haven't got the time to play with distros, find the right drivers, mess around with package levels , find a proper sturdy case and all the rest. We just need a tool. Even the most expensive version of the Pineapple is less than half of what we charge per hour. I only spend time building my own hacking tools when I'm doing something out of the ordinary or if I have to make a hacking device look like it's not one. The things the Pineapple does is just pen-testing for dummies - but sadly, often that is enough to get through. I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there.

Re:Overpriced, have some slightest creativty?

[Gothmolly]

Calling yourself a 'genuine blackhat' and a 'security professional' immediately disqualifies you from both, AND makes you sound like a douche.

Re:Overpriced, have some slightest creativty?

[PRMan]

He's not calling himself a black hat. He's saying that he might as well test the same way that a black hat is going to hack.

Re:Overpriced, have some slightest creativty?

[Gothmolly]

English, how does it work?

"I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there."

He's calling himself a 'genuine blackhat'.

Re:Overpriced, have some slightest creativty?

"Same as any other genuine blackhat out there."

The word 'other' means that he considers himself one. He should have said "Same as any genuine blackhat out there."

Words. How do they work??

easy

[Tom]

Is this a tool that will be used for good â" or for evil?"

Both, like any tool. Next question.

SOUNDS LIKE A RAPE KIT !!

Nothing illegal per se but ... well, not according to Ted Bundy. This, and kommie-kopisism and you are all set to take on the world Ted Bundy style !! Enjoy the fruits !!

I'm obviously missing something...

[necronom426]

I don't know anything about this type of device, but looking in from the outside, the question springs to mind "How is this legal?"

It's for hacking into networks, right? Isn't that against the law, like, EVERYWHERE? It says "Stealth Access Point for Man-in-the-Middle attacks" - that sounds illegal. It also says "Easily concealed and battery powered " - nothing dodgy going on there!

How can this be used for good? Maybe a few people may use it to test the security of their network, but that's clearly not what it's for.

I'd have thought that the police would be all over this, but like I said, I'm obviously missing something.

Re:I'm obviously missing something...

[N1AK]

It's perfectly legal to use it with permission. Now we can debate just how likely it is that it's main market is for people who are only going to use it, with permission, to test security and demonstrate security risks, but it does have a legitimate legal use. Should we be able to ban products because a lot of their use will be to do something illegal? What threshold should we set? How do you observe and measure the proportions?

Ban it and someone will release a blank version with the ability to download the software instead. Ban that and someone will produce guides on how to produce one and sell the parts. Ban that and people will buy off the shelf bits and find plans online.

Re:I'm obviously missing something...

[necronom426]

If that's the case, then why not sell bombs in kit form at the show?

It looks like they sold out because they were ready made and you could just pick one up. I doubt a lot of these people would have got one if they had to research it, buy parts, build it, etc.

I can understand government and professional organisations having things like this, but not for them to be unregulated and available to buy from a stall. It seems crazy to me.

Re:I'm obviously missing something...

If that's the case, then why not sell bombs in kit form at the show?

Because the equivalent to: "Thou shalt neither possess nor build a bomb without a permit." for computers would be: (wait for it!) "Thou shalt neither possess nor build a computer without a permit."

Re:I'm obviously missing something...

[Minwee]

The same way that this assassination weapon, cleverly disguised to fool metal detectors while still providing enough punch to shatter the target's skull and this terrorist training handbook are also legal.

Re:I'm obviously missing something...

[necronom426]

Yes, very good.

But if the book was actually called a "Terrorist Training Handbook", you might have a point, but the hacking thing is advertised as a device to hide on yourself and to hack with.

Re:pineapple

[thunderclap]

so, what's the dealio? is the whole thing packed into a real pineapple, or what?

No its packed inside a plastic lime thats inside a plastic coconut. They just call it a pineapple because it confuses the f*** out of the authorities.

Re:MODERATOR ALERT

[thunderclap]

So 'framing' Karma is bad now? pretty bold statement from and AC. I think it looks like you are complianing where there is no problem.

ffs

who wrote the summary? A dyslexic chimp? Or a /. editor?

Oh right, same thing.

Re:ffs

[Phreakiture]

What wrong with summary? It look's fine to me. /s

Retro 2008

[chill]

Wow. This was news when they were released back in 2008. It is interesting to see the devices becoming popular again.

Back in the day they were demoed by putting the little unit and batteries in a novelty plastic cup shaped like a pineapple. The lid had a hole for a straw that was just the right size for a wifi antenna.

You can buy those cups on Ebay and in party stores.

AND now you gave it

to the nsa for 80 bucks
what a bunch a suckers go to that event

so much for any statement that knoledge should be free

they no better then black hat people that are capitalists.and they are NOT hackers

Re:MODERATOR ALERT

So 'framing' Karma is bad now? pretty bold statement from and AC. I think it looks like you are complianing where there is no problem.

There's nothing wrong with 'framing' karma if you can get away with it. In fact I've been blaming it for most of the bad things in my life for years. Now, 'farming' karma is a completely different issue. I'm pretty sure you can't do that without licensing it from Dice (courtesy of an IP sharing agreement with Monsanto).

Re:pineapple

Using the "onion" protocol.

This just in...

People Waited In Lines at DEFCON. More on that and many other obvious observations at 11.

No grasp of F/LOSS concept?

[SplatMan_DK]

While you claim others "don't get the concept", you seem to have totally missed the cornerstone of how F/LOSS is monetized.

It makes perfect sense for someone knowledgeable and skilled to assemble exactly the right hardware components, and compile+install just the right F/LOSS software components, into an easy-to-use appliance, and sell these at whatever price point the market is willing to pay. People are not paying for the "licenses" they are paying for the labor that went into combining all the supplied pieces together - and perhaps also for getting future support and developmen. In other words people are paying for professional services in a nice and understandable package.

I have no idea why you feel the need to bash this concept with such contempt, but this approach is just about the most popular way to monetize F/LOSS on the planet. It is also shows the clear strengths of F/LOSS: that anyone can take the software, modify it, expand it, improve it, and share it with all other customers without negative impact to the original supplier.

If you want to take the software and install it on a PC, go right ahead. Feel free to install other drivers in the process. Make a laptop-version and share it as much as you like. Go right ahead. But while you may be perfectly willing to spend loads of time on this, others may not. Not all network experts want to mess with assembling their own hardware. Or spend endless nights compiling new versions of [insert-whatever-FLOSS-component-here] just to make a brief packet analysis in the field. It is not trivial to compile and combine all the right F/LOSS products included in the packaged mentioned here and some people are happy to pay someone else to get that job done.

The fact that people are willing to put money on the table for the service and labor this man has produced with F/LOSS software is by no means "retarded". It is a testament to the viability of F/LOSS economy, and clear proof that customer value can be added to F/LOSS without bogging customers down in complex licenses and EULAs.

Ah, damn, I noticed too late you posted as AC. Well, since you won't stand by your words, I guess producing a decent and intelligent answer was a waste of time...

- Jesper

Re:No grasp of F/LOSS concept?

No. I reject your so-called "cornerstone". You cannot "monetize" infinitely abundant information. Only the organized crime (like the post-Bill-Gates software sector) that made up the lie about imaginary property to be able to create artificial scarcity and /steal money/ from people, acts like you can.
In reality, it is fundamentally incompatible with the concept of FLOSS. Either you give out the source and thereby lose control over its distribution, or you can ask money. As soon as it's abundant because freely distributable, it becomes worthless. That's a simple law of the marketplace.

You "monetize" the SERVICE of writing code & co. Just like literally every other service-based industry out there. From the guy who fixes your sink and the delivery guy to prostitution and industry consultants.
Which is exactly, why I always suggested adding a price tag and "voting with your money" (Kickstarter style) feature to Bugzilla.

Re:No grasp of F/LOSS concept?

[evilviper]

Either you give out the source and thereby lose control over its distribution, or you can ask money.

RedHat and many others do both, and they're very much compatible with open source. Their software is all open source, but you have to pay to get their exact binaries. A great many people do pay.

Their rule-of-thumb is that open source software companies can sustain a price of about 1/10th what a proprietary software company could. So there's very much an opportunity for monetization of open source, just not as large as with proprietary software.

Re:No grasp of F/LOSS concept?

[Kalriath]

Redhat also monetizes by their use of the "Redhat" trademark. You cannot redistribute Redhat's binaries or source "as-is" because if you do so you are violating trademark law, and they can (and will) sue you. The CentOS project spends a lot of time stripping Redhat's trademarks from RHEL prior to redistributing it as CentOS.

Re:No grasp of F/LOSS concept?

[evilviper]

I don't see how anything you said is relevant to anything being discussed. How does Redhat's trademark change the previous statement:

"Either you give out the source and thereby lose control over its distribution, or you can ask money."

Re:No grasp of F/LOSS concept?

[SplatMan_DK]

I don't see how anything you said is relevant to anything being discussed. How does Redhat's trademark change the previous statement:

"Either you give out the source and thereby lose control over its distribution, or you can ask money."

It does not change it. But that doesn't really matter because the statement itself is flawed and untrue.

You are totally free to ask money for F/LOSS while giving away the source and that is exactly what many F/LOSS business do. Customers pay for the software and while they do have the right to rewrite and recompile it all for free they simply choose not to - because the value provided with the software is greater and the price is acceptable for them. Maintaining and compiling software (F/LOSS or not) is complex. Many end-users for example are perfectly capable of downloading a Live-CD and boot a Linux for desktop use, but are in no way capable of downloading, combining and compiling all the individual components needed to make a full working distribution.

The implied opposition presented in the above statement is simply false. As proven by thousands of business using and trading F/LOSS products and services every day. :-)

- Jesper

Re:No grasp of F/LOSS concept?

[SplatMan_DK]

Still posting as AC ... oh well, some people just won't stand by their opinions I guess.

 

No. I reject your so-called "cornerstone". You cannot "monetize" infinitely abundant information.

You are mistaken. Ask Redhat. Ask SuSE. Ask Google also, who is absolutely a master of monetizing "infinitely abundant information" and presenting in a way that can be monetized through their specific business model.

You may personally reject it all you want, but reality begs to differ. And while you can off course reject reality itself I really see nothing productive coming from that.

Only the organized crime (like the post-Bill-Gates software sector) that made up the lie about imaginary property to be able to create artificial scarcity and /steal money/ from people, acts like you can.

I don't know why I am even wasting my tie debating this with someone calling the established software industry "organized crime". Your approach to reality seems to be in total disarray. May I politely propose a visit to Sicilia in order for you to obtain a more appropriate and correct perception of "Organized Crime"? Your local Hells Angels club might also be of assistance...
 

In reality, it is fundamentally incompatible with the concept of FLOSS. Either you give out the source and thereby lose control over its distribution, or you can ask money.

I am not going to argue this further. Thousands of businesses do this very thing every single day and are very happy to do so. F/LOSS software is delivered in combination with various services and happy customers are paying. Your continued reluctance to accept the current reality is not something I wish to spend more time on.
 

As soon as it's abundant because freely distributable, it becomes worthless. That's a simple law of the marketplace.

No, absolutely not. This is true only for software products which do not innovate or which are so simple in nature that no further product development is taking place. All modern F/LOSS suppliers act as VARs and their customers are happy to pay for the value they add. Such as new releases, quick bugfixes, influence on the direction of the product, notifications on critical problems, premium support, community access, and more.
 

You "monetize" the SERVICE of writing code & co. Just like literally every other service-based industry out there. From the guy who fixes your sink and the delivery guy to prostitution and industry consultants.

This is perfectly combatible with selling or byuing F/LOSS through a VAR. For example my dads smart TV uses Linux as an OS, and the vendor distributes the source exactly as they should, but rather than downloading the sourcecode and compiling it himself he prefers to pay 5 bucks for a ready-to-use file he can install on the TV set. If I propose to him that he should somehow learn how to download the source, compile it himself, and then install it - just for saving 5 bucks - he would (rightly so) call me an idiot. So yes, ready-to-use and compiled F/LOSS software can absolutely have a price, even though the source is freely available.

- Jesper

Re:No grasp of F/LOSS concept?

[Kalriath]

The statement is that you cannot monetize open source, which is fundamentally incorrect. Redhat has managed to monetize it quite effectively even while giving away their source simply because redistributing Redhat's source "as-is" is trademark infringement and therefore actionable, and modifying it to comply with trademark law is enough trouble as to not be worth it. Thus, Redhat gives out the source, retains control of distribution, and asks for money. Something that the GGP claimed is impossible.

Re:No grasp of F/LOSS concept?

[evilviper]

The statement is that you cannot monetize open source, which is fundamentally incorrect. [...] Something that the GGP claimed is impossible.

Then why are you ranting about trademark to me, instead of replying to the GGP? I'm the one who mentioned RedHat as a counter-example in the first place, I hardly need a bunch of people ranting at me about someone else's false claims.

Re:No grasp of F/LOSS concept?

[evilviper]

It does not change it. But that doesn't really matter because the statement itself is flawed and untrue.

Good, then go rant at HIM, not me, dammit. Don't reply to my post (I know... that wasn't you) with some off-topic random discussion about minutia of HOW X does Y, when that's not the topic.

Re:No grasp of F/LOSS concept?

[SplatMan_DK]

Sorry, no "rant" was intended and nothing was targeted at you specifically. I had my eyes on the ball, not the man ;-) and I believe my reply simply explains why the statement is false (in a F/LOSS context).

Peace and tranquility to you. :-)

- Jesper
 

Re:pineapple

[K.+S.+Kyosuke]

...to connect Apple computers?

!! Re:Second grammer nazi pozt (!!)

, and

is business form. It is so called because it de-confuses the objects. I'll throw in some semi-colons if I'm up to it; even commas can be insufficient (and no, not that one).

It was a rainy night in Georgia. A rainy night in Georgia. And the golden shower I drenched upon Georgia, who by the way walked like a woman, talked like a man, and then some.

As you can see, removing the comma from man, makes it seems like she talked like a man and then some, but no, I drenched (Georgia) and then some. See? You can learn something at /.

Re:Python offers self-defense against fresh fruit.

Now the raspberry. There we are. 'Armless looking thing,

Ha! But as we all know, the Raspberry [Pi] is anything but ARM-less.

Re:pineapple

Orange you glad that all these puns were made?

!Funny

Seriously. Why isn't this thing the least bit pinapple-looking?

Re:MODERATOR ALERT

Yeah, because there is such a value to slashdot karma that someone is being paid to increase it.

Jesus fucking christ but the stupidity of people on a site that claims to be for educated techies is staggering.

The percentage of slashdotters so immature as to give a fuck about karma is in the single digits - not worth paying anyone anything to garner.

Re:A Minus Minus - Not a Pineapple - A Handgrenade

Well played sir. Kaboom!

$100 it's a scam

it's only a $100 aircrack-ng portable device.. you can easily install aircrack-ng (for FREE) on your laptop and just buy an Alfa wifi antenna at the cost of $24.

Featured on USA "Necessary Roughness"

Did anyone else notice that the Wi-Fi Pineapple was featured on USA Network's "Necessary Roughness" last week? Nico used it to hack an auto body shop worker's laptop after he they found out the guy owned property in the Caymans used for laundering money for V3.

Re:MODERATOR ALERT

[noh8rz10]

Wtf AC?? It's just a pineapple pun. Just chillax, you make me feel bad.

Re:MODERATOR ALERT

[noh8rz10]

The account is currently "farming" karma and mod points by asking questions and posting comments that can be moderated up by other managed accounts.

guilty guilty guilty. I'm posting a shill question asking if the device comes in a pineapple, so I can post a self serving response and mod it up for greater visibility. Brought to you by Dole Pineapples!