Slashdot Mirror
Wi-Fi Pineapple Hacking Device Sells Out At DEF CON
darthcamaro writes "At the recent DEF CON conference over the weekend, vendor were selling all kinds of gear. But one device stood out from all the others: the Wi-Fi Pineapple — an all in one Wi-Fi hacking device that costs only $80 (a lot cheaper than a PwnPlug) and powered by a very vibrant open source community of users. Pineapple creator Darren Kitchen said that 1.2 Pineapple's per minute were sold on the first day of DEF CON (and then sold out). The Pineapple run Linux, based on OpenWRT, is packed with open source tools including Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep, and more and is powered by g a 400MHz Atheros AR9331 MIPS processor, 32MB of main memory and a complete 802.11 b/g/n stack. Is this a tool that will be used for good — or for evil?"
I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.
Then the FBI places an order for 1,000 of them.
Is this a tool that will be used for good -- or for evil?
There is only one answer to this: Yes. Yes it will.
Too bad packing its functions up in an easy appliance means it now no longer has anything to do with "hacking" at all. You aren't a "hacker" if all you do is run some appliance.
Might as well call yourself a master baker for using a bread baking machine... or even a toaster. Well, no, no you aren't.
That the security industry claims otherwise means that they are deluding themselves... and us. We're not getting our money's worth in security out of their efforts. But we do get nice toaster equivalents, complete with instant "hacker" label. Nice, innit?
Instead of wireless enabled fruit, device is actually just some plastic and electronic bits. I was under the impression this device would be concealed in a pineapple for stealth hacks. (Nobody suspects the fruit with an antenna)
Going a step further, if a Pineapple user is inside a coffee shop (or office location), the research can execute what is known as a "deauth" attack, essentially disconnecting the end user from legitimate access point, then reconnecting him or her to the Pineapple.
However, some security experts say that weaknesses in WiFi and user behavior need to be identified and weeded out in order to make organizations more secure. If the Pineapple is able to help security researchers do that, they say, than it will improve security for us all.
As a user, how the fuck can my behavior be modified to deal with a deauthorization attack?
WiFi has become so stupid simple to use that it leaves us vulnerable, despite all the encryption in the world.
[Fuck Beta]
o0t!
So... considering the more recent events... does that mean it is good?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I can see buying one for the convenience of having all the software pre-installed for you, but the specs for the hardware aren't any different than a dozen home WiFi routers, which can run OpenWRT and sell for $40.
I'd think giving those aging home routers a second life as security tools would be better than everyone buying another new product for twice the price, and eventually throwing both away. I recently added a USB sound card on mine, for use as a streaming audio player.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Their what?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Sure, get your wifi pineapple, but I've already got a wifi pineapple buster.
Blessed are the pessimists, for they have made backups.
Is this a tool that will be used for good â" or for evil?"
Both, like any tool. Next question.
Assorted stuff I do sometimes: Lemuria.org
Not lazy, just time poor. Some of us security professionals haven't got the time to play with distros, find the right drivers, mess around with package levels , find a proper sturdy case and all the rest. We just need a tool. Even the most expensive version of the Pineapple is less than half of what we charge per hour. I only spend time building my own hacking tools when I'm doing something out of the ordinary or if I have to make a hacking device look like it's not one. The things the Pineapple does is just pen-testing for dummies - but sadly, often that is enough to get through. I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there.
Meus subcriptio est nocens Latin quoniam bardus populus reputo is sanus callidus
Wow. This was news when they were released back in 2008. It is interesting to see the devices becoming popular again.
Back in the day they were demoed by putting the little unit and batteries in a novelty plastic cup shaped like a pineapple. The lid had a hole for a straw that was just the right size for a wifi antenna.
You can buy those cups on Ebay and in party stores.
Learning HOW to think is more important than learning WHAT to think.
While you claim others "don't get the concept", you seem to have totally missed the cornerstone of how F/LOSS is monetized.
It makes perfect sense for someone knowledgeable and skilled to assemble exactly the right hardware components, and compile+install just the right F/LOSS software components, into an easy-to-use appliance, and sell these at whatever price point the market is willing to pay. People are not paying for the "licenses" they are paying for the labor that went into combining all the supplied pieces together - and perhaps also for getting future support and developmen. In other words people are paying for professional services in a nice and understandable package.
I have no idea why you feel the need to bash this concept with such contempt, but this approach is just about the most popular way to monetize F/LOSS on the planet. It is also shows the clear strengths of F/LOSS: that anyone can take the software, modify it, expand it, improve it, and share it with all other customers without negative impact to the original supplier.
If you want to take the software and install it on a PC, go right ahead. Feel free to install other drivers in the process. Make a laptop-version and share it as much as you like. Go right ahead. But while you may be perfectly willing to spend loads of time on this, others may not. Not all network experts want to mess with assembling their own hardware. Or spend endless nights compiling new versions of [insert-whatever-FLOSS-component-here] just to make a brief packet analysis in the field. It is not trivial to compile and combine all the right F/LOSS products included in the packaged mentioned here and some people are happy to pay someone else to get that job done.
The fact that people are willing to put money on the table for the service and labor this man has produced with F/LOSS software is by no means "retarded". It is a testament to the viability of F/LOSS economy, and clear proof that customer value can be added to F/LOSS without bogging customers down in complex licenses and EULAs.
Ah, damn, I noticed too late you posted as AC. Well, since you won't stand by your words, I guess producing a decent and intelligent answer was a waste of time...
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...