Slashdot Mirror
Wi-Fi Pineapple Hacking Device Sells Out At DEF CON
darthcamaro writes "At the recent DEF CON conference over the weekend, vendor were selling all kinds of gear. But one device stood out from all the others: the Wi-Fi Pineapple — an all in one Wi-Fi hacking device that costs only $80 (a lot cheaper than a PwnPlug) and powered by a very vibrant open source community of users. Pineapple creator Darren Kitchen said that 1.2 Pineapple's per minute were sold on the first day of DEF CON (and then sold out). The Pineapple run Linux, based on OpenWRT, is packed with open source tools including Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep, and more and is powered by g a 400MHz Atheros AR9331 MIPS processor, 32MB of main memory and a complete 802.11 b/g/n stack. Is this a tool that will be used for good — or for evil?"
I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.
Instead of wireless enabled fruit, device is actually just some plastic and electronic bits. I was under the impression this device would be concealed in a pineapple for stealth hacks. (Nobody suspects the fruit with an antenna)
It kinda hurts to admit it, but yes, you're right. Most of the security industry is a bunch of charlatans who are unable to produce more than cheap tricks to impress those that know even less than they do.
Every time we're about to hire some security consultants (which we have to, regulations require us to have my security system tested by outsiders) I kinda think I know how Penn&Teller feel when they host "Fool us". Only that the amount of half-talented stage magicians who show off ancient tricks is way higher for me.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Their what?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Sure, get your wifi pineapple, but I've already got a wifi pineapple buster.
Blessed are the pessimists, for they have made backups.
I have met Darren. He is a pretty decent guy. The hardware isn't what people care about. Its the software package it comes with. You can basically mitm wifi cards. Its based off of Jasager so anyone can do it. He did a show about setting one up. Its just lazy people buying the whole kit and he probably sold out cause he was selling them at a discount. This isn't news in any regards though. These have been around for years. Last time I saw one it was white. Hak5 finally getting a wikipedia page that would be news.
Not lazy, just time poor. Some of us security professionals haven't got the time to play with distros, find the right drivers, mess around with package levels , find a proper sturdy case and all the rest. We just need a tool. Even the most expensive version of the Pineapple is less than half of what we charge per hour. I only spend time building my own hacking tools when I'm doing something out of the ordinary or if I have to make a hacking device look like it's not one. The things the Pineapple does is just pen-testing for dummies - but sadly, often that is enough to get through. I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there.
Meus subcriptio est nocens Latin quoniam bardus populus reputo is sanus callidus
While you claim others "don't get the concept", you seem to have totally missed the cornerstone of how F/LOSS is monetized.
It makes perfect sense for someone knowledgeable and skilled to assemble exactly the right hardware components, and compile+install just the right F/LOSS software components, into an easy-to-use appliance, and sell these at whatever price point the market is willing to pay. People are not paying for the "licenses" they are paying for the labor that went into combining all the supplied pieces together - and perhaps also for getting future support and developmen. In other words people are paying for professional services in a nice and understandable package.
I have no idea why you feel the need to bash this concept with such contempt, but this approach is just about the most popular way to monetize F/LOSS on the planet. It is also shows the clear strengths of F/LOSS: that anyone can take the software, modify it, expand it, improve it, and share it with all other customers without negative impact to the original supplier.
If you want to take the software and install it on a PC, go right ahead. Feel free to install other drivers in the process. Make a laptop-version and share it as much as you like. Go right ahead. But while you may be perfectly willing to spend loads of time on this, others may not. Not all network experts want to mess with assembling their own hardware. Or spend endless nights compiling new versions of [insert-whatever-FLOSS-component-here] just to make a brief packet analysis in the field. It is not trivial to compile and combine all the right F/LOSS products included in the packaged mentioned here and some people are happy to pay someone else to get that job done.
The fact that people are willing to put money on the table for the service and labor this man has produced with F/LOSS software is by no means "retarded". It is a testament to the viability of F/LOSS economy, and clear proof that customer value can be added to F/LOSS without bogging customers down in complex licenses and EULAs.
Ah, damn, I noticed too late you posted as AC. Well, since you won't stand by your words, I guess producing a decent and intelligent answer was a waste of time...
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...