Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Wi-Fi Penetration Tester In Your Pocket

Posted by kdawson on Thu Feb 08, 2007 10:36 AM
from the happy-to-see-me? dept.
Security Portables Wireless Networking Hardware IT
00*789*00 writes "ZDNet has a story about the public launch of Immunity's Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Wi-Fi Penetration Tester In Your Pocket 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Ummm, yeah. (Score:4, Funny)

    by Vengeance (46019) on Thursday February 08 2007, @10:38AM (#17934568)
    I hope y'all don't mind if I won't keep a penetration tester in my back pocket, mmm'kay?

  • Honeypot Reverse Attack (Score:5, Funny)

    by CaffeineAddict2001 (518485) on Thursday February 08 2007, @10:44AM (#17934624)
    \\sharedstuff\My Super Secret Incriminating Documents Conveniently Zipped For You.exe

  • The cost is too high, get a Zaurus (Score:4, Insightful)

    by Anonymous Coward on Thursday February 08 2007, @10:46AM (#17934660)
    For $3,600, I think it's way over priced. Use a laptop, or home brew a similar device with a mcuh cheaper Zaurus:

    http://www.irongeek.com/i.php?submenu=zaurus/zauru sheader&page=zaurus/zaurusmain [irongeek.com]
    • It's a $3600 Nokia WebPad with custom software on it.

      Considering the new WebPads and all being available and supported (unlike the Zaurus...), I think I'll go with that instead...

      • Re:Skip the Zaurus... (Score:5, Insightful)

        by Tony Hoyle (11698) <tmh@nodomain.org> on Thursday February 08 2007, @11:12AM (#17934982) Homepage
        $3600 for something to detect wireless networks?

        For half that money you could get a fully fledged laptop with builtin wireless and run any tools you liked.

        From the summary I was expecting a $50 pocket device.
        • What I like about the Zaurus is the very fact that its so portable. I can turn on Kismet and keep it in my jacket pocket while out and about, logging APs all the way. You really can't do that with a laptop if you want to go around on foot.

          • What I like about the Zaurus is the very fact that its so portable. I can turn on Kismet and keep it in my jacket pocket while out and about, logging APs all the way. You really can't do that with a laptop if you want to go around on foot.

            I guess you could if you have one of those jackets with the big pocket on the back. Perfect for sliding a laptop into. Probably only doable in cold weather though, as the laptop will definitely keep you warm...

    • Well, let's add it up...

      1. A laptop does not fit covertly into your pocket.
      2. A "home brew" device... let's see, the link you sent suggests ~$200 in hardware. Then it says "Apps I hope to get around to testing" and lists a few possible hacking tools (in other words, he hasn't done it yet). Add up the time it would take a skilled geek to develop and maintain the complete hacking software suite, make it as simple to use and automated, and patch it monthly with the latest exploits... suddenly $3600 sounds not
    • ya, a 500 dollar laptop, metasploit, and a decent wireless card and you will have more than you bargained for.

  • What I like to do... (Score:5, Interesting)

    by Ford Prefect (8777) on Thursday February 08 2007, @10:49AM (#17934692) Homepage
    ... is leave dozens of wireless routers lying around, switched on, broadcasting trivially encrypted 'networks' to the surroundings - except not have anything connected to them. No internet, no servers, no ethernet cable, nothing.

    The real network is hidden, strongly encrypted and using 802.11n. Beat that, hackers!

  • I believe... (Score:4, Funny)

    by russotto (537200) on Thursday February 08 2007, @10:54AM (#17934744) Journal
    ...it was Dr. Fronk who said, "Well, I guess it pretty much can only be used for evil".
  • hmmm. $3,600. Damn. The very first thing I did was put toghether a suite of open source wifi hacking tools.
    All they did was put together an easy to use gui so anyone without any computer knolwledge at all can use it.
    hmm.. that's against the hackers code!

  • Recipe for bad humour (Score:5, Funny)

    by multisync (218450) on Thursday February 08 2007, @11:07AM (#17934906) Journal
    Post an article on slashdot with the words "penetrate" and "open ports" in the summary.

    • Actually... (Score:5, Funny)

      by StressGuy (472374) on Thursday February 08 2007, @11:51AM (#17935490)
      It's the same bad joke over and over again until somebody post one of the following....

      "In Soviet Russia - Open Ports Penetrate You!"

      or..."my back door is impenetrable YOU INSENSITIVE CLOD!!!"

      or...perhaps a reference to a Beowulf cluster-f%@k

      or...something ending in .... PROFIT!

      then we all get sick of it.

  • Gotta wonder... (Score:4, Funny)

    by catdevnull (531283) on Thursday February 08 2007, @11:09AM (#17934934)
    Gotta wonder about a picture of a chick with "penetration testing" as a caption.

    God, I love IT.

  • Automated intrusion software (Score:5, Funny)

    by sshore (50665) on Thursday February 08 2007, @11:09AM (#17934938)

    Over the last year or so, I've considered writing an automated wireless network intrusion tool. It would:

    • capture encrypted packets and attempt to crack wep/wpa keys
    • join wireless networks, enumerate targets
    • retrieve files of interest from shares or recover them from packet dumps
    • launch code attacks, like this tool does

    You'd run it on a laptop that you'd carry in your backpack or in your car, on your way to/from work or just cruising around on a Sunday afternoon.

    As such, it would be called the Transient Wireless Intrusion Tool, or TWIT. I just get a charge out of network security people writing about twits wandering around near the network.

  • Legality? (Score:3, Interesting)

    by Zeek40 (1017978) on Thursday February 08 2007, @11:11AM (#17934972)
    I would think that the Digital Make everyone a Criminal Act would prevent a company from marketing a device like this...

  • Now just combine that with OLPC (Score:5, Funny)

    by kabocox (199019) on Thursday February 08 2007, @11:20AM (#17935064)
    I'd like to see someone program that for the OLPC laptop. I could easily envision a slashdotter transforming a simple educational device into a hightech potentially offensive military IT resource and giving it to 3rd world kids.

  • Dupe or Followup? (Score:4, Interesting)

    by HTH NE1 (675604) on Thursday February 08 2007, @11:28AM (#17935180)
    I remember something about this before [slashdot.org]. Yup, it was about Silica then too.

    I posted a theory about sending one to yourself through the mail activated and with a GPS so that the postal delivery vehicle does your wardriving for you. I called it warsmailing [slashdot.org]. So far no results on Google of anyone attempting it using that term.

    (Why do I keep being prompted to save a download of comments.pl when I Submit?)

  • How did they know??? (Score:5, Funny)

    by master_p (608214) on Thursday February 08 2007, @11:31AM (#17935214)
    I already have a wife penetration tester in my pocket, thank you very much.
  • You should still keep your wifi open... a criminal needs to be in geographic proximity. wow. This is so much worse than someone on the other side of the country being able to break into your machine. Honestly, if we all keep our wifis open it'll be better in the long run. I don't know why it just will be i swear.

  • Penetration Tester in your Pocket 7333482 (Score:3, Funny)

    by Anonymous Coward on Thursday February 08 2007, @11:41AM (#17935370)
    For a moment there, I thought I was going to have to implement spam filtering on my RSS feed from Slashdot.

  • That is either the greatest or worst pickup line in the history of the world: "Hey baby, I got a penetration tester in my pocket..."

  • The story is: Linux is great (Score:3, Funny)

    by daveaitel (598781) on Thursday February 08 2007, @12:51PM (#17936230) Homepage Journal
    The take on this story SHOULD be that it's possible to have a small company choose embedded Linux to deploy innovative and interesting applications on. We could have chosen Windows Mobile, of course, but Linux was technically the better choice. That's the important part here. Open Source tools get you to market faster and cheaper.
  • I think, the $3600 device is nothing more, but a Nokia 770 (that is clear from the photos) runnig GUI for Kismet or some sort of other Wifi scanner.

    Good margin! ;)
  • I'm disappointed nobody has mentioned BackTrack [remote-exploit.org] yet. Live, bootable Linux CD loaded with wireless scanning and hacking tools. To be honest, I haven't tried it yet, but Free sure is cheaper than $3600!
  • Where do I start with this thing?

    The number of applications this device provides that are both legitimate and useful are near zero.

    If you are legitimately authorized to do scans, why not do it with proper equipment? I used to warwalk all the time with an open laptop in plain view, and if anyone stopped me, I had a letter from the CIO in my hand.

    If you want to truly test security are you gonna hand an idiot-proof device to some intern and tell them to push the pretty red button and run around with it?
  • janus mini-itx [mini-itx.com] I quote:
    The "Janus Project" is the brainchild of Kyle Williams of the Janus Wireless Security Research Group in Portland, Oregon.

    Mounted inside an epoxy and silicone-sealed watertight case lives a 1.5GHz C7 powered EPIA EN 15000G motherboard, 2 x four-port PCI to mini-PCI adapters, 8 x 802.11a/b/g mini-PCI WLAN Modules, 2 x 1W 2.4Ghz WLAN amplifiers, a keyboard and a 17in LCD screen. The system can scan up to 300 wireless networks simultaneously, storing and AES encrypting in real time a

    • It's both!

      A 'penetration tester' that can scan other connections for open ports, and automatically launch code execution exploits. It has self replicating code, but the doctor says there is no viral payload.

    • Heh... The hackers are already DOING this stuff- on similar devices, even.

      You're going to find that the black/grey hats will be buying a Nokia 770 or it's next generation,
      buying one of the alterable PocketPC's, or a cheap laptop and running Metasploit or SPIKE/MOSDEF
      on them- all of which are legit tools and available as LGPL or similar licensed code. And, in the
      case of SPIKE/MOSDEF, you're using the underlying engine for CANVAS anyhow...

      All this does is provide commercial support and exploit updates for a
    • Since you mentioned Vista, it brings to mind a neighbor of mine who is always leaving his wireless router unsecured. I brought it up to him recently and he told me that he doesn't have to worry about that because he's got a Mac.

      Wow.

      • Re: (Score:3, Insightful)

        by mrchaotica (681592) *

        Just secure it for him yourself. When he suddenly can't access it because you've enabled WPA, he'll understand the importance of security.

        (And if he gets upset with you, tell him "just be glad I didn't download a bunch of kiddy pr0n and try to hack the NSA with it!")

        • Just secure it for him yourself.

          I intend to do that just as soon as I finish downloading a bunch of kiddie pr0n and hacking the NSA.

          [note to Carnivore technician: the above was a joke. I'm not really downloading kiddie pr0n.]
        • My buddy secured his neighbor's WAP on accident. He thought he was configuring his own.

          The neighbor was confused when told that his router now had a WEP key in place.
    • ... which is a nice advert for Nokia; I would hope that Silica doesn't use any GPLd libraries otherwise they'll have to release source, which would be nice, as kismet or aircrack-ng are nowhere near as automated as this baby!

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.