Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Portables Security Wireless Networking IT

Wi-Fi Penetration Tester In Your Pocket 121

Posted by kdawson from the happy-to-see-me? dept.
00*789*00 writes "ZDNet has a story about the public launch of Immunity's Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform."
This discussion has been archived. No new comments can be posted.

Wi-Fi Penetration Tester In Your Pocket More

Wi-Fi Penetration Tester In Your Pocket

Comments Filter:

  • Re:Honeypot Reverse Attack (Score:2, Informative)

    by VirusEqualsVeryYes ( 981719 ) on Thursday February 08, 2007 @11:47AM (#17934672)
    The portable hacking device runs Linux.

  • Gimmick. (Score:2, Informative)

    by hrtserpent6 ( 806666 ) on Thursday February 08, 2007 @04:12PM (#17938222)
    Where do I start with this thing?

    The number of applications this device provides that are both legitimate and useful are near zero.

    If you are legitimately authorized to do scans, why not do it with proper equipment? I used to warwalk all the time with an open laptop in plain view, and if anyone stopped me, I had a letter from the CIO in my hand.

    If you want to truly test security are you gonna hand an idiot-proof device to some intern and tell them to push the pretty red button and run around with it? No, you are going to hire a security expert who will likely prefer proper tools.

    From TFA: "...mostly from law enforcement agencies looking to do covert hacking on sensitive networks."

    Whee! Illegal wiretapping! I'm sure that's kosher. If you have a warrant, then you shouldn't have any problems. See above. (Oops, I forgot that's 'legal' now. Oh well.)

    Also from TFA: "It's aimed at the non-technical user interested in doing drive-by pen-tests. You start it, run a scan, connect, run your exploit, get an HTML report of what was done."

    No responsible pentester runs around with surreptitious devices in 'fuck you' mode on production networks. It's a quick ticket to being fired, sued and/or arrested. Pen testing and vulnerability testing is done under strict Rules of Engagement which rarely include secondary exploitation anymore. Most organizations want you to be as hands-off and low-impact as possible. Detect a possible vulnerability, record it, and move on. If they want you to eliminate false positives and/or verify a particular vulnerability later, then you do it carefully. Cutesy shit like grabbing files, printing "OWNZORED" on network printers and AllYourBase.txt in \root is the mark of amateurs.

    Nothing to see here. It's a cool toy, but if you want to do this kind of stuff on a real network, hire a real security company.

    The only useful thing I see here is that the barrier to entry for wireless shenanigans has just fallen to the floor and organizations had better start ditching WEP and WPA/WPA2 and moving to 802.1X/EAP/EAPOL.

Slashdot Top Deals

"Here's something to think about: How come you never see a headline like `Psychic Wins Lottery.'" -- Comedian Jay Leno

Close