Video Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video) 74
Video no longer available.
Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices. Their website says, 'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses.' Hardware buffs will recognize this unit as a SheevaPlug, but the value-add is that it's preloaded with Ubuntu Linux and and a rich suite of intrusion/testing tools. The company's 'Founder and CEO and everything else' is Dave Porcello. The video is an interview with Dave, in which he shows off and demonstrates some Pwnie Express products.
Re:Pwnie Express (Score:2, Insightful)
Where's the Line? (Score:5, Insightful)
In some states, possession of tools for picking locks or breaking into cars is illegal. Sure, they can have legitimate uses, but at some point government decided that the potential illegal uses far outweighed the legal uses and subsequently outlawed them
Now look at this device. Seemingly innocent with a legitimate purpose, but apparently a perfect platform for more nefarious use.
So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network? Should it ever be considered that?
If not, what additional software or form factor enhancements would change your mind?
Discuss amongst yourselves.
Re:Where's the Line? (Score:5, Insightful)
Slimjims and lockpick sets are not as easily dismissed as innocuous. I do see your parallel.
Re:Where's the Line? (Score:4, Insightful)
At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?
The moment it is actually used to illegally break into a network, and never before it happens. Devices themselves have no intent and therefore cannot be "evil" until put to an "evil" use. If you have permission to do testing, using a device like this can be a great tool.