jdogherman Posted June 21, 2012 Share Posted June 21, 2012 with all this concern about security it amazes me that we dont have encryption on the management ssid NOR SSL on the web traffic.. Out of the box I guess you could do an shell connection with port forwarding. So the moral of the story is think carefully about changing the root password to something that is familiar to you as it is transmitted in clear text. Quote Link to comment Share on other sites More sharing options...
jdogherman Posted June 21, 2012 Author Share Posted June 21, 2012 Future security solutions... limit http and ssh access to certain hosts add encryption to a new management ssid enable ssh & http to only eth0 interface enable SSL on http access / https only permit management though ssh access (restrict http access to all but lo) build web user access who is not root disable root access, make user escalate for SU rights Just brainstorming ideas Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted June 21, 2012 Share Posted June 21, 2012 · Hidden by Whistle Master, June 21, 2012 - No reason given Hidden by Whistle Master, June 21, 2012 - No reason given All that makes sense if we were on a production environment :) Here, this is a hacker tool ;) Link to comment
Sebkinne Posted June 21, 2012 Share Posted June 21, 2012 Some of this will make it to the next release. Best, Sebkinne Quote Link to comment Share on other sites More sharing options...
jdogherman Posted June 21, 2012 Author Share Posted June 21, 2012 All that makes sense if we were on a production environment Here, this is a hacker tool the problem i see is what happens when you are using this hacker tool near other hackers? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted June 21, 2012 Share Posted June 21, 2012 the problem i see is what happens when you are using this hacker tool near other hackers? The intended use for the Pineapple is penetration testing though, so it should be unlikely. BUT non the less, some of these features will be added in the next bigger version. Best, Sebkinne Quote Link to comment Share on other sites More sharing options...
jdogherman Posted June 21, 2012 Author Share Posted June 21, 2012 thanks Seb! Quote Link to comment Share on other sites More sharing options...
R04DRUNN3R Posted August 22, 2012 Share Posted August 22, 2012 Nice, I hope you intergrate ssl (https) in the Pineapple Quote Link to comment Share on other sites More sharing options...
farfel Posted August 28, 2012 Share Posted August 28, 2012 (edited) The intended use for the Pineapple is penetration testing though, so it should be unlikely. Our use of Pineapple is not for pen testing, troubleshooting networks or hacking; we'd just as soon see those features able to be hidden. I'm glad to see that some of the suggestions made will be in the next release. Edited August 28, 2012 by farfel Quote Link to comment Share on other sites More sharing options...
barry99705 Posted August 29, 2012 Share Posted August 29, 2012 Our use of Pineapple is not for pen testing, troubleshooting networks or hacking; we'd just as soon see those features able to be hidden. I'm glad to see that some of the suggestions made will be in the next release. Not to sound too much like an ass, but if you're not using the Pineapple for pen testing, troubleshooting networks, or hacking, what are you using it for??? Quote Link to comment Share on other sites More sharing options...
farfel Posted August 29, 2012 Share Posted August 29, 2012 Not to sound too much like an ass, but if you're not using the Pineapple for pen testing, troubleshooting networks, or hacking, what are you using it for??? The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted August 29, 2012 Share Posted August 29, 2012 The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose. It will be as it gives you a lot of ways to handle exactly that. To secure it, I will be adding encrypted fs, https and so on. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
barry99705 Posted August 29, 2012 Share Posted August 29, 2012 The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose. Cool! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.