jdogherman Posted June 21, 2012 Posted June 21, 2012 with all this concern about security it amazes me that we dont have encryption on the management ssid NOR SSL on the web traffic.. Out of the box I guess you could do an shell connection with port forwarding. So the moral of the story is think carefully about changing the root password to something that is familiar to you as it is transmitted in clear text. Quote
jdogherman Posted June 21, 2012 Author Posted June 21, 2012 Future security solutions... limit http and ssh access to certain hosts add encryption to a new management ssid enable ssh & http to only eth0 interface enable SSL on http access / https only permit management though ssh access (restrict http access to all but lo) build web user access who is not root disable root access, make user escalate for SU rights Just brainstorming ideas Quote
Whistle Master Posted June 21, 2012 Posted June 21, 2012 · Hidden by Whistle Master, June 21, 2012 - No reason given Hidden by Whistle Master, June 21, 2012 - No reason given All that makes sense if we were on a production environment :) Here, this is a hacker tool ;)
Sebkinne Posted June 21, 2012 Posted June 21, 2012 Some of this will make it to the next release. Best, Sebkinne Quote
jdogherman Posted June 21, 2012 Author Posted June 21, 2012 All that makes sense if we were on a production environment Here, this is a hacker tool the problem i see is what happens when you are using this hacker tool near other hackers? Quote
Sebkinne Posted June 21, 2012 Posted June 21, 2012 the problem i see is what happens when you are using this hacker tool near other hackers? The intended use for the Pineapple is penetration testing though, so it should be unlikely. BUT non the less, some of these features will be added in the next bigger version. Best, Sebkinne Quote
R04DRUNN3R Posted August 22, 2012 Posted August 22, 2012 Nice, I hope you intergrate ssl (https) in the Pineapple Quote
farfel Posted August 28, 2012 Posted August 28, 2012 (edited) The intended use for the Pineapple is penetration testing though, so it should be unlikely. Our use of Pineapple is not for pen testing, troubleshooting networks or hacking; we'd just as soon see those features able to be hidden. I'm glad to see that some of the suggestions made will be in the next release. Edited August 28, 2012 by farfel Quote
barry99705 Posted August 29, 2012 Posted August 29, 2012 Our use of Pineapple is not for pen testing, troubleshooting networks or hacking; we'd just as soon see those features able to be hidden. I'm glad to see that some of the suggestions made will be in the next release. Not to sound too much like an ass, but if you're not using the Pineapple for pen testing, troubleshooting networks, or hacking, what are you using it for??? Quote
farfel Posted August 29, 2012 Posted August 29, 2012 Not to sound too much like an ass, but if you're not using the Pineapple for pen testing, troubleshooting networks, or hacking, what are you using it for??? The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose. Quote
Sebkinne Posted August 29, 2012 Posted August 29, 2012 The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose. It will be as it gives you a lot of ways to handle exactly that. To secure it, I will be adding encrypted fs, https and so on. Best Regards, Sebkinne Quote
barry99705 Posted August 29, 2012 Posted August 29, 2012 The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose. Cool! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.