Jump to content

pineapple disk? whaaaaaaat?


cheeto
 Share

Recommended Posts

I find it funny that they also sell this crappy mini-USB wifi adapter and mark it as working with the Pineapple. As you can tell from the image, they mean *their* Pineapple.

The main reason it's funny is that the things you want to use a Pineapple for are best served with a powerful radio/antenna combo and then they pair it with that lump of shit...

Note that on the same row where it says "Product details" "Feedback" etc to the right there's a "Report item" link where both IP holders and mere mortals are allowed to report a product as being counterfeit. No idea if they're going to act upon it in any way, but I've reported this knock-off as being counterfeit. Let's hope they listen.

Link to comment
Share on other sites

That really sucks! Again, I think that copying a logo and selling as if it were the real thing is not only ripping off Hak5 but also customers that buy a fake product. No to mention everyone in this community who has collaborated with some great infusions.

I remember the SAME thing happend with a USBJTAG I bought a few years ago. A group had copied the hardware and software.

So the owner made a NEW USBJTAGNT which required serial key which is associated to the hardware. Case closed, no more clones.

I would hope that the MKVI be protected somehow. Let's face it, making a claim in China regarding copyright is a long shot.

Link to comment
Share on other sites

I spent a few months in southern China last year and from I saw, the chances of any copyright claims being dealt with are pretty slim. Complete shops on high streets blatantly advertise themselves as "Appla" or "Niek" and sell rip off products. If they can get by, then it'd be even easier for a website. Some shops don't even bother trying to change the name.

Link to comment
Share on other sites

So as an ethical thought experiment, not that I condone cyber attacks in anyway, if the website is fraud, and the skirt the laws, is it still illegal/wrong if someone where to dos them?

(i do consider myself whitehat, so I personally would never do this)

Link to comment
Share on other sites

So as an ethical thought experiment, not that I condone cyber attacks in anyway, if the website is fraud, and the skirt the laws, is it still illegal/wrong if someone where to dos them? (i do consider myself whitehat, so I personally would never do this)

Chinese

If it's in another country I don't think the feds mind. Check into it though. Extradition to china? I don't think so. Also there are stories all the time about china ripping off our manufacturers by reversing our stuff.

Edited by overwraith
Link to comment
Share on other sites

Note that, by my understanding, you are typically prosecuted under the law of the jurisdiction you're in when you commit the crime.

So, if the chinese don't have a law against DDOS attacks (wouldn't surprise me) but the US does (known fact) and you DDOS a chinese website from the US the chinaman can start legal proceedings against you on the basis that what you did to him from your country is illegal by your own countries norms and as such is what you legally need to abide by while there.

In other words: Don't.

Link to comment
Share on other sites

I spent a few months in southern China last year and from I saw, the chances of any copyright claims being dealt with are pretty slim. Complete shops on high streets blatantly advertise themselves as "Appla" or "Niek" and sell rip off products. If they can get by, then it'd be even easier for a website. Some shops don't even bother trying to change the name.

Which shows that even in China you can't call a knockoff by the original brand's name. You might not get any money and they may start calling it the Wyfy Pyneapple, but you can claim ownership of the original name and you can claim ownership of the logo and they can and maybe even do enforce those things.

Link to comment
Share on other sites

Note that, by my understanding, you are typically prosecuted under the law of the jurisdiction you're in when you commit the crime.

So, if the chinese don't have a law against DDOS attacks (wouldn't surprise me) but the US does (known fact) and you DDOS a chinese website from the US the chinaman can start legal proceedings against you on the basis that what you did to him from your country is illegal by your own countries norms and as such is what you legally need to abide by while there.

In other words: Don't.

I just can't see the United States actually extraditing to China. We are not the best of friends, we are business partners, but there has been a history. If there actually was an instance of extradition that happening?

On a cautionary note however I am not actually going to try it, is generally a bad idea. Who knows, my ISP might not like the traffic even traveling over my connection, could shut me down.

Edited by overwraith
Link to comment
Share on other sites

You don't need to extradited because you can be tried by local law since you broke a US law while in the US.

You get to go to a US jail to be fucked in the ass by a US inmate though I suspect that won't make you feel a lot better about the entire situation...

If you drive into a flock of chinese tourists and maybe even kill a handful of them, do you really think you need to be extradited to China to be held accountable for what you did?

Edited by Cooper
Link to comment
Share on other sites

But the company whom you are targeting does not have a presence in the US, therefore there isn't really a plaintiff. I learned in my cyber forensics class that people lots of times do get off on cyber attacks against other countries because there really is no law structure that governs interactions like these between countries. Your statements just simply don't reflect reality, at least not in the United States.

Link to comment
Share on other sites

How about when the server this chinaman is using is hosted in the US?

I'm trying to think of similar incidents that happened in the past where it was the other way around. The best I can come up with is when that US military plane in Italy flew his plane way too low through a skiing resort, nicked the cable of a ski lift with the tail fin of his jet, snapped the cord and a bunch of tourists fell to their deaths. The US army wasted no time to ship these airmen home. They were eventually tried in a US court (NATO agreements made this the appropriate court) and acquitted on the basis that the plane altimeter was malfunctioning and so the pilot wasn't aware he was flying at 300ft as opposed to the allowed minimum of 2000ft...

http://en.wikipedia.org/wiki/Cavalese_cable_car_disaster_%281998%29

According to this page the pilot eventually got ratted out by his navigator, found guilty of obstruction of justice (deliberate destruction of onboard video footage) and served 4.5 months of his 6 month sentence. Both were kicked out of the army.

So here there was a treaty of sorts in play, jurisdiction was determined, a trial happened and eventually someone even got 2 weeks for each tourist he killed (yay justice).

Another thing would be the Roman Polanski child rape thing that made the guy move to France. He's polish, committed a crime in the US against a US citizen, pled guilty as part of a plea bargain, found out he'd have to do time and then be deported, didn't like those prospects and thus fled to France. Because Polanski had naturalized to become a french citizen and France, under their extradition agreement with the US, can refuse to extradite a citizen and chose to invoke this right the guy remains free to this very day.

Hrmm....

Well, anyways, still don't. It's the smarter move to make.

Edited by Cooper
Link to comment
Share on other sites

In that case you would be charged and prosecuted, is it hosted in the US? (whois)

C:\Users\username\Desktop\WhoIs>whois.exe http://www.aliexpress.com

Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich

Connecting to COM.whois-servers.net...
Connecting to whois.markmonitor.com...

Domain ID: 413519034_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2014-10-28T12:38:28-0700
Creation Date: 2006-04-16T11:16:46-0700
Registrar Registration Expiration Date: 2016-04-16T11:16:46-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdatePro
hibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransfe
rProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeletePro
hibited)
Registry Registrant ID:
Registrant Name: Timothy Alexander Steinert
Registrant Organization: Hangzhou Alibaba Advertising Co., Ltd.(µ¥¡σ╖₧Θÿ┐Θçîσ╖┤σ
╖┤σ╣┐σæèµ£ëΘÖÉσà¼σÅ╕)
Registrant Street: No. 699 Wangshang Road , Binjiang District
Registrant City: Hangzhou
Registrant State/Province: Zhejiang
Registrant Postal Code: 310052
Registrant Country: CN
Registrant Phone: +852.22155100
Registrant Phone Ext:
Registrant Fax: +852.22155200
Registrant Fax Ext:
Registrant Email: dnsadmin@hk.alibaba-inc.com
Registry Admin ID:
Admin Name: Timothy Alexander Steinert
Admin Organization: Hangzhou Alibaba Advertising Co., Ltd.(杭州阿里巴巴广
告有限公司)
Admin Street: No. 699 Wangshang Road , Binjiang District
Admin City: Hangzhou
Admin State/Province: Zhejiang
Admin Postal Code: 310052
Admin Country: CN
Admin Phone: +852.22155100
Admin Phone Ext:
Admin Fax: +852.22155200
Admin Fax Ext:
Admin Email: dnsadmin@hk.alibaba-inc.com
Registry Tech ID:
Tech Name: Timothy Alexander Steinert
Tech Organization: Hangzhou Alibaba Advertising Co., Ltd.(µ¥¡σ╖₧Θÿ┐Θçîσ╖┤σ╖┤σ╣┐σ
æèµ£ëΘÖÉσà¼σÅ╕)
Tech Street: No. 699 Wangshang Road , Binjiang District
Tech City: Hangzhou
Tech State/Province: Zhejiang
Tech Postal Code: 310052
Tech Country: CN
Tech Phone: +852.22155100
Tech Phone Ext:
Tech Fax: +852.22155200
Tech Fax Ext:
Tech Email: dnsadmin@hk.alibaba-inc.com
Name Server: ns8.alibabaonline.com
Name Server: nsp.alibabaonline.com
Name Server: nsp2.alibabaonline.com
Name Server: nshz.alibabaonline.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2015-02-16T12:25:20-0800 <<<

The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for
information purposes, and to assist persons in obtaining information about or
related to a domain name registration record.  MarkMonitor.com does not guarante
e
its accuracy.  By submitting a WHOIS query, you agree that you will use this Dat
a
only for lawful purposes and that, under no circumstances will you use this Data
 to:
 (1) allow, enable, or otherwise support the transmission of mass unsolicited,
     commercial advertising or solicitations via e-mail (spam); or
 (2) enable high volume, automated, electronic processes that apply to
     MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

MarkMonitor is the Global Leader in Online Brand Protection.

MarkMonitor Domain Management(TM)
MarkMonitor Brand Protection(TM)
MarkMonitor AntiPiracy(TM)
MarkMonitor AntiFraud(TM)
Professional and Managed Services

Visit MarkMonitor at http://www.markmonitor.com
Contact us at +1.8007459229
In Europe, at +44.02032062220



C:\Users\username\Desktop\WhoIs>

It does look like there is some kind of European presence, I see at the very end an "In Europe" something or another. Most of the rest of it looks fairly Chinese in origin however. But you're right it would probably be a bad idea to DoS this one.

C:\Users\username\Desktop\WhoIs>whois http://www.markmonitor.com

Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich

Connecting to COM.whois-servers.net...
Connecting to COM.whois-servers.net...
Connecting to whois.markmonitor.com...

Domain ID: 5604337_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2014-10-28T12:38:28-0700
Creation Date: 1999-04-23T00:00:00-0700
Registrar Registration Expiration Date: 2015-04-22T21:00:00-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdatePro
hibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransfe
rProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeletePro
hibited)
Registry Registrant ID:
Registrant Name: MarkMonitor Inc.
Registrant Organization: MarkMonitor Inc.
Registrant Street: 391 N Ancestor Pl,
Registrant City: Boise
Registrant State/Province: ID
Registrant Postal Code: 83704
Registrant Country: US
Registrant Phone: +1.8003377520
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: custserv@markmonitor.com
Registry Admin ID:
Admin Name: MarkMonitor Inc.
Admin Organization: MarkMonitor Inc.
Admin Street: 391 N Ancestor Pl,
Admin City: Boise
Admin State/Province: ID
Admin Postal Code: 83704
Admin Country: US
Admin Phone: +1.8003377520
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: custserv@markmonitor.com
Registry Tech ID:
Tech Name: MarkMonitor Inc.
Tech Organization: MarkMonitor Inc.
Tech Street: 391 N Ancestor Pl,
Tech City: Boise
Tech State/Province: ID
Tech Postal Code: 83704
Tech Country: US
Tech Phone: +1.8003377520
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: custserv@markmonitor.com
Name Server: ns7.markmonitor.com
Name Server: ns3.markmonitor.com
Name Server: ns6.markmonitor.com
Name Server: ns5.markmonitor.com
Name Server: ns1.markmonitor.com
Name Server: ns4.markmonitor.com
Name Server: ns2.markmonitor.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2015-02-16T12:35:31-0800 <<<

The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for
information purposes, and to assist persons in obtaining information about or
related to a domain name registration record.  MarkMonitor.com does not guarante
e
its accuracy.  By submitting a WHOIS query, you agree that you will use this Dat
a
only for lawful purposes and that, under no circumstances will you use this Data
 to:
 (1) allow, enable, or otherwise support the transmission of mass unsolicited,
     commercial advertising or solicitations via e-mail (spam); or
 (2) enable high volume, automated, electronic processes that apply to
     MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

MarkMonitor is the Global Leader in Online Brand Protection.

MarkMonitor Domain Management(TM)
MarkMonitor Brand Protection(TM)
MarkMonitor AntiPiracy(TM)
MarkMonitor AntiFraud(TM)
Professional and Managed Services

Visit MarkMonitor at http://www.markmonitor.com
Contact us at +1.8007459229
In Europe, at +44.02032062220



C:\Users\username\Desktop\WhoIs>

Looks like markmonitor is based in Boise, so US. Like I said I am not going to try, someone wanted to know however, so it's up to us to give reasons for why we think the feds would or would not prosecute. I think that this particular conglomerate does have US affiliations, therefore it would not be a good idea to do so, we have reached a verdict.

Edited by overwraith
Link to comment
Share on other sites

regardless, the hardware it 99% likely to be trojaned and damaging, I just feel bad for the people who mistakenly buy it instead of from the hakshop.

Send one to an AV company, I'm sure they would love to play with it. They do that whole debugging and black box forensics all the time.

Link to comment
Share on other sites

My final note on the DDOSsing of the server would be that you should keep in mind that you're effectively talking about attacking something like eBay over what 1 seller is peddling there. I genuinely expect Alibaba to contact the seller to prove their merchandise is valid in the face of a formal complaint.

I once had ordered something from a seller and roughly 1.5 weeks after ordering I was told my order was on hold pending proof of shipment from the vendor. Another week later I received notice that my order was being refunded and this seller was kicked off their site. I didn't have my plaything but at least I was made whole and I honestly suspect the vendor was in a rather less pleasant situation.

Link to comment
Share on other sites

I genuinely expect Alibaba to contact the seller to prove their merchandise is valid in the face of a formal complaint.

I missed the part where it said the name of the website from the OP. I, too, would also think Alibaba would not want to risk their reputation by selling fraud goods. I was thinking this was some crappy Chinese website with no traffic and nothing in English except maybe hak5 and pineapple.
Link to comment
Share on other sites

Let's please not entertain any sort of vigilante action, DDOS included. Alibaba is a large and well respected company in China with a reputation for upholding intellectual property rights. I don't know the specifics of their laws, but I assume something like safe harbor may apply.

We've been aware of this for a few weeks. Unfortunately it has taken some time to get our IPR paperwork sorted. We've finally been verified by Alibaba as the original rights holder and are pending take-down requests.

Battery wise, they can get away with putting one in it more easily because they don't even have to attempt passing any sort of regulations. We jump through some major hoops to keep things on the up-and-up. 3G wise they just mean it has a USB port.

We've had interesting dealings with IPR in the past. Search Apple Inc v Hak5 LLC even... If we can make it through getting sued by Apple, surely we can best a counterfeit knockoff.

If I haven't said this recently - know that from the bottom of our hearts Seb and Sara and Shannon and Paul and myself love you all deeply for giving us the freedom to live our dreams making cool stuff. Stay tuned for some ridiculously cool new and innovating stuff from us (no hints, but not Pineapple related).

Thanks!

Link to comment
Share on other sites

Got this email this morning:

[...]We refer to your recent report about suspicious product listing(s).
Please be informed that we have removed the reported listing(s) in accordance with our Product Listing Policy / relevant policy.
Thank you for your kind attention to our platform, and we appreciate your information greatly![...]


Interesting supplemental:
The product doesn't appear anymore when you search for "Wifi Pineapple" but the link to the product page still produces working display of the product, including options for purchasing one... Maybe they'll fix that after the Chinese New Year celebration ends at the end of the month.

Edited by Cooper
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...