Slashdot Log In
Neopwn, the World's First Pentesting Mobile Phone
Posted by
timothy
on Sun Sep 21, 2008 01:05 PM
from the data-rate-plan dept.
from the data-rate-plan dept.
thefanboy writes "What do you get when you cross BackTrack Linux apps with a mobile phone? This is the first ever publicly available mobile phone running a full custom Linux network auditing distribution, and it runs it surprisingly well. One can literally go from phone to pwn in 2 seconds. Based off of the Openmoko Neo Freerunner, many steps have been taken to compensate for the lack of a QWERTY keyboard with automation scripts, dialogs, and a point-and-pwn menu. It runs applications such as Metasploit and the Aircrack suite quite well, especially given the fact that it supports a wide array of USB WLAN cards."
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
I really hate the term 'pwn' (Score:5, Insightful)
Re:I really hate the term 'pwn' (Score:5, Funny)
"'pwn' drives me nuts. In my eyes the use of it seriously undermines any project and gives the impression that it is presided over by annoying 13 years olds which, in turn, pretty much makes me dismiss it."
Even if it is accompanied by trendy, fresh terms like "Neo" ???
Parent
Re: (Score:2)
Even if it is accompanied by trendy, fresh terms like "Neo" ???
I don't know about fresh, but the term is definitely new
.
Re: (Score:3, Insightful)
Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies.
Re:I really hate the term 'pwn' (Score:5, Insightful)
"Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies."
Then you'd be stupid.
Sure, a young kid can write some novel little things, but serious software? No. It does in fact take teams of people do to that - in the OSS world or corporate world (or as often is the case, a mix of the two.)
Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.
It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.
Parent
Re: (Score:2, Funny)
Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.
Ummm, no. You forgot the pr0n. Lots & lots of pr0n.
It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.
Probably because you got pwned.
Re:I really hate the term 'pwn' (Score:4, Insightful)
No it doesn't. Any piece of software actually large enough to need a team (which is a far far smaller number than the number which are generally written by team) should be separated into smaller components. A single good coder beats a team - of any size - every time; I've lost count of the number of times I've seen a kid write a superior replacement for something that took a major corp. six months in one 36-hour shot.
Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.
95% of everything is shit. Yes, a lot of 13 year olds are doing shit, but they aren't the ones who are writing and releasing code.
It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.
You'd be surprised how many of those "kiddies" are actually in their 20s or worse.
Parent
Re: (Score:2)
Don't let them ruin your game. Ruin their's first. It's so much more fun!
Re: (Score:2, Insightful)
Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies.
I don't trust a 13 year old kid to wash my car, let alone do something like write software for me. Wait until they've gone to school and got a bit of experience doing actual work, and then we'll talk.
Re: (Score:2)
Uhhh, I don't know how everyone else was when they were 13, but when I was 13 I was watching cartoons and letting people think I was good at computers because I understood most of the settings on the computer. I didn't touch code until very late high school. If I did when I was 13 I think it would have been unmaintainable garbage.
I also frequently used the term "pwn" in my shitty online videogames.
Well actually, as a testament to my nerdiness, I thought it meant "pawn" first. As in, someone's so awesome t
Re: (Score:3, Insightful)
I wrote a (shitty) text adventure on the C64 when I was 8 or 9. By I was 13 I was probably hacking away in MOO code and Turbo Pascal. But yeah, I agree, the original post about trusting a 13-year-old's code is a bit ridiculous.
Re: (Score:2)
Unfortunately, being a sophmore in college, my first "real" computer was with Windows 95. We had one before then that was text only, but I used it so little I have no idea what it was.
Thank god for Tech TV telling me about Linux. If I hadn't had a system with which I could play around so much I wouldn't be a CS major now.
Re: (Score:2)
Oops, thanks for pointing out the homonym.
Re:I really hate the term 'pwn' (Score:5, Funny)
:P
Parent
Re: (Score:2)
Oh man, I guess two day's not my day.
Wait... Shit!
Re: (Score:2)
That's not nerdiness, that's called "stupidity".
He already said he was 13.
Re: (Score:2)
I think the problem here is the definition of "good". While it might be inventive or very efficient, it will probably not be very readable or maintainable. Thirteen year old programmers aren't thinking about commenting, portability, planning for future changes, etc. Experience counts for an awful lot because you know how to avoid the pitfalls that will surprise the novice programmer. Version 1.0 will look great. But creating 2.0 could be a nightmare, and only the original coder will have a chance of pu
Re: (Score:3, Funny)
Yeah, the OP really got pwned.
Re: (Score:3, Funny)
Re: (Score:2)
Interestingly enough, the most commonly known uses of Neo began with things like Neo-Nazi and Neoconservatism (which was intended to be a criticism.)
I think using the word Neo for anything is annoying.
Just say NEW.
Re: (Score:3, Insightful)
Re:I really hate the term 'pwn' (Score:4, Informative)
Neologism, not neoterm. The word you were looking for already conveniently exists.
Parent
Re: (Score:2, Funny)
PWNED!!!
Re: (Score:2)
On a sad side note, 'ginormous' doesn't even trip my spell-check.
Re: (Score:2)
Coincidentally, so does "whoosh".
Re: (Score:3, Informative)
Well yes, but they weren't use in common English. Not really..
Re: (Score:2)
Just say NEW.
What, as in "newspeak"? I think not. Orwell put the kibosh on that quite firmly.
As for complaining about the use of the Greek "neo" as a prefix, that horse left the barn at least two hundred years ago. See "neologism", coined in 1803. [merriam-webster.com]
Re: (Score:3, Interesting)
The word "conservatism" is being used to mean "the principles and practices of political conservatives" in that context. A new variant of principles and practices by political conservatives is quite obviously a legitimate condition and neoconservatism describes it without confusion. "Newstickwiththeold" certainly doesn't make sense, both as a word and as a conceptual breakdown of the term neoconservative.
0 to NSA blacklist in 6.3 seconds (Score:2, Interesting)
Now, you might disagree with me, but I think this officially means that the NSA and other government agencies (I'm looking at you Alaska) need to work extra hard to ensure their networks are locked down good.
Point and click becomes point and own? Maybe not that easy, but All your AP are belong to us is going to happen soon enough. One thing that Linux and F/OSS definitely does do; puts real software and OS in the hands of those that the NSA would rather not need to worry about.
I see a rather large police st
Re:0 to NSA blacklist in 6.3 seconds (Score:5, Insightful)
Actually, the IT infrastructure in the State of Alaska is reasonably good. What you are asking for is that Alaska politicians understand the difference between .ak.gov and yahoo.com. Not only that, you're asking for Alaska politicians to not circumvent that difference whenever they feel it's convenient.
Fat Chance. Remember, this is the state that created the Tubes [wikipedia.org]. And that thinks boiled Moose noses [nytimes.com] are delicacies.
Parent
Place your bets (Score:5, Insightful)
Will the reaction to such devices be to strengthen the security of our cellular networks, or to simply outlaw such devices?
Hmmmm, ponder, ponder, ponder.
My money is on the latter.
It depends who you give it to (Score:3, Interesting)
And that really sucks (Score:2)
This will be the single biggest justification that Apple and other locked down mobile device vendors will use against projects like OpenMoko. I mean, do they really have to distribute metasploit with it?
I understand the thrill of walking around with conveniant access to script kiddie^W^Wpenetration testing tools wherever you go and are, really, I do. Business treats you bad? Take over^W^Wpwn their network. Girlfriend breaks up with you? Upload a picture of your penis as her background. Okay, so let me b
The ultimate geek toy (Score:5, Funny)
The anti-iPhone: the Linux telephone that operates entirely from the command line! The Ultimate One-Dimensional Desktop! [today.com] What can't you do with a bash prompt?
(The v2 version will, of course, run Emacs and be programmed entirely in eLisp written on the fly.)
Re: (Score:2)
Do you really need to link to your own Fake News blog in every post you make...? Your homepage already links to it, and your .sig already links to it. Seems a little excessive.
Today, Emacs is quite lean (Score:2)
They forgot.. (Score:2)
the source code..
Can't see a link for it. Unless they are waiting until they start shipping to put it up..
or maybe its for customers only.
Someone deface their website (Score:2)
It would be funny...if it was 1991.
No monitor mode (Score:3, Interesting)
or packet injection with the built-in wifi module:
"Note that the current firmware limitations of the internal wireless does not allow for monitor mode nor packet injection. An external USB WLAN is required for this type of operation."
I like how an external adapter can be an option, but as of now it's a requirement. This sort of ruins the image of this being "a powerful discreet network auditing tool for the penetration tester", atleast for me.
(They do mention that it's the current firmware limiting this, but there's nothing about if and when they'll "fix" this)
Seriously, though... (Score:3, Interesting)
This looks like the quickest way to get open source phones banned off every network that you can imagine. So it looks like a big fat juicy own goal, to me.
umm what (Score:3, Insightful)
Neopwn ... Pentesting ... BackTrack ... pwn ... Openmoko Neo Freerunner ... Metasploit ... Aircrack
Can anyone point me in the direction of an article-to-English dictionary?
Re: (Score:2)
neopwn - the name of the project
pentesting - penetration testing is running scans to find security holes in a network
backtrack - backtrack is a linux distro that comes with all the tools to do so
pwn - slang corruption of "own" - another way of saying taking over a machine
openmoko - is a version of linux for running on mobile phones such as...
neo freerunner - is the name for the physical phone
metasploit - is a software tool for scanning/running exploits
aircrack - is a software tool for cracking wep keys and
Re: (Score:2)
Don't do it! They'll pwn you!
Re: (Score:2)
Jamie Zawinski.
Re: (Score:2)
lol.
My time is very valuable, but a large part of that is directly because of all the time I have invested in Linux.
Linux software development and administration is big business. Linux is not only free, it actually pays you!
Re: (Score:2)
Re: (Score:2)
Since the Linux kernel is licensed under the GPL and they seem to provide a binary-only kernel for their customers (no source code that i saw) it seems we have here yet another clear cut GPL violation case.
Since they haven't distributed anything yet, that is libel. Not to mention they don't have to distribute source to everybody, just with the devices. And you don't know what's on the backup DVD.
Re:GPL Violations (Score:4, Informative)
on their site the cheapest option is $80... with a SD card and dvd thrown in but again no source code download available...
It didn't occur to you that the source code of the GPl'ed components could be on the DVD or SD card?
What on earth makes you think that they have to provide downloads of their software?
Parent
Re: (Score:2)
Let's check I'm not misunderstanding you. They supply the software on DVD and SD card to people who purchse it. There's no need for downloads, you say.
What of the 'any third party' requirements of the GPL: that source code improvements on any GPL-licensed work must be conveyed to any third party who requests it? So they might send out DVD's, but I'd assume that it's cheaper to pay bandwidth on an online repository than to make up DVD images every time their repositories update.
Re: (Score:2)
I've just checked and you're right. Is that not a loophole in the spirit of the GPL: sell GPL'd software as the only place to get your particular improvements?
(But once it's escaped your clutches it's Free Software -- whether by US-style first-sale or EU-style exhaustion of rights -- and you can't stop someone to whom it has been conveyed from making it available for download. That's what CEntOS do for RHEL.)