Neopwn, the World's First Pentesting Mobile Phone 103
thefanboy writes "What do you get when you cross BackTrack Linux apps with a mobile phone? This is the first ever publicly available mobile phone running a full custom Linux network auditing distribution, and it runs it surprisingly well. One can literally go from phone to pwn in 2 seconds. Based off of the Openmoko Neo Freerunner, many steps have been taken to compensate for the lack of a QWERTY keyboard with automation scripts, dialogs, and a point-and-pwn menu. It runs applications such as Metasploit and the Aircrack suite quite well, especially given the fact that it supports a wide array of USB WLAN cards."
I really hate the term 'pwn' (Score:5, Insightful)
Re: (Score:1)
Re:I really hate the term 'pwn' (Score:5, Funny)
"'pwn' drives me nuts. In my eyes the use of it seriously undermines any project and gives the impression that it is presided over by annoying 13 years olds which, in turn, pretty much makes me dismiss it."
Even if it is accompanied by trendy, fresh terms like "Neo" ???
Re: (Score:2)
Even if it is accompanied by trendy, fresh terms like "Neo" ???
I don't know about fresh, but the term is definitely new
.
Re: (Score:2)
Interestingly enough, the most commonly known uses of Neo began with things like Neo-Nazi and Neoconservatism (which was intended to be a criticism.)
I think using the word Neo for anything is annoying.
Just say NEW.
Re: (Score:3, Insightful)
Re:I really hate the term 'pwn' (Score:4, Informative)
Neologism, not neoterm. The word you were looking for already conveniently exists.
Re: (Score:2, Funny)
PWNED!!!
Re: (Score:2)
On a sad side note, 'ginormous' doesn't even trip my spell-check.
Re: (Score:2)
Coincidentally, so does "whoosh".
Re: (Score:3, Informative)
Well yes, but they weren't use in common English. Not really..
Re: (Score:1)
and if you disagree check out the history of the term: http://en.wikipedia.org/wiki/Neoconservatism#Left-wing_past_of_neoconservatives [wikipedia.org]
Re: (Score:3, Interesting)
The word "conservatism" is being used to mean "the principles and practices of political conservatives" in that context. A new variant of principles and practices by political conservatives is quite obviously a legitimate condition and neoconservatism describes it without confusion. "Newstickwiththeold" certainly doesn't make sense, both as a word and as a conceptual breakdown of the term neoconservative.
Re: (Score:2)
Just say NEW.
What, as in "newspeak"? I think not. Orwell put the kibosh on that quite firmly.
As for complaining about the use of the Greek "neo" as a prefix, that horse left the barn at least two hundred years ago. See "neologism", coined in 1803. [merriam-webster.com]
Re: (Score:3, Insightful)
Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies.
Re: (Score:1)
Re: (Score:3, Funny)
Yeah, the OP really got pwned.
Re:I really hate the term 'pwn' (Score:5, Insightful)
"Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies."
Then you'd be stupid.
Sure, a young kid can write some novel little things, but serious software? No. It does in fact take teams of people do to that - in the OSS world or corporate world (or as often is the case, a mix of the two.)
Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.
It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.
Re: (Score:2, Funny)
Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.
Ummm, no. You forgot the pr0n. Lots & lots of pr0n.
It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.
Probably because you got pwned.
Re:I really hate the term 'pwn' (Score:4, Insightful)
No it doesn't. Any piece of software actually large enough to need a team (which is a far far smaller number than the number which are generally written by team) should be separated into smaller components. A single good coder beats a team - of any size - every time; I've lost count of the number of times I've seen a kid write a superior replacement for something that took a major corp. six months in one 36-hour shot.
Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.
95% of everything is shit. Yes, a lot of 13 year olds are doing shit, but they aren't the ones who are writing and releasing code.
It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.
You'd be surprised how many of those "kiddies" are actually in their 20s or worse.
Re: (Score:1)
No; well, there are 13-year-olds in my family, but that's neither here nor there.
scratch that, eh you're a bad shill for child labor.
Au contraire; I think the main reason they code so well is it's done out of love rather than for material gain - and there are no deadlines or project management in their way.
Re: (Score:2)
Don't let them ruin your game. Ruin their's first. It's so much more fun!
Re: (Score:2, Insightful)
Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies.
I don't trust a 13 year old kid to wash my car, let alone do something like write software for me. Wait until they've gone to school and got a bit of experience doing actual work, and then we'll talk.
Re: (Score:2)
Uhhh, I don't know how everyone else was when they were 13, but when I was 13 I was watching cartoons and letting people think I was good at computers because I understood most of the settings on the computer. I didn't touch code until very late high school. If I did when I was 13 I think it would have been unmaintainable garbage.
I also frequently used the term "pwn" in my shitty online videogames.
Well actually, as a testament to my nerdiness, I thought it meant "pawn" first. As in, someone's so awesome t
Re: (Score:3, Insightful)
I wrote a (shitty) text adventure on the C64 when I was 8 or 9. By I was 13 I was probably hacking away in MOO code and Turbo Pascal. But yeah, I agree, the original post about trusting a 13-year-old's code is a bit ridiculous.
Re: (Score:2)
Unfortunately, being a sophmore in college, my first "real" computer was with Windows 95. We had one before then that was text only, but I used it so little I have no idea what it was.
Thank god for Tech TV telling me about Linux. If I hadn't had a system with which I could play around so much I wouldn't be a CS major now.
Re: (Score:2)
Oops, thanks for pointing out the homonym.
Re:I really hate the term 'pwn' (Score:5, Funny)
:P
Re: (Score:2)
Oh man, I guess two day's not my day.
Wait... Shit!
Re: (Score:2)
That's not nerdiness, that's called "stupidity".
He already said he was 13.
Re: (Score:1)
Nah. I was way better at coding when I was 15 than when I was 13 ;)
Re: (Score:2)
I think the problem here is the definition of "good". While it might be inventive or very efficient, it will probably not be very readable or maintainable. Thirteen year old programmers aren't thinking about commenting, portability, planning for future changes, etc. Experience counts for an awful lot because you know how to avoid the pitfalls that will surprise the novice programmer. Version 1.0 will look great. But creating 2.0 could be a nightmare, and only the original coder will have a chance of pu
Re: (Score:3, Funny)
Re: (Score:1)
You're old.
What in the world am I going to do (Score:1)
with a protesting mobile phone?
0 to NSA blacklist in 6.3 seconds (Score:2, Interesting)
Now, you might disagree with me, but I think this officially means that the NSA and other government agencies (I'm looking at you Alaska) need to work extra hard to ensure their networks are locked down good.
Point and click becomes point and own? Maybe not that easy, but All your AP are belong to us is going to happen soon enough. One thing that Linux and F/OSS definitely does do; puts real software and OS in the hands of those that the NSA would rather not need to worry about.
I see a rather large police st
Re:0 to NSA blacklist in 6.3 seconds (Score:5, Insightful)
Actually, the IT infrastructure in the State of Alaska is reasonably good. What you are asking for is that Alaska politicians understand the difference between .ak.gov and yahoo.com. Not only that, you're asking for Alaska politicians to not circumvent that difference whenever they feel it's convenient.
Fat Chance. Remember, this is the state that created the Tubes [wikipedia.org]. And that thinks boiled Moose noses [nytimes.com] are delicacies.
Re: (Score:2)
Don't do it! They'll pwn you!
Re: (Score:1, Informative)
Contrary to popular belief, they don't need to provide the source code to the public if they wish to abide to the GPL, they only need to provide it to those they have provided with the software (or the phone, in this case).
Words!!? (Score:1)
Place your bets (Score:5, Insightful)
Will the reaction to such devices be to strengthen the security of our cellular networks, or to simply outlaw such devices?
Hmmmm, ponder, ponder, ponder.
My money is on the latter.
It depends who you give it to (Score:3, Interesting)
And that really sucks (Score:2)
This will be the single biggest justification that Apple and other locked down mobile device vendors will use against projects like OpenMoko. I mean, do they really have to distribute metasploit with it?
I understand the thrill of walking around with conveniant access to script kiddie^W^Wpenetration testing tools wherever you go and are, really, I do. Business treats you bad? Take over^W^Wpwn their network. Girlfriend breaks up with you? Upload a picture of your penis as her background. Okay, so let me b
Re: (Score:2)
Jamie Zawinski.
Re: (Score:2)
lol.
My time is very valuable, but a large part of that is directly because of all the time I have invested in Linux.
Linux software development and administration is big business. Linux is not only free, it actually pays you!
The ultimate geek toy (Score:5, Funny)
The anti-iPhone: the Linux telephone that operates entirely from the command line! The Ultimate One-Dimensional Desktop! [today.com] What can't you do with a bash prompt?
(The v2 version will, of course, run Emacs and be programmed entirely in eLisp written on the fly.)
Re: (Score:2)
Do you really need to link to your own Fake News blog in every post you make...? Your homepage already links to it, and your .sig already links to it. Seems a little excessive.
Re: (Score:1)
Re: (Score:1)
The v2 version will, of course, run Emacs
So it has the 32gb flash memory then? Badass.
Today, Emacs is quite lean (Score:2)
Re: (Score:1)
You know how much memory emacs uses today? Eight megs. Now find an app that does everything that emacs can in less than tens times that much memory.
I think you mean the text manual for emacs takes up eight megs.
Re: (Score:1)
The anti-iPhone: the Linux telephone that operates entirely from the command line! The Ultimate One-Dimensional Desktop! [today.com] What can't you do with a bash prompt?
(The v2 version will, of course, run Emacs and be programmed entirely in eLisp written on the fly.)
looks cool but waaaaaaay too expensive. I'll stick to my first gen iphone, a wifi signal, and metasploit and i'm just as happy.
503 Service Unavailable. (Score:1)
"The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."
Evidently they can't save their own site from being pwned.
Re: (Score:2)
They forgot.. (Score:2)
the source code..
Can't see a link for it. Unless they are waiting until they start shipping to put it up..
or maybe its for customers only.
Slashdotted! (Score:1)
GPL Violations (Score:1, Troll)
in between a ton of 503 http replies (slashdotting in progress) i have managed to browse all those pages (F5 FTW!) and i have NOT seen a link to download the software itself or even the source code and not even a promise of future availability.
Since the Linux kernel is licensed under the GPL and they seem to provide a binary-only kernel for their customers (no source code that i saw) it seems we have here yet another clear cut GPL violation case.
On their page at http://www.neopwn.com/software.php [neopwn.com] i know tha
Re: (Score:2)
Since the Linux kernel is licensed under the GPL and they seem to provide a binary-only kernel for their customers (no source code that i saw) it seems we have here yet another clear cut GPL violation case.
Since they haven't distributed anything yet, that is libel. Not to mention they don't have to distribute source to everybody, just with the devices. And you don't know what's on the backup DVD.
Re:GPL Violations (Score:4, Informative)
on their site the cheapest option is $80... with a SD card and dvd thrown in but again no source code download available...
It didn't occur to you that the source code of the GPl'ed components could be on the DVD or SD card?
What on earth makes you think that they have to provide downloads of their software?
Re: (Score:2)
Let's check I'm not misunderstanding you. They supply the software on DVD and SD card to people who purchse it. There's no need for downloads, you say.
What of the 'any third party' requirements of the GPL: that source code improvements on any GPL-licensed work must be conveyed to any third party who requests it? So they might send out DVD's, but I'd assume that it's cheaper to pay bandwidth on an online repository than to make up DVD images every time their repositories update.
Re: (Score:1)
Re: (Score:2)
I've just checked and you're right. Is that not a loophole in the spirit of the GPL: sell GPL'd software as the only place to get your particular improvements?
(But once it's escaped your clutches it's Free Software -- whether by US-style first-sale or EU-style exhaustion of rights -- and you can't stop someone to whom it has been conveyed from making it available for download. That's what CEntOS do for RHEL.)
Re: (Score:2)
And as you said
what (Score:1)
all that effort put into getting a story onto slashdot, and it doesnt even tell you what it actually does.
Re: (Score:1)
and it doesnt even tell you what it actually does.
Yes it does: "We have gone great lengths in making the NeoPwn user friendly when it comes to performing many of the necessary tasks in automating system controls and penetration tests." That means it does systems control and penetration testing. And of course it's a phone as well.
Debian! Gnome! It's got freakin' IceWeasel! (Score:1)
You think its news when Dell pre-loads Ubuntu on a laptop? In certain circles, this is *much* bigger news. It makes auditing one's own network a much more routine task, because this is a handy little wifi tool! Even *with* a live CD or USB stick,
Might come in handy (Score:1, Funny)
I'll try it out the next time I go "penetration testing" in "places where being promiscuous and undetected is essential."
My openmoko already runs debian. (Score:1)
Debian runs very well on my openmoko and its not that hard to use the commandline with rastermans keyboard. The screen has excellent resolution so reading the terminal works really well.
This device makes things dandy for people who want an easy way to test their network. Scriptkiddies will love them to but thats just fine. The script kids are the ones who forces better security trough. The alternative is to be hacked all day by corps and govts and never nowing about it.
Someone deface their website (Score:2)
It would be funny...if it was 1991.
No monitor mode (Score:3, Interesting)
or packet injection with the built-in wifi module:
"Note that the current firmware limitations of the internal wireless does not allow for monitor mode nor packet injection. An external USB WLAN is required for this type of operation."
I like how an external adapter can be an option, but as of now it's a requirement. This sort of ruins the image of this being "a powerful discreet network auditing tool for the penetration tester", atleast for me.
(They do mention that it's the current firmware limiting this, but there's nothing about if and when they'll "fix" this)
Seriously, though... (Score:3, Interesting)
This looks like the quickest way to get open source phones banned off every network that you can imagine. So it looks like a big fat juicy own goal, to me.
umm what (Score:3, Insightful)
Neopwn ... Pentesting ... BackTrack ... pwn ... Openmoko Neo Freerunner ... Metasploit ... Aircrack
Can anyone point me in the direction of an article-to-English dictionary?
Re: (Score:2)
neopwn - the name of the project
pentesting - penetration testing is running scans to find security holes in a network
backtrack - backtrack is a linux distro that comes with all the tools to do so
pwn - slang corruption of "own" - another way of saying taking over a machine
openmoko - is a version of linux for running on mobile phones such as...
neo freerunner - is the name for the physical phone
metasploit - is a software tool for scanning/running exploits
aircrack - is a software tool for cracking wep keys and
not even close to the first (Score:1)