WiFi Pineapple

So I’m at the DevSum conference in Stockholm and yesterday afternoon was busily preparing for my talk, Hack Yourself First. It’s a talk I’ve done many times before and it always rocks not just based on the attendee feedback, but because frankly I just have a lot of fun doing it (you can watch a recording from Yow! in December if you’re interested). I always prepare meticulously and no matter how many times I do a talk, I run through the whole thing from end to end multiple times in the day leading up to the talk. This is what I tried to do yesterday, until this: So my wifi pineapple has...

I just had an absolutely tremendous trip over to Salt Lake City for the annual Pluralsight authors’ summit where 100 or so of us got together with the Pluralsight folks and talked about many wonderful things. Included in that time was a number of “lightening talks” or in other words, presos limited to 5 minutes during which you make as much impact as you possibly can. Clearly this called for me to break out the trusty wifi Pineapple. For the uninitiated, take a browse through the WiFi Pineapple tag on this blog and you’ll get a sense of what it’s all about, but in short, this little guy is the best damn way...

So I’ve just wrapped up another Web Directions presentation where the Pineapple has featured. The what now?! You know, the WiFi Pineapple, that little guy with the ability to do all sorts of nasty things to wireless traffic. Now I’ve Pineappled before, but I’ve never Pineappled quite like this and that’s all down to the Mark V which performed significantly better than the old IV when it comes to the act of Pineappling people. You can read the background on the device in the links above if it’s unfamiliar to you, let me give you an example of what I see in the Pineapple UI. Keeping in mind that the...

For many of you, Scott Hanselman will need no introduction and is a very familiar face, voice and writer. Among the many good things that Scott does to support the web development community (and that’s not just the Microsoft folks either), he’s also the man behind the Hanselminutes podcast which I was very happy to join him on recently. In fact this remains one of the very few podcasts where I actually listen to every episode – regardless of the direct relevance to me – simply because it’s delivered in such a professional manner and I know I’m going to learn something each time. The podcast has gone out under the title...

I’m pushing the “Publish” button on this just before I go on stage at Web Directions Code because all things going well, what I’m going to talk about in this post will form part of my demo about securing web services. I’m making some (admittedly very simple) code available and providing some resources that will hopefully help everything I talk about with regards to unprotected wireless traffic make sense. I’d like to begin by introducing you to Pineapple Surprise! Wait – what?! Where’s my Stack Overflow?! I mean I’m seeing stackoverflow.com in the address bar, what’s going on here?! It gets worse: That...

You know how security people get all uppity about SSL this and SSL that? Stuff like posting creds over HTTPS isn’t enough, you have to load login forms over HTTPS as well and then you can’t send auth cookies over HTTP because they’ll get sniffed and sessions hijacked and so on and so forth. This is all pretty much security people rhetoric designed to instil fear but without a whole lot of practical basis, right? That’s an easy assumption to make because it’s hard to observe the risk of insufficient transport layer protection being exploited, at least compared to something like XSS or SQL injection. But it turns out that...