Internet security: beware the pineapple “yes man”

September 23, 2013 by Sam Turner in: Web Hosting Articles

Anyone looking for a good reason to bolster their transport layer protection (encrypting data transported over the internet) should look no further than the WiFi Pineapple device, a wireless device which lets you test (or perform!) man-in-the-middle attacks. The device is described on Pineapple’s website as:

“A favorite amongst hackers, penetration testers and security enthusiasts. With a talented community of developers this open-source wireless auditing tool brings ease-of-use to man-in-the-middle.”

pineapple yes man
The pineapple can intercept data sent over a wireless internet connection when an HTTPS form is not fully protected by an SSL certificate and secure coding best practices – a man-in-the-middle attack.

Man-in-the-middle: “A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.” – Techtarget

The Pineapple device sits between a victim’s PC or Smartphone and a web-based resource they are accessing. The Pineapple then manages to inspect data transferred between the two.

The pineapple achieves this in one of two ways:

  1. A random wireless access is set up in a public place offering free WiFi. The victim connects to the network and then to the internet, where insufficiently encrypted data is sent and intercepted.
  2. The Pineapple uses its Jasager (German for “The Yes Man”) feature which responds to your device’s search for a recognized network:

What can I do?

The key to defending against Man-in-the-middle attacks is to follow best practice with regards to transport layer protection and the use of SSL certificates. If you are looking to sure up your transport layer protection, here’s a cheat sheet to get you started.

Comments Off  | 

iWeb Hosting Blog Exclusive Offer

Free 30-day trial period + 15% off selected dedicated
servers in our flagship Montreal data center:
Xeon E3v1 • Core i5-2500 • Xeon E5506 • Xeon E5620 • Xeon E5-2609v1

Browse Servers › Code: 1STMO4BL

Terms & Conditions

  • Applies to hardware iWeb's Montreal data centers only (not software licenses or other services)
  • Excludes Intel E3v3, Intel E5v2, Intel Core i3 Core2 Quad or clearance servers
  • Promotion applicable to new servers only - cannot be used to replace an existing iWeb server
  • Please note that the discount will not appear in the order process but it will be applied after 72 hours
  • Cannot be combined with other special offers, promotions or discounts
  • Promotion valid until 23:59 January 31, 2015


No comments yet.

System Status