Munroe Regional Medical Center Selects Pwnie Express for Security Assessments and Penetration Testing

Pwn Pad Tablets Provide Unprecedented Mobility and Ease of Use

Boston, MA June 30, 2014 – Pwnie Express today announced that the Munroe Regional Medical Center has selected its Pwn Pad penetration testing and security assessment tablet as the key tool to help ensure the security of their hospital data and safeguard their patients.

For the Ocala, Florida Munroe Regional Medical Center the privacy of its patients and staff and the safety and health of its patients are of utmost importance. To ensure it meets its goals it relies on Pwnie Express to stay ahead of the continued and increasingly sophisticated cyber security threats.

Pwnie Express provides cost effective, rapid deployment products compromised of innovative sensors available in a variety of form factors, including the Pwn Pad, which deliver in real-time previously unattainable intelligence that makes it easy to evaluate risk wired and wireless networks anywhere, on demand.

“The confidentiality of our data and the safety of our patients is critical to us,” said Robert Branch Munroe Regional Medical Center Director of Information Technology. “As attackers continue to target personally identifiable information as well as target medical devices themselves it is paramount that we see all the things hitting our network. The Pwn Pad allows us to do just that as we walk through the medical center.

Branch added: “The amount of unwanted activity hitting our network is astounding and Pwnie allowed us, and continues to allow us, to plug security holes and stop attacks before they happen. The devices provided us an immediate return on our investment.”
Munroe Regional Medical Center depends on the Pwn Pad, a fast, light easy to use tablet, which is the ideal choice for IT security professionals who are conducting a company walk though.

“Pwnie Express’s Pwn Pads allow Munroe Regional Medical Center to assess and test their network security by seeing what is hitting their network and proactively replicating attacks in the same ways that an attacker would,” said Pwnie Express Vice President of Marketing Peter Velikin. “Pwnie Express shows how a data breach could occur and which information assets are exposed. This enables them to close potential security holes and stop breaches.”

Pwnie Express Appoints Edwin Marin as Vice President of Product Management and Engineering

Marin Brings Over 20 Years of Proven Enterprise SaaS, Security and Networking Experience to Company
June 24, 2014

Pwnie Express, the only company to assess wired and wireless network security in remote locations on demand, today announced Edwin Marin would join as Vice president of Product Management and Engineering. Marin brings a successful track record of building mission critical enterprise applications in the areas of cloud, security and networking.

A seasoned executive, Marin will be responsible for driving the development of Pwnie Express’s Enterprise offerings that utilize Pwnie Express’s popular devices and sensors to provide unparalleled insight into potential data breaches.

With more than 20 years of solid leadership and management experience, Marin has helped establish and manage successful engineering operations in the SaaS, security and networking areas.

Prior to joining Pwnie Express, Marin served as director of engineering at BMC Software, a developer of software for IT management solutions including automation, cloud, mainframe and mobile monitoring. At BMC Software, Marin was most recently a key engineering leader for their Cloud Lifecycle Management suite.

Before BMC Software, Marin was senior vice president of product development at trusted SaaS platform provider IntraLinks. During his tenure at IntraLinks, Marin also held roles in professional services, and product and program management. Marin also held senior positions at Eggrock Partners, acquired by Breakaway Solutions, and the MIT Lincoln Laboratory.

“Edwin’s proven expertise in building world-class enterprise solutions will be invaluable to Pwnie Express and we are delighted that he has joined the company,” said Paul Paget, CEO of Pwnie Express. “Edwin will play an integral role in delivering Pwnie Express’s security assessment and penetration testing solutions to organizations, providing them unprecedented insight and actionable information to protect against the ever evolving network security threats.”

Pwnie Express’s network security assessment products are rapidly deployable and provide enterprises access to, and intelligence in hard to reach locations, which are providing today’s high-risk attack paths. At their core are open source tools integrated on a smart platform available in a variety of form factors, which deliver unprecedented actionable insight.

“Cyber criminals are becoming increasingly sophisticated and organizations, especially those with distributed locations, need to keep pace. Despite traditional enterprise security measures being in place hackers continue to penetrate organizations,” said Edwin Marin, VP of Product Management and Engineering at Pwnie Express. “Stealthy malware and skillful hackers require countermeasures of equal force and Pwnie Express’s security assessment and penetration testing solutions are spearheading this charge. I look forward to building upon Pwnie Express’s success and vision to protect organizations from this threat.”

About Pwnie Express
Pwnie Express is the leading provider of innovative sensors that assess network security risks in remote and hard to reach locations. Thousands of enterprises and government organizations worldwide rely on Pwnie Express’s products to conduct drop-box penetration testing and provide unprecedented insight into their distributed network infrastructure. Pwnie Express’s smart devices all organizations to see all the things while leveraging open source tools and platforms. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. The company is headquartered in Boston, Massachusetts.

[Press Release]

NPR Blog Series Part 2: A Week in the Life

Note: Per our agreement with NPR, Pwnie Express is not disclosing any data collected during the research experiment with Steve Henn, but focusing it’s comments on providing education on the techniques used.

In my last post I described how I configured a Pwn Plug R2 to stream Steve Henn’s laptop and iPhone traffic from his home office to my analysis server in Vermont. Steve was acting as a proxy for the average Internet user, whose traffic could be monitored by any malicious intermediary. With our Pwn Plug now acting as a “web surveillance” drop box, we then proceeded with our first order of business: A week in the life of Steve Henn.

Note our approach here was not to emulate advanced NSA surveillance techniques, such as exploitation of SSL protocol weaknesses, malware delivery, or other “active attacks”. Instead, we focused on what the NSA, your ISP, the dude with a Pwn Phone at your local coffee shop, or any number of other intermediaries can discern about an individual by passively monitoring the enormous amount of Internet traffic that’s still transmitted in clear-text (unencrypted) today.

With just a week’s worth of web traffic I was able to assemble a rather thorough personal profile of Mr. Henn. Between Steve’s day-to-day laptop/iPhone web traffic and some additional testing in Pwnie’s lab environment, we were able to capture:

  • Passwords
  • Phone numbers
  • Email addresses
  • Physical location
  • VoIP/SIP phone calls
  • Cell carrier parameters
  • Audio recording from an FTP file transfer
  • Search keywords
  • Personal interests & shopping habits
  • Session keys & cookies
  • Universally-unique session IDs
  • Make, model, & BIOS/firmware versions of laptops, mobile devices, & printers
  • Installed OS/application versions & patch levels (including AV software)
  • Running Windows processes, exe/dll versions, & connected USB devices
  • MAC addresses, internal IPs, & other unique device identifiers
  • Log of all visited domains, websites, & countries
  • Images, photos, software downloads, SSL certificates

In this post I’ll describe the techniques I used to extract this information from raw web traffic. This analysis was completed on a Pwn Plug R2 (via SSH) with the following open-source tools installed: tcpflow ngrep tshark ssldump p0f pads trafshow tcpxtract pcregrep tcpslice dsniff xplico argus libplist-utils

The below examples reference a “CAPFILE” variable, which can be set to your target tcpdump capture file as follows:

$ CAPFILE=”June-3.cap”

Extracting clear-text passwords:

$ ngrep -I “$CAPFILE” -W byline -q -t | egrep -i “password=|pass=|secret=|^PASS |^USER ”
$ dsniff -p “$CAPFILE”

Extracting phone numbers:

$ tcpflow -r “$CAPFILE” -c -s port 80 | pcregrep -o “[^a-zA-Z0-9](\d{3}).(\d{3}).(\d{4})[^a-zA-Z0-9]” | pcregrep -o “(\d{3})-(\d{3})-(\d{4})|(\d{3})\.(\d{3})\.(\d{4})”

Extracting email addresses:

$ tcpflow -r “$CAPFILE” -c -s | grep -v “\.\.” | pcregrep -o ‘\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6}’

Extracting clear-text credit card numbers:

$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)([0-6]\d\d|7[0-256]\d|73[0-3]|77[0-2]) \d{2} \d{4}(\s|$)’
$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)(6011|5[1-5]\d{2}|4\d{3}|3\d{3})-\d{4}-\d{4}-\d{4}(\s|$)’
$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)(6011|5[1-5]\d{2}|4\d{3}|3\d{3})\d{12}(\s|$)’

Extracting clear-text social security numbers:

$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)([0-6]\d\d|7[0-256]\d|73[0-3]|77[0-2]) \d{2} \d{4}(\s|$)’
$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)(6011|5[1-5]\d{2}|4\d{3}|3\d{3})-\d{4}-\d{4}-\d{4}(\s|$)’

Extracting physical location (GPS latitude & longitude) from iPhone Weather app traffic:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 |egrep “%2Clatitude%2Clongitude%2C”

Extracting VOIP/SIP call data:

$ ngrep -I “$CAPFILE” -W byline -q -t | grep -v “\.\.” |grep SIP

Decoding Apple device plist files to obtain cell carrier parameters:

First, use xplico to carve the plist XML files out of the packet capture:

$ xplico -l -m pcap -f “$CAPFILE”

Then, use plutil to decode the plist XML files into readable strings:

$ plutil -i “xdecode/bag” |strings > iphone_plist_bag.txt
$ plutil -i “xdecode/bag(1)” |strings > iphone_plist_bag1.txt
$ plutil -i “xdecode/getBag%3fix\=1” |strings > iphone_plist_getBag.txt
$ plutil -i “xdecode/version(1)” |strings > iphone-plist-cell-carriers.txt

Carving out & listing audio/video files, images, photos, executable files, SSL certificates, etc:

$ xplico -l -m pcap -f “$CAPFILE”
$ find xdecode/

Extracting keyword strings from HTTP Referer values:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 | egrep “^GET |^POST |^Referer: ” | egrep -o “[a-z-]*” | egrep “[a-z-]*-[a-z-]*-” | egrep -v “(^-|-$)”

Displaying Microsoft Bing Search keywords:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “bing.com.search.q=”

Displaying Amazon product searches:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “amazon.com/gp/aw/s/ref=is_box_.k=”

Extracting cookies, session IDs, keys, tokens, etc:

$ tcpflow -r “$CAPFILE” -c -s port 80 | grep -v “\.\.” | egrep “^Set-Cookie|oauth|UUID|session.id|session.token|Authorization:”

Extracting make, model, & BIOS/firmware versions of PCs & mobile devices from Microsoft Windows error reporting, Apple iDevice browser, & Android YP app traffic:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 |egrep “^T |^GET |^Host: ” |egrep -B2 “watson.microsoft.com.$”
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “X-Device-Info: ”
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “macAddress=|device_name=|device_type=|os_version=|dev=”

Displaying client OS/applications & versions:

$ ngrep -I “$CAPFILE” -W byline -q -t port 80 | egrep “^User-Agent: “

Extracting running processes, exe/dll versions, & connected USB devices from Microsoft Windows error reporting traffic:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 |egrep “^T |^GET |^Host: ” |egrep -B2 “watson.microsoft.com.$”

Top 10 domains:
$ tcpdump -nn -r “$CAPFILE” port 53 | egrep ” A\? ” | awk ‘{print$8}’ | egrep -io “[a-z0-9]*\.[a-z]*\.$” | sort | uniq -ic | sort -nr | head |awk ‘{print$1,$2}’

Top 10 websites (based on number of HTTP requests):
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 | grep “^Host:” | sort |uniq -ic |sort -nr |head |awk ‘{print$1,$3}’

Top 10 referers:
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 | egrep “^Referer: ” |sort |uniq -ic | sort -nr |head |awk ‘{print$1,$3}’

Top TLDs/countries:
$ tcpdump -nn -r “$CAPFILE” port 53 | egrep ” A\? ” | awk ‘{print$8}’ | egrep -io “\.[a-z]*\.$” |sort |uniq -ic |sort -nr |awk ‘{print$1,$2}’

List any weak/vulnerable SSL sessions:
$ ssldump -n -r “$CAPFILE” | grep “cipherSuite” | egrep -i “RC4|MD5|EXP|NULL|_DES|ANON|64″ | sort | uniq -c | sort -nr | awk ‘{print$1,$2,$3}’

Pwnie Express on NPR – A 4 Part Series

Pwnie Express teamed up with NPR and ARS Technica for an in-depth analysis of the privacy gaps in the Internet today in support of a Morning Edition series about the state of Internet privacy a year after the Snowden/NSA revelations.

Approached by Ars Technica editor and long-time Pwnie fan Sean Gallagher and by Steve Henn of NPR, our founder and CTO Dave Porcello agreed to “spy” on Steve Henn for a month and see what private information he could actually glean.

Below, you can find links with more information about the experiment for the NPR series on Morning Edition. You’ll also find various resources to help you get better informed about privacy online.

Relevant Resources

Day 1:

 NPR’s Morning Edition Project Eavesdrop: An Experiment at Monitoring My Home Office

  • Link to the show
  • Details from NPR’s journalist
  • Details from Dave Porcello on NPR Blog Series: PART 1 – The Drop Box

Day 2:

NPR’s Morning Edition Project Eavesdrop: What Passive Surveillance Collects

  • Link to the show
  • Link to Ars Technica’s details on NPR & Internet Surveillance
  • Link to Ars Technica’s survey of SSL use at major cloud providers
  • Details from Dave Porcello on NPR Blog Series: PART 2 – A Week in the Life

Day 3:

NPR’s Morning Edition Project Eavesdrop: How Will Tech Companies Protect Your Data From Snooping?

 Day 4:

NPR’s Morning Edition Project Eavesdrop: Here’s One Big Way Your Mobile Phone Could Be Open to Hackers

  • Link to the show
  • Link to Ars Technica’s article Tapped In: How Your Phone Gives You Up to Companies and Criminals

Final Recap of NPR’s Morning Edition Episode 548: Project Eavesdrop

Creating a Way For Businesses to Deal With Privacy Problems, by Paul Paget, Pwnie Express CEO

Privacy resources

FAQ: Monitoring My Own Traffic

FAQ: Pwnie Express Products

Pwnie Express cares about helping organizations and individuals operate safely online and is interested and looking forward to your comments, suggestions, and links to additional resources.

If you are an organization interested in reducing your IT security vulnerabilities, please contact is via 1-855-793-1337 or at info@pwnieexpress.com and our team of security experts will be in touch with you.

Pwnie Express on NPR’s Morning Edition

Pwnie Express teamed up with NPR and ARS Technica for an in-depth analysis of the privacy gaps in the Internet today in support of a Morning Edition series about the state of Internet privacy a year after the Snowden/NSA revelations.

Approached by Ars Technica editor and long-time Pwnie fan Sean Gallagher and by Steve Henn of NPR, our founder and CTO Dave Porcello agreed to “spy” on Steve Henn for a month and see what private information he could actually glean.

Below, you can find links with more information about the experiment for the NPR series on Morning Edition. You’ll also find various resources to help you get better informed about privacy online.

Click here to listen to all four parts.

NPR Blog Series: Part 1 – The Drop Box

Note: Per our agreement with NPR, Pwnie Express is not disclosing any data collected during the research experiment with Steve Henn, but focusing it’s comments on providing education on the techniques used.As part of a collaboration between NPR, Ars Technica, and Pwnie Express, I spent the last few months on what can only be described as “way too much fun to be called work”. When Sean Gallagher (Ars Technica editor and long-time Pwnie fan) approached me asking if I’d be interested in legally “spying” on an NPR journalist, I gleefully accepted the challenge. The willing target would be NPR tech correspondent Steve Henn, in support of a Morning Edition series about the state of Internet privacy a year after the Snowden/NSA revelations.

Once the proper legal authorizations were in place, we decided the Pwn Plug R2 would serve as the ideal “drop box” to stream Steve’s laptop and iPhone traffic from his home office to my analysis server in Vermont. The Pwn Plug R2 was deployed as a secondary wireless AP on Steve’s home network as shown:

NPR-deployment

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

To turn the Pwn Plug R2 into a normal (“non-evil”) wireless AP, I first installed the hostapd package:

# aptitude update

# aptitude install hostapd

I then configured /etc/hostapd/hostapd.conf as shown:

               interface=wlan0

driver=nl80211

ssid=pwnie

hw_mode=g

channel=1

macaddr_acl=0

auth_algs=1

ignore_broadcast_ssid=0

wpa=3

wpa_passphrase=WouldntYouLikeToKnow

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP

rsn_pairwise=CCMP

To ensure the hostapd service started up automatically at boot time, I created the following init script:

### BEGIN INIT INFO

# Provides:                  pwnix_ap

# Required-Start:         $remote_fs $syslog

# Required-Stop:         $remote_fs $syslog

# Default-Start:            2 3 4 5

# Default-Stop:            0 1 6

# Short-Description: Pwnie Express normal (non-evil) AP service

### END INIT INFO

#!/bin/bash

# processname: pwnix_ap

 NAME=pwnix_ap

 DESC=”Pwnix AP Service”

 PIDFILE=/var/run/$NAME.pid

 SCRIPTNAME=/etc/init.d/$NAME

 AP_INTERFACE=wlan0

 INTERNET_INTERFACE=eth0

  case “$1″ in

      start)

            echo “[+] Starting $NAME…”

            echo “[+] Using AP interface: $AP_INTERFACE”

            echo “[+] Using Internet interface: $INTERNET_INTERFACE”

            # Clean slate

            ifconfig $AP_INTERFACE down

            killall hostapd  > /dev/null 2>&1

            killall dhcpd > /dev/null 2>&1

            iptables –flush

            iptables –table nat –flush

            iptables –delete-chain

            iptables –table nat –delete-chain

            sleep 1

             #################

             # Start AP        #

             #################

            # Configure AP interface

            ifconfig $AP_INTERFACE up 10.99.99.1 netmask 255.255.255.0

            sleep 5

            # Start dhcpd server on AP interface

            dhcpd -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid $AP_INTERFACE & > /dev/null 2>&1

            # Enable NAT

            iptables –table nat –append POSTROUTING –out-interface $INTERNET_INTERFACE -j

MASQUERADE

            iptables –append FORWARD –in-interface $AP_INTERFACE -j ACCEPT

            # Enable IP forwarding

            echo 1 > /proc/sys/net/ipv4/ip_forward

            # Start hostapd

            hostapd -B /etc/hostapd/hostapd.conf > /dev/null 2>&1

            # indicate to the user that passive recon is on

            touch $PIDFILE

            echo “[+] $NAME started.”

            exit 0

            ;;

  status)

            echo “[+] Checking $NAME…”

            if [ -f $PIDFILE ]; then

            echo “[+] $NAME is running.”

            exit 0

            else

            echo “[-] $NAME not running.”

            exit 1

            fi

            ;;

  stop)

            echo “[+] Stopping $NAME”

            ifconfig $AP_INTERFACE down

            killall hostapd  > /dev/null 2>&1

            killall dhcpd > /dev/null 2>&1

            iptables –flush

            iptables –table nat –flush

            iptables –delete-chain

            iptables –table nat –delete-chain

            echo 0 > /proc/sys/net/ipv4/ip_forward

rm $PIDFILE

            echo “[+] $NAME stopped.”

            exit 0

            ;;

  restart)

            $0 stop

            $0 start

            ;;

  *)

            echo “Usage: $0 {status|start|stop|restart}”

            exit 1

esac

 After saving this script to /etc/init.d/pwnix_ap, I made it executable and set it to autostart:

# chmod +x /etc/init.d/pwnix_ap

# update-rc.d pwnix_ap defaults

Persistent remote access to the Pwn Plug R2 was a cinch using the “Reverse Shells” feature. Once connected to the plug via SSH, I started a full-packet capture using tcpdump:

# tcpdump -vUnni wlan0 -w date "+%h.%d.%Y-%H%M".cap

I then used a variety of open-source analysis tools to parse and inspect the web traffic generated by the normal day-to-day use of our mobile device and PCs/laptops. Stay tuned for “Part 2: A Week in the Life” to see what I found!

Dave.

FAQ: Monitoring My Own Network

Individual Privacy

Q: Is there a list of privacy resources with information on to better protect myself?

Here is a link with a list of resources to help you better protect yourself from any network vulnerabilities: http://store.pwnieexpress.com/privacy-resources-and-links/

Q: Can I build my own privacy device?

Yes, you can. We offer a community edition of our mobile sensor software technology that you can build yourself. Click this link to learn more about how you can build your own Pwn Pad or Pwn Plug Elite: http://store.pwnieexpress.com/support/downloads/

Business-related

Q: How can I ensure that my organization is properly secured?

Click this link to find out more: http://store.pwnieexpress.com/creating-a-way-for-businesses-to-deal-with-privacy-concerns/

Q: Can you help us assess our networks and remote office vulnerabilities?

Yes, Pwnie Express Pwnie Express is spearheading smart, easy to use and quick to deploy vulnerability assessment and penetration testing products for both wired and wireless networks that come in a variety of form factors.

Q: Don’t see an answer to a question you have?

Fill out our web form on this page and ask us your question or connect with us via twitter @pwnieexpress

Privacy Resources and Links

Ten Steps You Can Take Right Now Against Internet Surveillance:

https://www.eff.org/deeplinks/2013/10/ten-steps-against-surveillance

Encrypt your hard drive, encrypt your communications, use strong passwords, enable 2-step verification, regularly update your software, and use Tor are among the 10 recommended steps you can take to gain back your anonymity (by the Electronic Frontier Foundation – a nonprofit organization that champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development).

Recommended privacy extensions for Firefox/Chrome:

Upgrade your web browser to improve your privacy by installing:

  • HTTPS Everywhere
  • DoNotTrackMe
  • Track Me Not
  • Ghostery
  • Better Privacy
  • User agent switcher
  • Ad Block Plus
  • Search Engine Security

Tor Browser: Gold standard for encrypted & anonymized web surfing on Windows, Mac, & Linux:

https://www.torproject.org/projects/torbrowser.html.en

Tor allows people and groups to improve their privacy and security on the Internet. Individuals, journalists,  NGOs, activist groups, and the US NAVY use Tor to keep websites from tracking them, to connect to news sites, instant messaging services. Using Tor protects you against a common form of Internet surveillance known as “traffic analysis” by distributing your transactions over several places on the Internet, so no single point can link you to your destination.

And for the really paranoid, use Tails:

https://tails.boum.org/

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. Tails relies on the Tor anonymity network to protect your privacy online: all software is configured to connect to the Internet through Tor; if an application tries to connect to the Internet directly, the connection is automatically blocked for security.

Mobile device privacy

For Android devices: Orbot Mobile Anonymity + Circumvention app

https://guardianproject.info/apps/orbot/

Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world.

For iDevices: Covert Browser app:

https://itunes.apple.com/us/app/covert-browser/id477438328?mt=8

Covert browser is a browser for the iOS that allows you to browse the Internet with Tor, considered by many to be the strongest anonymity network.

Other Resources

Published by the Electronic Frontier Foundation (EFF)

Creating a Way for Businesses to Deal With Privacy Problems

The NPR findings show how easy it is for an adversary to extract private or confidential information.  Whether data is picked up via Wifi or more intrusively via a rogue computer or device, the problem of unknown devices in the workplace spying on an organization is a reality.

For organizations who are concerned about this or have privacy compliance laws to meet, Pwnie Express will soon be offering a service that will make it easy to sense and locate rogue computers or drop boxes placed in their offices or remote locations.

The Pwn Plug R2, Pwn Appliance, Pwn Pads and Pwn Phone products will be able to monitor and log or alert Pwnie Express’ central service when rogue devices are detected.  This is a critical aspect of protecting an organization, sensing the presence of an adversarial drop box.  You can actually see the enemy hiding in plain site, something not possible with existing network centric monitoring systems.

If you are interested in hearing about this when we make it available please complete the form on the right so that we can add you to the notification list.

Information Technology Luminaries Join Pwnie Express Advisory Board

Accomplished Executive from Sophos, and Formerly Application Security, inc. to Guide Pwnie Express’s Growth

June 04, 2014

Pwnie Express, the only company to assess wired and wireless network security in remote locations on demand, today announced two IT security industry luminaries have joined its Advisory Board of leading experts.

These industry thought leaders will help guide the company’s business strategy, Pwnie Labs research and product development initiatives.

Pwnie Express’s network security assessment products are rapidly deployable and provide enterprises access to, and intelligence in hard to reach branch offices and locations. At their core are open source tools integrated on a smart platform available in a variety of form factors, which deliver unprecedented real-time actionable insight.

In joining the Pwnie Express Advisory Board the experts will play a significant role in guiding Pwnie’s future mission and in achieving those goals.

Newly represented on the Advisory Board is a leading strategist from Sophos as well as the former CEO and Chairman Application Security, Inc., now Trustwave. The newest participants are:

Gerhard Eschelbeck: Chief Technology Officer (CTO) and Senior Vice President (SVP)
Sophos

Gerhard Eschelbeck is responsible for Sophos’ technology strategy, driving product direction and innovation. Gerhard has a passion for creating and championing new technologies and for developing and growing successful organizations and people, and is also a trusted advisor to a number of early stage startup companies.

He was named one of InfoWorld’s 25 Most Influential CTO’s, and is perhaps best known for publishing the “Laws of Vulnerabilities.” Gerhard is also one of the inventors of the Common Vulnerability Scoring System (CVSS) and holds numerous patents in the field of managed network security.

Most recently, he served as CTO and senior vice president at Webroot Software, where he was responsible for the development of their cloud-based technologies. Prior to Webroot, as CTO and vice president of engineering at Qualys, he helped the company achieve a leadership position in the SaaS-based vulnerability management market. Previously, he served in senior product and technology roles at companies including Network Associates and McAfee.

Jack Hembrough: Strategic advisor to high-growth startups

Most recently, Jack was CEO and Chairman of Application Security, Inc., a database security company. He led the company in 2003 from inception through five years of rapid growth and 3 rounds of venture financing. He returned to the company in 2011 to bring it to a successful outcome – a financially rewarding merger with Trustwave.

Jack is an accomplished security professional and seasoned executive having led successful organizations and guided strategy at several leading security companies – including Authentica, a private messaging venture sold to EMC, and IRE/SafeNet, Inc. a publicly traded encryption company providing chips and software to fuel the VPN market.

Jack was the 14th employee of Raptor Systems, one of the first firewall companies. At Raptor, he built the global reseller sales channels. After taking the company public, he was installed as the Vice President/General Manager European Operations, and created Raptor’s European organization headquartered in Amsterdam. The company was eventually acquired by Symantec.

He flew jets in the USAF; earned a Master of Business Administration with Distinction from the Harvard Business School, and a Bachelor of Science in Chemistry from the United States Air Force Academy.

“We are thrilled that leaders of this caliber are helping guide our future plans,” said Paul Paget, CEO of Pwnie Express. “The unprecedented level of our advisors, who are already driving the IT security space, provides a truly unique level of insight that allows us to continue to build on our ongoing success.”

Gerhard and Jack join visionaries Ed Skoudis, Co-founder InGuardians and SANS Institute Fellow, and David Bradbury, VCET President, Fund Manager and Investment Committee Member on the Pwnie Express Advisory Board.

[Press Release]