First look at the Pwn Pad 3, the latest in mobile security mayhem

Ars Technica

First look at the Pwn Pad 3, the latest in mobile security mayhem

June 25, 2015

By Sean Gallagher

 

Pwnie Express, the company that began as a builder of “drop boxes” for penetration testers and white-hat corporate hackers, has been evolving toward a more full-service security auditing platform vendor over the past few years while continuing to refine its hardware and software in ways that appeal to the corporate security set. Now Pwnie has released the third generation of its flagship mobile penetration testing platform, the Pwn Pad, bringing the Android and Kali Linux-based platform a step further away from the rough-hewn penetration testing tools it began with and into the realm of something with a lot more polish—and performance.

Pwnie Express’ Mobile Platform Engineer Tim Mossey and Director of Research and Development Rick Farina recently gave Ars a walk-through of the Pwn Pad 3, which has just begun shipping out to pre-order customers. We expect to do a full review of the Pwn Pad 3 soon but wanted to get an early look at what to expect. The biggest visible change is the hardware itself, as Pwnie has left the relative comfort zone of Google’s reference platform Nexus tablets and moved to the more powerful Nvidia Shield. But there are some changes behind the scenes as well that make the Pwn Pad 3 act more like an actual flagship commercial product and less like something way off the corporate reservation.

Full disclosure is in order here—Ars bought hardware from Pwnie Express to support our own security testing lab, and we enlisted help from Pwnie Chief Technology Officer Dave Porcello for our joint project with National Public Radio last year. So we’ve had a bit of experience with Pwnie’s platform in many of its incarnations. We’ve also worked with a number of open source penetration tools, including the Kali Linux-based NetHunter platform for Android.

(Original Article)

Phishing Attack Prevention: How to Identify & Avoid Phishing Scams

Digital Guardian

Phishing Attack Prevention: How to Identify; Avoid Phishing Scams

June 23, 2015

By Nate Lord

 

Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. Whether it’s getting access to passwords, credit cards, or other sensitive information, hackers are using email, social media, phone calls, and any form of communication they can to steal valuable data. Businesses, of course, are a particularly worthwhile target.

To help businesses better understand how they can work to avoid falling victim to phishing attacks, we asked a number of security experts to share their view of the most common ways that companies are subjected to phishing attacks and how businesses can prevent them. Below you’ll find responses to the question we posed:

“How do companies fall victim to phishing attacks and how can they prevent them?”

Meet Our Panel of Data Security Experts:

Jayson Street

@PwnieExpress

Jayson is a well known conference speaker, and author of the book “Dissecting the hack: The F0rb1dd3n Network.” He has spoken at DEFCON, DerbyCon, UCON & at several other ‘CONs & colleges on a variety of Information Security subjects. He is an Infosec Ranger at Pwnie Express.

 

Pwnie Values

Here on the blog, we often talk about the cool products and ideas that come out of Pwnie Express, but less so about the company itself. At the core of Pwnie are our values:

 

Integrity – Honesty and respect for one another are the guiding principles for everything we do. Our integrity is measured by accountability to our customers, the global InfoSec community and our fellow Pwnies.

Passion – We are a team of highly driven and passionate individuals, committed to hard work and execution, focused on solving the security problems of an Internet-connected world.

Teamwork – We regularly train, practice, and measure our abilities to ensure confidence and trust as a team. Through collaboration, we achieve breakthroughs together with customers, partners, and the global InfoSec community.

Innovation – The desire to challenge the status quo – fundamental to the hacker mindset – is ingrained in our DNA.  We encourage targeted risk taking, building upon a constant search for new and innovative solutions.  We create game-changing products and services for our customers and the global InfoSec community to improve the security of our Internet-connected world.

New products of the week 06.15.2015

Network World
New products of the week 06.15.2015
June 15, 2015
By Brandon Butler
Our roundup of intriguing new products from companies such as HP and Brocade.

Key Features: A commercial-grade penetration testing tablet from Pwnie Express built on powerful gaming hardware, designed for remote security assessment of wired and wireless networks, and optimized for ease-of-use and mobility. More info

 

(Original Article)

2015 Security Predictions and Directions

CISOs Increase Unauthorized Device Detection to Combat Expanding Attack Surface

Paul Paget, CEO – Pwnie Express – Boston, MA, USA

2015 will see the rise of security issues associated with BYOD and IoT devices at work, which simultaneously improve productivity and increase the total attack surface area. With this expanded surface area, continuous detection will become both more challenging and more important – especially at remote and branch offices where a corporate security presence often is less prominent. CISOs/CSOs will need to invest in increasing the visibility and monitoring of their entire company network for rogue and/or unknown devices while maintaining strong preventative security. Adding to the new security paradigm of BYOD and IoT devices, an HP-commissioned survey found that 70% of all commonly used connected devices contain serious vulnerabilities, meaning that the surge of IoT and BYOD devices connecting via wireless, Bluetooth, USB, etc. will introduce more potential breach points into the enterprise. Combining HP’s research with IDC’s latest prediction that 90% of all IT networks will have an IoT-based security breach within two years, 2015 will be the year to implement new IoT and BYOD security policies and technologies. CISOs/CSOs will shift towards finding the right balance between prevention and detection, including smartly investing security budgets in high-impact initiatives such as real-time monitoring and alerting for unauthorized and rogue devices. As BYOD and IoT devices increase security risks, the only way to prevent an attack or effectively respond when an attack gets through is to know how and where it’s happening.

Important Issues:

  • BYOD and IoT Security
  • Detection of Wired, Wireless, Bluetooth and All Other Devices
  • Continuous Visibility Into What Is Connected Across the Enterprise, Both at Headquarters and Remote and Branch Offices

Direction for CSOs:

  1. Focus on what you’re investing money in, not how much money you’re investing.
  2. Embrace the productivity benefits of BYOD and IoT devices, but ensure visibility to offset the potential security risks that accompany their use.
  3. Remember that attackers seek the weakest link, which is often the remote or branch office.

Companies Are Not Spending Enough on Cybersecurity

CRN.com

Companies Are Not Spending Enough on Cybersecurity

June 9, 2015

By Meghan Ottolini

 

Security experts at a recent panel held at MIT cited a lack of spending as the main reason why companies are vulnerable to cybersecurity breaches.

Security vendor Pwnie Express’s Paul Paget said that most companies spend between 4 percent and 10 percent of their IT budgets on security. That number is higher in financial services companies, and on the lower end in most retail companies.

Paget said one big problem is the tendency for companies to confuse compliancy with a robust security strategy.

“With the burden of compliance, you can easily get lulled into complacency around, ‘Well, we’re compliant,’ ” Paget said.

“Everyone here probably understands compliance is not security because it’s a lagging indicator of trying to keep up with what was decided three, four, five or 10 years ago,” he said.

Christopher Hart, an associate at Foley Hoag with expertise in data privacy and cybersecurity, said that despite efforts to educate companies on the best security strategies, they often default to the cheaper option.

Hart said companies tend to prefer not to spend the up-front costs, “when [they] think [they] might be able to get by with the systems that [they] have.”

However, Hart said, preventative training and technology is “the best kind of system to have in place on the front end to avoid the large costs on the back end.”

(Original Article)

Pwnie Express Releases Powerful Commercial-Grade Penetration Testing Tablet

BOSTON, MA–(Marketwired – Jun 9, 2015) – Pwnie Express, the world leader in remote security assessment, and the first company to empower organizations of all sizes with a full visibility and threat detection platform, today announced the Pwn Pad 3, a commercial-grade penetration testing tablet designed for remote security assessment of wired and wireless networks and optimized for ease-of-use and mobility. Built on powerful, multi-touch HD hardware, this lightweight device is the ultimate penetration tester’s tool.

The Pwn Pad 3 features extended battery life, as well as a full set of dramatically enhanced features:

  • Completely New Scripts: Features custom Android launchers backed by an entirely new set of scripts to dramatically increase assessment speed while simplifying use.
  • Extended Hardware Support: Allows users to leverage the majority of popular Wi-Fi cards and chipsets, as well as numerous USB wired Ethernet adapters. This extended support gives users the flexibility to choose their preferred piece of hardware to get the job done.
  • On-the-Go Kali Disk Forensics: Additional support across a broad range of common file systems enables users to simply connect their hard drives to the Pwn Pad 3 via a USB device to access a suite of Kali disk forensics tools. This enables quick, “on-the-go” disk forensics capabilities for simple or scripted tasks directly from Pwn Pad 3.
  • Pwnie Express OTA Updates: This new Android app is exclusively built to automate necessary upgrades and ensure Pwn Pad is continuously up-to-date with the latest software — completely eliminating the need to reflash the device.

“Using a platform designed for gaming has allowed us to focus on optimized performance,” said Timothy Mossey, Lead Mobile Platform Engineer for Pwnie Express. “It’s a leap to develop the next iteration of mobile penetration testing on a platform like this, but it provided the power we needed for Pwn Pad 3.”

“All organizations, regardless of size or sector, must be able to implement scalable security tools to help protect themselves against ever-increasing threats,” said Dave Porcello, CTO, Pwnie Express. “We’re grateful for our collaborative relationship with our customers, and we applied their valuable feedback to make Pwn Pad 3 faster, sleeker and even more feature-rich, so they can more easily conduct an assessment on the road.”

Pwn Pad 3 is now available for pre-sale, and will be generally available on June 15, 2015. For more information please visit http://store.pwnieexpress.com/product/pwn-pad-3/ or contactsales@pwnieexpress.com or call (855) 793-1337.

About Pwnie Express
Pwnie Express is the world leader in remote security assessment, and the first company to empower organizations of all sizes with a full visibility and threat detection platform that discovers and alerts to unknown or high-risk devices and their potential threats wherever they exist on the network. Through its enterprise-class Pwn Pulse platform and its long-trusted Pwn Plug, Pwn Phone and Pwn Pad devices, Pwnie Express provides continuous visibility throughout the wired/wireless/RF spectrum, across all physical locations including remote sites and branch offices, detecting “known-bad,” unauthorized, vulnerable, and suspicious devices. Backed by the powerful security research of Pwnie Labs, Pwnie Express helps its customers reduce the attack surface created by the explosion of devices introduced by Bring Your Own Device (BYOD and the expansion of threat vectors brought on by the Internet of Things (IoT). It is headquartered in Boston, Massachusetts. To learn more, visitwww.PwnieExpress.com or @PwnieExpress.

 

(Original Press Release)

Announcing the New Pwn Pad 3

Pwnie Express is proud to unveil the latest iteration of its Pwn Pad line of mobile penetration testing tools: the Pwn Pad 3. This newest entry in Pwnie’s line of commercial grade remote assessment tablets represents the biggest update ever for the product. It features a completely new hardware platform, improved peripheral support, a bevy of enhancements to Pwnie’s custom user interface, and a version bump to the core Android operating system.

 

Updated Hardware

The most obvious change in the Pwn Pad 3 is the hardware itself. Featuring a Tegra K1 2.2 GHz quad-core processor and 2 GB of RAM, the Pwn Pad 3 delivers PC-like performance in a tablet form factor. In fact, the Tegra K1 benchmark score on the popular Android benchmark suite Geekbench is over double that of the Pwn Pad 2014.

While you probably won’t be playing Half Life on your Pwn Pad 3, the vastly improved performance of the Tegra K1 architecture delivers real world improvements that translate directly into better capability in the field. With the Pwn Pad 3, a penetration tester doesn’t have to lug around a laptop to perform computationally expensive tasks such as decryption or man-in-the-middle attacks against large networks; it can all be done right on the Pwn Pad.

 

Refined Software

While the powerful new hardware featured in the Pwn Pad 3 is impressive, it only makes up one half of the equation. Pwnie’s custom software has been thoroughly tweaked and revamped for the Pwn Pad 3, including a complete rewrite of many of the automated security assessment scripts. Also included is the brand new “Pwnie Express OTA Updater” application, which will make updating the Pwn Pad to the newest software release easier than ever.

The Pwn Pad 3 also features notable improvements to third party hardware support, allowing users to connect dozens of new USB devices to their Pwn Pad’s. The Pwn Pad 3 will still ship with WiFi, Bluetooth, and Ethernet adapters, but users will now have the option of using their favorite hardware as well.

Improvements to the Pwnie’s front-facing features will be immediately obvious to users, but there’s plenty of software behind the scenes which has also seen considerable revamping. First and foremost, the Pwn Pad 3 is now running Android 4.4 (KitKat); currently the most widely used version of Google’s open-source mobile operating system. The Pwn Pad’s integrated Kali Linux installation has also been updated, which brings along an impressive list of fixes and updates to the literally hundreds of the open source security tools it contains.

 

Availability

Pre-sales for the Pwn Pad 3 kit start today, with the first units expected to ship out this Summer.
Like its predecessors, the Pwn Pad 3 kit will include external high performance WiFi and Bluetooth adapters which are compatible with all of the most popular wireless tools such as Kismet, Aircrack-NG, Bluelog, Wifite, and Reaver, as well as an Ethernet adapter for auditing wired networks.