Tripwire researcher takes on Wi-Fi Pineapples, security weaknesses

Concern is growing about the vulnerabilities presented by what are called Wi-Fi Pineapple devices, which can be used to enable man-in-the-middle attacks on users of unsecured Wi-Fi access points, and this timely topic will be addressed during the upcoming DEF CON 22 hacker event. Security Solutions firm Tripwire announced that Craig Young, security researcher for its vulnerability and exposure research team, will speak on "Pineapple Abductions," showing how a simple Wi-Fi Pineapple hack can be used to abduct, stalk, spy on or even physically harm unsuspecting victims. The session will address strategies to confirm that an SSL-based application performs appropriate certificate validation; recognizing and examining trust manager implementations within a compiled Android application package file; and tactics to minimize exposure to the IEEE 802.11 protocol design flaws that enable man-in-the-middle attacks. DEF CON 22 is scheduled for Aug. 7-10 at the Rio All-Suites Hotel and Casino in Las Vegas. For more, see this Tripwire release.