How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself From It)

How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself From It)

Daniel Oberhaus

The Wi-Fi Pineapple enables anyone to steal data on public Wi-Fi networks. Here’s how it facilitates two sophisticated network attacks and how to protect yourself against them.

This article is part of How Hacking Works, Motherboard’s guide to demystifying information security.

In popular media, hackers are often portrayed as an elite cabal of ski mask aficionados and computer experts that can keyboard mash their way into any digital device. But what if I told you that you can also pwn almost any internet connected device around you, even if you can’t tell an SSL from an SSID?


Yes, my friend, the device you are looking for is a Wi-Fi Pineapple, which can turn anyone from hack to hacker for the low, low price of $99. Since it is so cheap and easy to use, it’s important to understand how the Pineapple works in order to protect yourself against its attacks.

The Pineapple is a nifty little device first released in 2008 by Hak5, a company that develops tools for penetration testers, or “pentesters.” Pentesters are usually hired by organizations to attack their own networks in order to expose vulnerabilities before they are discovered by some bad actors. The Pineapple allows pentesters to easily execute sophisticated attacks on public Wi-Fi networks to see how the attacks work and how to protect the network from those attacks.

Pineapples aren’t much different than the normal Wi-Fi access points you use to get internet at home or in the office, just more powerful. They use multiple radios rather than just a single radio found in most routers. This means a Pineapple is able to interface with hundreds of devices at a time, rather than just a few dozen. Moreover, the Pineapple’s web interface is optimized to execute complicated network attacks.

Read More:The Motherboard e-Glossary of Cyber Terms and Hacking Lingo

“When I invented the Wi-Fi Pineapple, I saw that Wi-Fi had inherent flaws that made it vulnerable to spoofing attacks,” Darren Kitchen, the founder of Hak5, told me in an email. A spoofing attack is when a hacker impersonates a service or device in order to gain access to a victim’s data.


“A lot of nefarious types had already taken advantage of these weaknesses, but the majority of people weren’t aware of the problem,” Kitchen added. “I figured if information security people had access to a device that could easily exploit these flaws, it would raise awareness and get things fixed.”

Although the Pineapple has always had a cult following within hacker circles, it recently rose to prominence after it was featured as a major plot point in the shows Silicon Valley and Mr. Robot.

In these shows the device was used to spoof a website and to execute a man-in-the-middle attack to hack the FBI, respectively. According to Kitchen, who served as a technical advisor on the Silicon Valley episode, the fictional depiction of the Pineapple in these shows isn’t so far from the truth.

The Pineapple is an invaluable tool for pentesters, but its popularity is also due to the fact that it can be used for more nefarious purposes. Hackers can easily wield the device to collect sensitive personal information from unsuspecting users on public Wi-Fi networks.

It’s important to keep in mind that just because you can pwn all the things with a Pineapple, doesn’t mean it’s legal or that you should. Owning a Pineapple is legal, but taking money out of someone’s bank account by stealing their unencrypted password is not. The Pineapple just makes grabbing unencrypted passwords sent over Wi-Fi easier. I am not a lawyer, but in general, if you do not have explicit permission to use the Pineapple on a network that you own as well as from anyone who could reasonably connect to that network, you are treading in dangerous territory.


Again: Executing a Pineapple’s exploits on a network you don’t own if you’re not a pentester working in a professional setting can quickly put you into illegal territory. Even if you don’t get caught, you’re still an asshole for doing it, so just…don’t.

Read More:The Motherboard Guide to Not Getting Hacked

This guide is meant to be an informational glimpse into the world of network pentesting, as well as a reminder about the importance of personal information security. After showing you just a few of the ways a Pineapple can be used to pwn you, I’ll also walk you through some simple steps you can take to make sure you’re never on the wrong end of a malicious Pineapple attack.

Hak5 makes a few different versions of the Pineapple, but while putting together this article I used its cheapest model, which I bought at the DEF CON hacking conference for the purposes of this article: the Pineapple Nano. I configured it on a Windows computer, although it’s also compatible with iOS and Linux systems.

The Pineapple Nano. Image: Hak5

The initial setup is a piece of cake. All you need to do is plug it into the USB port on your computer, navigate to the Pineapple’s IP address and it’ll take care of the rest. After you’ve updated your login information for the Pineapple, you’re ready to try some exploits.


Every year at DEF CON, one of the largest hacking conferences in the world, the Packet Hacking Village hosts the Wall of Sheep. This is essentially a running list of devices that have connected to an insecure network at DEF CON. The list is usually displayed on a large projector screen at the Packet Hacking village, where anyone can see not only the device’s ID, but also the websites it was trying to access and any relevant credentials.


It’s a light-hearted way of shaming people into better information security, and you can easily create your own Wall of Sheep using a Pineapple.

Read More:72 Hours of Pwnage: A Paranoid N00b Goes to DEF CON

All of the exploits for the Pineapple are freely available as downloadable modules on the Pineapple’s dashboard and usually only take a single-click to download and install on the device. Once the Wall of Sheep module (called ‘DWall’) is installed on a Pineapple, any device that connects to it will basically be broadcasting their browsing traffic to the owner of the Pineapple.

The exception to this, of course, is if the would-be victim is using a Virtual Private Network (VPN) to encrypt their web traffic or only visiting pages secured by Secure Hypertext Transfer Protocol (HTTPS). This protocol encrypts the data being routed between the website’s server and your device and effectively prevents eavesdroppers from seeing which websites you’re visiting. HTTPS also helps protect your web habits from your internet service provider, which can only see the top level domain habits of its users (for instance, that you visited Motherboard, but not that you clicked on this article).

Although over half the web has switched to HTTPS from its insecure predecessor, HTTP, a 2017 Google audit found that nearly 80 percent of the top 100 websites don’t deploy HTTPS by default. This means that anyone who inadvertently connects to a Pineapple and then browses to an HTTP version of the site is basically exposing all of their activity on that site, from pages visited to search terms, to the person wielding a Pineapple.


Many websites have both an HTTP version and an HTTPS version, which as we’ll see in the exploit, is a security vulnerability that can be exploited by a Pineapple.

The original Pineapple released in 2008. Image: Darren Kitchen/Hak5


Pineapple man-in-the-middle (MITM) attacks are really the main reason pentesters get this device.

MITM attacks are a way of eavesdropping on a user by inserting a Pineapple between the user’s device and legitimate Wi-Fi access points (in terms of how data is routed through the network, not necessarily literally between them in meatspace). The Pineapple then pretends to be the legitimate Wi-Fi access point so it can snoop on all the information as it relays data from the device to the access point.

Another way of thinking about MITM attacks is that they are kind of like if someone dropped a letter in their mailbox and then a stranger opened up their mailbox, read the letter and then put it back in the mailbox to be sent.

Read More: Turning Off Wi-Fi and Bluetooth in iOS 11 Doesn’t Actually Turn Off Wi-Fi or Bluetooth

So how does a Pineapple trick your device into think it is a legitimate access point? There is a native feature on the Pineapple that scans for service set identifiers (SSID)—the names of Wi-Fi networks—that are being broadcast from devices in its vicinity.

Any time you connect to a Wi-Fi network on your phone or computer, your device saves that Wi-Fi network’s SSID in case you ever need to connect to that Wi-Fi network in the future. But this convenience comes with a major cost.


Let’s say you connected to the Wi-Fi at your favorite local coffee spot, and its network is called “Human_Bean_wifi”. After you’ve left the coffee shop, your phone or laptop will start broadcasting a signal that is basically asking if Wi-Fi access points around the device are “Human_Bean_wifi.” It does this for any network you’ve connected to in the past.

“A quick reality check is usually all it takes to see if you’ve been duped by a Wi-Fi Pineapple.”

Pineapples are able to take advantage of this feature by scanning for all the SSIDs being broadcast by devices in its vicinity. It then rebroadcasts these SSIDs so that it can trick devices into thinking it is an access point that has been connected to in the past. So to use the above example, the Pineapple will see that your phone is asking, “Is this network ‘Human_Bean_wifi’?” and then start broadcasting its own signal that says “Yes, I am ‘Human_Bean_wifi’, connect to me.”

Put another way, this would basically be like walking around with a set of keys to your house and asking every stranger you meet if they are your roommate. In most cases, those strangers will say “no,” but you also run the risk of running into an ill-intentioned stranger who will lie to you and say “yes, of course I am your roommate. Please let me in,” and then proceed to steal all your stuff.

Read More: The Motherboard Guide to VPNs

But getting devices to connect to a Pineapple is only half of executing a MITM exploit. An attacker also must be able to read the data being routed from the device through the Pineapple. There are a couple of ways to do this.


A Pineapple can be used to create an “Evil Portal,” which basically creates fake versions of websites to capture usernames and passwords, credit card information or other sensitive data.

These work by creating a local server on the attacker’s computer to host a web page that looks like a regular login page for a well trafficked service like Gmail or Facebook. These pages can easily be duplicated using free online services.

Then the attacker configures their Pineapple so that when any devices that are connected to it try to browse to a website like Twitter or Facebook, they will actually be redirected to the fake webpage being served by the attacker’s computer. If the victim enters their information on this page, their username and password will be revealed to the attacker without the user ever knowing they’ve been pwned.

Another way of gathering information about someone’s browsing habits with a MITM attack is to use modules built for the Pineapple that block forced HTTPS encryption and read the data that would otherwise have been secure.

For example, consider a website like Motherboard, which is secured with HTTPS. If you simply type in “” in your URL search bar and press enter, you will be submitting an HTTP request to Vice’s servers. Vice’s servers will then field this request and respond to your device by directing it to a secure HTTPS version of the site. (This is the same for many major websites, such as Twitter).


Forcing users to an HTTPS version is a great way to beef up a website’s security, but it’s the user’s HTTP request in the beginning that can be exploited with a Pineapple. A module called SSLSplit is able to monitor HTTP requests from a user’s device when it is connected to the Pineapple. It will then route this request along to the appropriate server, but when the server responds with the secure HTTPS link, the Pineapple will “strip” away the secure layer and serve an HTTP version of the site back to the user.

At this point, the user will effectively be browsing an insecure version of the site, which will appear almost exactly the same. The only difference will be that a little lock icon will have disappeared from the upper left corner of the screen.

Always check for this lock icon in the upper left of your internet browser.

This attack clearly demonstrates the importance of encrypted communication protocols such as HTTPS. Without them, all the data being routed between the device and the access point can be easily read by anyone with a Pineapple.


The hacks discussed above are just the tip of the iceberg. Fortunately, there are a number of simple steps you can take to protect yourself from getting pwned by some asshole with a Pineapple.


The easiest thing you can do is only connect to Wi-Fi networks you know and trust. Your home network, for instance, is almost certainly safe from a Pineapple attack. This is because a Pineapple must also have access to the network it is trying to monitor traffic on, so unless the attacker has access to your home Wi-Fi credentials, they won’t be able to pwn you with a Pineapple.


Same goes for your office Wi-Fi—unless, of course, your office has hired a pentester to audit its network. The real danger of a Pineapple attack is on public networks—places like your local coffee shop or the airport are all prime places for an attack. Most people don’t stop to check whether the “free_airport_wifi” access point is legit and connect without thinking.

When it comes to networking infosec, vigilance is key. The most secure option is to never use public Wi-Fi networks at all. That is a major pain in the ass, however, and will almost certainly drive up your cell phone bills for data use. (For what it’s worth, your cell phone isn’t safe from IMSI catchers either, but I digress).


If you must get on public Wi-Fi, your best bet is to get a VPN. VPNs are a secure way of surfing the net by first connecting to a VPN server before venturing onto the World Wide Web. The VPN server encrypts your data before routing it to its destination, essentially creating a protective shell for your data that makes it unintelligible to prying eyes. So even though an attacker may be able to see that your device has connected to their Pineapple, if you’re using a VPN they won’t be able to see the data they are routing.

“Using a VPN is still the best advice,” Kitchen said. “When you use a VPN, anyone peering into your traffic is only going to see an encrypted mess. That goes for any eavesdropper—be it a Wi-Fi Pineapple, your ISP, an employer or even our wonderful government.”


Choosing the right VPN can be a really tough challenge. Here’s a simple guide with some suggestions.


Another good rule of thumb is to only visit websites secured with HTTPS (like Motherboard!) These days, most websites you’re likely to visit on a day-to-day basis that have sensitive information on them have switched over to this security standard from HTTP, thanks to a concerted industry effort to push HTTPS, including Google’s algorithms privileging sites with security over those that aren’t encrypted. Still, Pineapple modules are able to force a connected device onto an insecure (HTTP) version of a site if the visitor didn’t explicitly type https:// before the domain name.

Read More: Wikipedia’s Switch to HTTPS Successfully Fought Government Censorship

“Unfortunately too many websites don’t use HTTPS, and many that do are still susceptible to downgrade attacks,” Kitchen told me. “If you’re venturing anywhere off the beaten path, I’d advise against using this as your only line of defense. It’s still important to stay vigilant and check for HTTPS, but pack a VPN too.”

In short, always make sure to check the URLs of the websites you visit to make sure they’re using HTTPS. Browsers like Chrome, Firefox, and Opera make checking website security easy with a small padlock icon that says “Secure” on the left hand side of the address bar and warning users before they visit an insecure site.



Finally, it’s important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to ‘forget’ that network. This way your device won’t be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple. Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the “Manage Networks” tab of the phone’s settings.

Another simple solution is to turn off your Wi-Fi functionality when you’re not using it—though that isn’t as easy to do on some devices anymore—and don’t allow your device to connect to automatically connect to open Wi-Fi networks.

Read More: WiFi Signals Can ID Individuals by Body Shape

While it’s easy to get paranoid and wonder if there’s a Pineapple waiting to pwn you any time you get a Wi-Fi connection, most Pineapple exploits can be easily avoided by simply staying vigilant about your network settings and internet experience. For all their prowess at manipulating electronics, hackers are still very much dependent on human error for their craft.

“The Wi-Fi Pineapple is really good at mimicking Wi-Fi networks you’ve connected to in the past,” Kitchen said. “If you’re at a park and your device says it’s connected to an airplane’s Wi-Fi, something is amiss. A quick reality check is usually all it takes to see if you’ve been duped by a Wi-Fi Pineapple.”

Posted in Hardware, Privacy, Security, Tips-n-Tricks | Tagged , , , , | Leave a comment

5 New Productive Gmail Apps and Extensions You Should Try

Gmail is the email service of choice for most of the world. Google has done an excellent job with it. But that doesn’t mean it couldn’t be better. With the right apps and extensions, you can be more productive in your Gmail inbox.

You can turn it into an Instagram-like feed to quickly skim through your inbox. A “Do Not Disturb” setting will ensure new message notifications don’t break your concentration. There’s something for everyone here.

But of course, none of these can replace the tips and tricks to become a Gmail power user. Master those first, and then move on to these other tools.13 Quick Tricks and Extensions to Become a Gmail Power User 13 Quick Tricks and Extensions to Become a Gmail Power UserIf you are a Gmail user, you have an endless stream of tricks and extensions to make the best of it. We’ll explore some of the best of them in this article.READ MORE

1. Drag (Chrome): A Trello-Like Board for Gmail

A while back, we loved a new app called Sortd, which turned Gmail into a Trello-like task board. Since then, Sortd has added myriad new features that turns it into a heavy extension. If you want something simpler like the old Sortd, try Drag.

The free version of Drag lets you create three columns within which you can move your emails around. Like Trello, you can turn Gmail into a visual Kanban task board, to manage your inbox and your to-do list.How to Manage Tasks Using Japanese Kanban Technique How to Manage Tasks Using Japanese Kanban TechniqueKanban is a Japanese recipe for getting things done. It’s an organization technique originally developed for Toyota’s production line. We show you how you can implement it for yourself or in your team.READ MORE

Most of the advanced features need a paid pro account, like adding a due date or a checklist. You can try them free for a week to see if you need them.

And yes, going back to the regular Gmail view is as simple as clicking a custom Drag button in your inbox.

Download: Drag for Chrome (Free)

2. MailTag (Chrome, Firefox): Free, Real-Time Email Tracking

When you send an important email, it’d be nice to know if the recipient received it and read it. MailTag will tell you that, and it will also say how many times it was read.

productive gmail apps and extensions

It’s the simplest, free extension for this. Install it in Chrome or Firefox and it will sit quietly in the background. When you send an email, add a MailTag to track it. Once the recipient opens it, the extension sends a notification saying the message was read. It will continue to track the email after that too so that you know if it was re-read.

Like the venerable MailTrack to track your messages, this one is completely free too. The only real advantage here is the notification, but hey, that’s what you want sometimes.How To Track Your Emails In Gmail & Find Out If The Recipient Has Read It How To Track Your Emails In Gmail & Find Out If The Recipient Has Read ItYou might send a vital email to a friend alerting him to a change of plans. A read receipt at least lets you know if your friend has read it, or do you need to…READ MORE

Download: MailTag for Chrome (Free) or for Firefox (Free)

3. DND Email (Web, All Gmail): Stop Incoming Distractions

Every new email is a distraction. A notification or alert makes it feel like you absolutely must check it right away. Only the email is often unimportant and breaks your concentration for no compelling reason. DND Email gives you control over when an email lands in your inbox.

productive gmail apps and extensions

The idea is to create Do Not Disturb (DND) times for your inbox. Set up which days of the week you want it for, start and end times for your DND period, and what times Gmail will fetch new messages. This way, your phone won’t ding with notifications all the time.

DND Email was one of our favorite Gmail addons for Firefox, so you can use it as an extension if you want. But the site makes it simpler since it’s a Gmail setting across all apps you use.11 Best Gmail Firefox Extensions 11 Best Gmail Firefox ExtensionsLove Gmail, but can’t bear Chrome? Firefox has some amazing Gmail extensions that Chrome users would kill for.READ MORE

4. gfeed (Android, iOS): Instagram-Like Feed for Inbox Zero

A filled inbox is overwhelming to look at, and even worse to go through. gfeed turns it into an Instagram-like social network feed. Along with seeming more approachable, it also has a few smart tricks up its sleeve.

For example, as you swipe to see new messages, each message is automatically archived. Remember, archiving is how you reach inbox zero. For any email that you want to refer to let, “star” it to add to your favorites.How to Archive All Old Emails in Gmail and Reach Inbox Zero How to Archive All Old Emails in Gmail and Reach Inbox ZeroThis simple email habit will help you reach Inbox Zero without all the effort. Let’s look at a few tips and tricks of archiving emails in Gmail.READ MORE

Whatever action you take on gfeed will be reflected in your Gmail inbox across all apps and platforms. In essence, the app makes it easy to scroll through messages at a quicker speed and take the right action each time.

Download: gfeed for Android (Free) or for iOS (Free)

5. Email Monster (Web, Chrome): Readymade Designer Templates

Gmail lets you create canned responses and templates to reuse multiple times. But writing better emails or well-designed ones is a tough task in itself. Email Monster does the heavy lifting for you, so you can simply use an existing template.5 Tools That Can Help You Write Better Emails 5 Tools That Can Help You Write Better EmailsEveryone is still trying to solve the email problem. So, let’s also talk about the most basic habit of all – the art of writing better emails. With the help of some cool tools.READ MORE

It’s a new site so there isn’t a huge collection of templates yet. But it’s a good resource nonetheless. Broadly, you will get announcements and newsletters, a template to send a portfolio, and some marketing and sales stuff. Design is the key here, which is the hard part for most people to do. If your email looks like it was made with professional HTML, a recipient might appreciate it more.

Get Email Monster’s extension for Chrome. Next time you open a Compose window, you’ll find an icon for it next to the Send button. Click it, choose a template, customize it to say what you want, and send it away. Simple!

Download: Email Monster for Chrome (Free)

Any New Gmail Tools on Your Radar?

Not too long ago, I took a long look at all the best Gmail extensions for Chrome. But in no time, new contenders like the above ones have sprung up.

Posted in Google, Tips-n-Tricks | Tagged , , , | Leave a comment

You Never Thought of Using Your Windows Start Menu Like This!

You don’t use your Start Menu much, do you?Windows 10 Start Menu Not Working? Here’s How to Fix It! Windows 10 Start Menu Not Working? Here’s How to Fix It!Is your Windows 10 Start Menu not working? We’ll help you troubleshoot and fix it.READ MORE

Besides the casual search for a program, most users don’t. Instead, it stays discretely nestled within the Windows UI never to meet its full potential. That is, until now! Read on to turn your Start Menu into a one-stop repository for almost anything you’d need to know from your PC.

If you’ve never modified your Start Menu before, learn the basics of the Windows 10 Start Menu customization here.

1. Voice-Enabled Assistant

First things first, enable Cortana. Over time, Microsoft has developed Cortana to become quite the handy Windows tool, completely usable from your Start Menu. You can’t grasp the full use of the Start Menu without Cortana, so enable it by clicking your Start Menu, typing cortana, and selecting the Cortana & Search settings.6 Coolest Things You Can Control with Cortana in Windows 10 6 Coolest Things You Can Control with Cortana in Windows 10Cortana can help you go hands-free on Windows 10. You can let her search your files and the web, make calculations, or pull up the weather forecast. Here we cover some of her cooler skills.READ MORE

From sending reminders to watching The Office on Netflix, Cortana is no longer a Windows 10 frill. It’s shaping up to be a genuinely impressive program which can theoretically send an email, schedule a reminder, find directions, write a note, send an SMS message, identify a song, convert currency rates, and set an alarm without typing a key.

You don’t have to use Cortana, but it definitely adds another dimension to your typical Start Menu. I haven’t even started iterating all the new, interesting feature Microsoft plans to pack into Cortana, so try it out for yourself.

2. Folder and Program Organizer

People look high and low for ways to organize their programs. Taskbar modifications, third-party docks, wallpaper sections, and folders can only do so much. Why not lay all the most-used programs in your arsenal right on your Start Menu? It only takes a few minutes, and will definitely save a lot of time tracking down those important programs and files.Why You Should Use a Vertical Windows Taskbar Why You Should Use a Vertical Windows TaskbarThe Windows Taskbar has always appeared at the bottom of the screen. Depending on your monitor, vertical Taskbar might have several advantages. Let us show you what they are.READ MORE

To pin a program or folder, right-click the subject within your File Explorer and select Pin to Start.

windows 10 start menu customizations productivity

Once you’ve placed your tile, you can mouse over the small, default space slightly above the tile. Click on this space, and you will be able to name your tile category. This will work for programs and folders alike, along with drive icons.

windows 10 start menu customizations productivity

You can also resize your icons by right-clicking the icons, mousing over Resize, and selecting your size. This will allow you to create smaller icons, which will shrink the tile and only display the icon instead.

windows 10 start menu customizations productivity

Take the time to place your most valuable folders and programs on your Start Menu. Once you do, you won’t regret it.

3. Weather and News Forecaster

I don’t know about you, but my morning routine never changes: drink some coffee, check the weather, and read the news. Now, however, you won’t have to sit through panel banter for the important bits of news anymore.

Head to the Windows Store and download a weather application along with a few news apps as well. I’ve chosen The Weather application for weather, for example. Once you’ve downloaded your application, right-click the listing within your Start Menu programs and select Pin to Start. When you see the application within your Start Menu, right-click the square and select Resize to add or subtract space from the application. Then, right-click the application again and select More, and then Turn Live Tile on to get tidbit text concerning the top story of the day.

windows 10 start menu customizations productivity

That’s it, now you have the news and weather every morning smack dab on your Start Menu.

4. Game Drawer

Putting your games directly on your PC not only bypasses pesky Start Menu searches, it also allows for an aesthetically pleasing menu. To add your games, Steam games specifically, onto your Start Menu, it’s as easy as downloading the Steam Tiles application from the Windows Store.

windows 10 start menu customizations productivity

When you first enter the application, enter your Steam ID into the entry provided and select Update. Your Steam games will automatically be loaded into the program.

windows 10 start menu customizations productivity

Keep in mind, this won’t work for all the games on your PC — only the games connected to your Steam account. If you’d like to add Start Menu tiles for any game or program located on your PC, head to the following article to learn how to create your own Start Menu tiles.How to Create Custom Start Menu Tiles in Windows 10 How to Create Custom Start Menu Tiles in Windows 10Windows 10 is jam packed with customization options, but some features are neglected. Like the Start Menu. We will help you turn your plain Windows 10 Start Menu into a crisp and beautiful command console!READ MORE

5. Calendar and Note Taker

Sometimes, you’d just like to have everything you need to do for the day laid out for you. The Start Menu can do that. You’ll only need to pin a few applications, namely: Mail, Calendar, Alarms & Clock, and Snips. All, except for Snips, should be available on your PC by default.

windows 10 start menu customizations productivity

Just like that, you won’t need to deal with several applications at once in order to display your most vital daily programs. With Live Tiles activated, you can even view the text of your notes, emails, and calendar entries to keep track on what’s planned ahead with a single keyboard click!5 Calendar Management & Scheduling Tools for the Year 5 Calendar Management & Scheduling Tools for the YearKeep on top of everything in your schedule. Here are five free tools that can be particularly helpful for keeping your calendar in order.READ MORE

6. Fullscreen Start Menu

Now that you know how to use what the Start Menu has to offer, you can utilize it full screen to create a command console of sorts. It’s also very simple to do. Click on your Start Menu and type in start. Then select the Start settings option and switch the Use Start full screen option to On in the following window.

windows 10 start menu customizations productivity

That’s it! Now, when you click on the Start button or select the Windows key on your keyboard, you will be able to view your Start Menu in complete 1080p (or whatever your resolution may be).

Of course, this feature works better with touchscreen interfaces than otherwise. Yet, once you’ve populated your Start Menu with useful applications, folders, and game tiles, the fullscreen Start Menu will become second nature.

Looks Like Utility’s Back on the Menu!

Don’t let your Start Menu go to waste. After a few minutes of configuration, you can ingrain some much-needed utility to your Start Menu. After you’ve set it, forget it and enjoy the utility your once ignored Start Menu has to offer!

Posted in Tips-n-Tricks, Windows 10 | Tagged , , , | Leave a comment

Yes, You Can Still Clean Install Windows 10 with a Windows 7/8.x Key

Yes, You Can Still Clean Install Windows 10 with a Windows 7/8.x Key

Posted on October 28, 2017

by Paul Thurrott

in Windows 10

Yes, You Can Still Clean Install Windows 10 with a Windows 7/8.x Key

Readers routinely ask me whether it’s still possible to clean install Windows 10 with an unused Windows 7 or Windows 8.1 product key. Over two years after Microsoft first enabled this functionality, the answer is a resounding yes.

And I can think of a number of reasons why one might need to do so.

As noted, Microsoft first introduced this capability over two years ago, and in doing so it erased what had been one of the early install/activation issues with the then-new Windows 10.

Almost a year later, I reported that this capability—which was supposed to be temporary, by the way–still worked. Since then, I’ve tested this scenario on a very regular basis, probably roughly once a month. And as people have asked me about it, on Twitter or via email, I’ve told them that it still works.

But it’s been a while since I’ve written on this topic formally. So here goes.

It still works.

What this means is that you can download the Windows 10 Setup media—which is always the latest version, so you’ll get Windows 10 version 1709, or the Fall Creators Update, at the time of this writing—and perform a clean install of the OS on any PC. And then you can activate that install of Windows 10 using an unused retail Windows 7, Windows 8, or Windows 8.1 product key. And it will just work.

You may think that most people will never need to do this. If your PC was already running Windows 7, 8, 8.1, or any version of Windows 10, a clean install of Windows 10 today will probably activate automatically anyway.

And that’s fair. A better way to look at this is that most people simply won’t be able to do this anyway. I mean, who has a bunch of unused retail Windows product keys hanging around anyways?

Some might. And if you have or have had an MSDN or TechNet subscription, all those old product keys will work too.

So let’s think about the scenarios where this might be useful.

It’s rare, but you might have a newly-built or purchased PC that did not come with any version of Windows.

You might want to clean install Windows 10 in a virtual machine (VM).

You might want to clean install Windows 10 on a Mac, either in Boot Camp or virtually.

You might want to upgrade from Windows 10 to Windows 10 Pro. Assuming you have the right kind of Windows 7, 8, 8.1 product key, this will work too. (See below.)

The unusual nature of most of these scenarios is what I think explains why this functionality is still working even though it was supposed to be temporary. It doesn’t hurt anyone. And if you really do need to do this, it’s nice to have.

That said, there are some important caveats.

That old Windows product key can only activate against an equivalent Windows 10 product edition. For example, a product key for Windows 7 Starter, Home Basic, and Home Premium can be used to activate Windows 10. And Windows 7 Professional and Ultimate product keys can activate Windows 10 Pro. It has to be a retail key, not a key that came with a computer. And it has to be unused, though there is some anecdotal evidence that even used keys will work in some cases. (And you could always call Microsoft support, explain the situation, and try for a phone activation.)

And here’s a fun future use for this feature. If you purchase a Windows 10 S-based and do not upgrade to Windows 10 Pro before the free upgrade offer ends next year, you can use a valid Windows 7, 8, 8.1 to do so. Yes. I’ve tried that too.

Anyway, you can activate Windows 10 at any time by navigating to Settings > Update & security > Activation. If it’s not activated, or if you simply want to upgrade from Windows 10 to Windows 10 Pro, you can do so from there.


Posted in Blogs, Microsoft, Tips-n-Tricks, Windows 10, Windows 7 | Tagged , , | Leave a comment

How to Get Started with the Linux Operating System

How to Get Started with the Linux Operating System

YouTube/World Top Best

What operating system do you use? For some, that question may as well be posed in Latin or Sanskrit. For others, it’s an invitation to have a heated debate about the benefits of GUI vs. command line, modern day UI vs. old school metaphor, the pros/cons of Windows 10, LAMP vs. IIS … the list goes on and on. For most, however, the answer will be a variation on Windows or Mac.

But anyone that has used Windows (in any of its incarnations) long enough knows, at some point, frustration will rule the day, and you’ll be working along and, seemingly out of nowhere, Windows will decide to apply updates and restart, putting your work at risk while you go through the lengthy process of applying updates and rebooting. Or what about the inevitable virus or malware? You spend precious dollars on antivirus software or, worst case scenario, you have to send the machine to your local PC repair to get the virus removed. All the while, work is not being done. While Apple’s macOS products suffer less from the vulnerabilities found in the Windows platform, they also come with a fairly hefty price tag.

There is, however, another alternative to both that doesn’t cost any money to download and install, and is far more immune to viruses and malware. That operating system is Linux. What is Linux? Let’s take a look.

So what exactly is it?

Linux came about in the mid-1990s, when then-student Linus Torvalds was tasked with creating a disk driver so he could read the Minix file system. (Minix is a POSIX-compliant, UNIX-like operating system that saw its first release in 1987.) That project eventually gave birth to what would come to be known as the Linux kernel. The kernel of an operating system is an essential core that provides basic services for all aspects of the operating system. In the case of Linux, the kernel is a monolithic, UNIX-like system which also happens to be the largest open source project in the world. In the most basic terms one could say, “Linux is a free alternative to Microsoft Windows and macOS.”

Linux is a ‘can do’ platform

For those that are concerned about getting their work done with Linux, let’s take into consideration how the average user works with a computer and how Linux can meet those needs. For the average user, a computer is a means to:

  • Interact on social media
  • Read email
  • Listen to music
  • Watch Youtube or Netflix
  • Occasionally write something

Five years ago, each of those tasks would have been handled via a different application. Now, not so much. Modern computing tasks are most often relegated to a browser. Facebook, Google Docs, Netflix, Outlook 365… they’re all used within the likes of Chrome, Firefox, Safari, or Internet Explorer. Each one of those browsers does a good job of enabling the user to do their thing. It’s only on very rare occasions that a user will land on a site that will only work with one of the above browsers.

So considering that the average user spends most of their time within a browser, the underlying platform has become less and less relevant. However, with that in mind, wouldn’t it make sense to use a platform that doesn’t suffer from the usual distractions, vulnerabilities, and weaknesses that plague the likes of Windows? That’s where Linux shines. And with Linux being open source, users are not only able to use the platform for free, they can also alter and re-distribute the operating system as their own distribution.

Linux lets you customize and share

There are basically two different types of software: Proprietary and open source. With proprietary software, the code used to create the application (or operating system) is not available for public usage or viewing. Open source, on the other hand, makes the code used to create the software freely available. While the average user might not be concerned with the option to make alterations to their OS, this functionality of Linux helps to explain why this operating system doesn’t cost you anything. Linux is an open source platform, meaning that the code is available for anyone to download, change, and even redistribute. Because of this, you could download the source code for the various elements that make up a Linux distribution, change them, and create your very own distribution.

And as for that distribution, this is very often a point of confusion with new users. As mentioned above, Linux is really just the kernel of the operating system. In order to actually use it, there are layers that must be added to make it functional. The layers include things like:

  • Device drivers
  • Shell
  • Compiler
  • Applications
  • Commands
  • Utilities
  • Daemons

Developers will sometimes adapt those layers, to achieve a different functionality, or swap out one system for another. In the end, the developers create a unique version of Linux, called a distribution. Popular Linux distributions include:

There are (quite literally) thousands of Linux distributions available. To see a listing of which distributions of Linux are popular, take a look at Distrowatch.

Getting to know a different kind of desktop

One of the biggest variations you will find between the different Linux distributions is the desktop environment. Most users know what both Windows and Mac desktops look like. You might be surprised to find there are some Linux desktops that look and behave in a very familiar fashion. Others, however, offer a rather unique look and feel. Take, for instance, the GNOME desktop (pictured below). This very modern user interface does a great job of ensuring desktop elements are rarely (if ever) in the way, so that interaction with applications takes focus. It’s a minimal desktop that delivers maximum efficiency.

The GNOME desktop as seen on openSUSE, showing the activities window.

But what exactly is the desktop? In very basic terms, the desktop is comprised of pieces like the Apple menu, applications menu, menu bar, status menu, notification center, clickable icons, and some form of panel (or dock). With this combination of elements, the desktop makes it very easy for the user to interact with their computer. Every desktop contains a mixture of these parts. Linux is no exception. With the aforementioned GNOME, you have the GNOME Dash (which is like the application menu), the top bar (which is like the Apple menu bar), a notification center, and can even (through the use of extensions) add a customizable dock. Without a desktop environment, you would be relegated to the command line; trust me, you don’t want that.

The most popular Linux desktop environments are:

There are a number of other desktop options, but the above tend to be considered not only the more popular, but user friendly and reliable. When looking into desktops, you’ll want to consider your needs. For example, the KDE desktop does a great job of functioning like Windows 7. Cinnamon and Mate are similar, but less modern looking. Xfce is a very lightweight desktop, so if you have slower hardware, it makes for a great solution. And again, GNOME is a minimalist dream, with very little getting in your way of working.

The desktop environment is also where you an interact with applications … which brings us to our most important issue.

Are the application options any better?

This is one area that has been, in the past, a point of contention for Linux. If you ask any dyed in the wool Windows fan/user, they will tell you, just like with macOS, you cannot run Windows applications on Linux. But that’s not necessarily true. Thanks to a compatibility layer, called Wine (which used to stand for Wine Is Not an Emulator), many windows applications can be run on Linux. This is not a perfect system, and it’s not for everyone. But it does enable users to run many Windows applications on Linux.

Even without native Windows applications, Linux still has you covered with the likes of:

  • LibreOffice — a full-blown office suite (think MS Office)
  • Firefox/Chromium/Chrome — fully functional web browsers (think Safari or Internet Explorer)
  • The GIMP — a powerful image editing tool (think Photoshop)
  • Audacity — a user-friendly audio recording tool
  • Evolution — a groupware suite (think Outlook)

Linux has tens of thousands of free applications, ready to install. Even better, most modern distributions include their own app stores (such as GNOME Software or the Elementary OS AppCenter) that make installing software incredibly easy. Nearly all modern Linux distribution’s app stores can be found within the desktop menu. Once you’ve opened your app store, look for applications like LibreOffice (which is probably installed by default), The GIMP (a powerful image editing tool), Audacity (a user-friendly audio recorder that’s great for recording podcasts), Thunderbird (email client), VLC (multimedia player), or Evolution (groupware suite), to name just a few.

Is Linux for me, and how do I start?

Linux is ready to open up a world of free (and open) software that is reliable, secure, and easy to use. Is it perfect? No. If you happen to depend upon a proprietary piece of software, you might find that Linux (even with the help of Wine) cannot install that application you need. The big question on your mind might be, “How do I find out if Linux will work for me?” Believe it or not, Linux has that covered as well. Most flavors of Linux are distributed as “Live Distributions.”

What that means is you can download the distribution ISO image, burn that image onto either a CD/DVD or USB flash drive, insert the media into your computer (either in the CD/DVD drive or USB port) and boot from that media. Instead of installing the operating system, the Live Distributions run directly from RAM, so they don’t make any changes to your hard drive. Use Linux in that way and you’ll know, pretty quickly, if it’s an operating system that can fulfill your needs. Unlike the early years, you don’t have to be a computer geek to get up to speed on most of the readily available Linux distributions. To find out more about Linux distributions, head over to Distrowatch, where you can download and read about nearly every available Linux distribution on the planet.

Posted in Blogs, Education, Free, Linux | Tagged , , | Leave a comment

The Beginner’s Guide to IFTTT

The Beginner’s Guide to IFTTT


In our new series Getting It, we’ll give you all you need to know to get started with and excel at a wide range of technology, both on and offline. Here, we’re arming you with everything you need to know to master the world of IFTTT.

If you think back to your high school geometry class, you might remember that “If/Then” statements were used in solving mathematical proofs. But even if math wasn’t your thing, you actually use If/Then statements every day: “If it’s raining outside, then I will bring an umbrella.” Or, “If I eat this donut, then I will be very guilt- um, happy.”

Taking the logic of the If/Then statement to its place in today’s hyper-connected world is the website IFTTT. It’s pronounced to rhyme with “gift,” and it stands for “If This, Then That.” Through the IFTTT website and accompanying app, users are able to create logic statements that help them pair up Internet-enabled services and devices in ways that can make life easier—or more entertaining.

Here’s what you need to know to “get it.” (Note: For the purpose of this article, we will be referring to the browser-based version of IFTTT, but nearly all of the information can be applied to the app, as well.)

Getting Started

Like pretty much all other Internet-based services, IFTTT requires you to create an account to begin using it. Signing up is extremely straightforward and, because the service is completely free, there is no need to provide a credit card. Simply visit the website and use your email address or Google or Facebook accounts to sign up.


Everything IFTTT can do is accomplished through applets. These are tiny programs that you can create which use triggers (the “If’s”) to execute actions (the “Then That’s”). For example one applet might be: “Every time the New York Times publishes a new article in its science section (If), send me an email (Then That).”

It’s important to realize that only companies that have linked up with IFTTT will be available to access via applets. For example, you’ll be able to access applets that control the Nest thermostat (as well as several others), but if you have a Vivint thermostat, you’ll be out of luck because the company hasn’t made its services available through IFTTT.

Because IFTTT has been around since 2011, there are a lot of pre-made applets you can choose from that already have triggers and actions linked, so chances are good that you’ll be able to find what you need without having to create your own applet. First we’ll tell you how to do that, then we’ll show you how to start from scratch.

Finding A Pre-Made Applet

IFTTT allows users to search for applets in several ways.

If you know what you’re looking for, simply click on the search text in the upper left corner of the screen, enter your topic in the search bar and hit enter. For example, if you’re looking for an applet that can automatically turn your Philips Hue lightbulbs on at sunset, enter “Hue” in the search bar. You’ll be taken to a page that will first list services that can used to build an applet and, beneath that, you’ll see a list of pre-existing applets. In this case, the one we want shows up at the start of the list, so all you have to do is click on it, and then click the “Turn On” slider.

This will take you to another page that explains which services need to be activated to make the applet work. In this example, it’s Weather Underground and Philips Hue. Click the OK button, and you’ll be walked through the steps necessary to activate the services needed for your applet. For this example, you need to tell Weather Underground where you live and then log in to your Philips Hue account.

Once you’ve completed the steps needed, your applet will be activated and you can begin enjoying a new level of interconnectivity.


Another way to find IFTTT applets is to click on the “Discover” link at the top of the screen. This will provide you a list of suggested applets based on those you’ve already activated. Alternatively, you’ll notice that when you click on “Search” at the top of the screen, you’ll see a convenient grid showing you a variety of categories. Click on a category, and you’ll be taken to a page showing you applets grouped by genre.

Click “Connected Car” for example, and you’ll find applets that do everything from tracking your car trips in a Google spreadsheet to helping you remember where you parked your car. Under the “Weather” category, you can get a notice when the local surf is surging or if it’s going to rain tomorrow. The “Social Networks” category, meanwhile, lets you try out some clever cross linking, such as saving photos in which you’re tagged on Facebook to Google Photos.

Creating an applet from scratch

If you can’t find a pre-existing applet that suits your needs, you can create one as long as the company you want to access has an arrangement with IFTTT. To begin, click on “My Applets” at the top of the screen, then click the “New Applet” button in the upper right.

You’ll then be taken to a screen that features the words “if +this then that.” Somewhat counterintuitively, you’ll need to click on the blue “+this” section of the text.

In this case, we’ll create a simple applet with a daily trigger. To set it up, click on Date and Time and you’ll be taken screen that describes the service. Choose when you’d like your trigger to activate (hourly, daily, weekly, etc) and click on “Create trigger.”

Once your service is connected, you’ll then be taken back to the screen showing the large text version of “if this then that,” only this time, the “+this” section will be replaced by a graphic of the trigger you just chose.

Next, it’s time to select the action you want to have activated by your trigger. To do that, click on “+that,” which will now be blue.

In this simple example, choose SMS, then click on the green box that says “Send me an SMS.” You can then customize the applet to send you a message at the interval you specified in your trigger. Click “create action” and your applet will be created. If you want IFTTT to send you a message every time your applet runs, you can click the slider next to “Recieve notifications when this Applet runs.” Then, click “Finish” and you’ll be all set.

Turning applets on and off

Once you’ve activated one or more applets, you can turn them on and off as needed. Simply click on the “My Applets” text at the top of the screen, click onto the applet you’re interested in controlling, and click the “On” button to turn it to “off.”

On these screens, you can also make changes to any applets you’ve created. To do so, click the gear icon in the upper-right corner of the applet box and you’ll see the options you have for applet customization.

At any time, click the IFTTT logo in the upper-left corner of the screen to be taken back to the main page.

You’ll soon see that you can create applets for everything from getting yourself out of an awkward situation to finding out when the International Space Station passes overhead. But be warned: You might want to create an applet that kicks you off the IFTTT site if you spend too much time there because all this IFTTTing can get pretty addictive!

Posted in Blogs, Education, Free, Social Networks, Tips-n-Tricks | Tagged , , , | Leave a comment

Everything You Need To Know About KRACK, The Latest Wi-Fi Exploit

Everything You Need To Know About KRACK, The Latest Wi-Fi Exploit

Image: iStock

A huge flaw in Wi-Fi devices using WPA and WPA2 security encryption was exposed by Mathy Vanhoef, working out of KU Leuven, yesterday. Attackers can use this flaw to steal sensitive data – passwords, credit card numbers, emails – or inject malicious software into websites. If you’re using an Android device, an attack could be “exceptionally devastating”.

Here’s what you need to know.

What Is KRACK?

KRACK stands for Key Reinstallation Attack. In short, it is an exploit that takes advantage of the WPA2 protocol – the protocol most internet users are currently utilising to encrypt the information they send when online. It is directed at a process known as a 4-way handshake that all protected WPA2 Wi-Fi networks use.

This ‘handshake’ acts like a secret greeting between a client (such as your smartphone, laptop etc) and an access point (such as a modem/router): If both client and access point know the secret greeting (the password), then you can connect to the internet. This process also generates an encryption key.

This particular point in the process is vulnerable to being tricked to reinstall that ‘key’ that is already in use, thus the name KRACK.

Attackers can clone a protected Wi-Fi network while forwarding the internet connection – essentially meaning the user can still access the internet – and then using KRACK can manipulate this ‘handshake’ process. Thus, the attacker, in Vahoef’s words, “obtains a man-in-the-middle (MitM) position between the victim and the real Wi-Fi network.” This doesn’t give the attacker access to your WPA2 Wi-Fi password, but it does allow them to ‘listen in’ on the information that a client is sending between an access point.

Confusing? Definitely – the take home message is that this exploit can affect any device that uses WPA2 protection to encrypt data over a wireless network. That means pretty much every device you use in your daily life.

Fortunately, for it to be taken advantage of, an attacker would need to be in the physical vicinity of the Wi-Fi device.

Why Is Android Vulnerable To This Exploit?

Android 6.0 and above is particularly susceptible to attack via KRACK because of the way devices running this system deal with WPA2 protection.

The exploit was unearthed by Mathy Vanhoef who specifically notes that “due to an implementation bug, Android and Linux … will reinstall an all-zero encryption key [which] makes it trivial to intercept and manipulate all data that is transmitted by these devices.”

You can see his explanation, in full, below:

As you can see in the video, Vanhoef also explains that simply visiting secure sites – sites that are HTTPS-protected – does not necessarily prevent an attack, because some of these HTTPS-protected sites are also easy to manipulate. In the video, this results in the attacker, using KRACK, being able to see the username and password combination that the user has entered on a website.

How Can I Ensure My Android Device Is Secure?

At the moment, there’s not a lot you can do short of not using your Android device to access the internet via Wi-Fi, or more accurately, being conscious of your internet usage. Ensure that you update your devices with the latest patches as they become available. Importantly, Google have stated they will implement a fix for Pixel devices in their security update on November 6, 2017 but other, older devices don’t have as solid a date, with Google stating they’ll be patched ‘in the coming weeks.’

If you’re running an Android device with an Ethernet port, then you can use an Ethernet cable to connect to the internet instead of Wi-Fi. The exploit can only be used when a device has been connected to the internet via Wi-Fi. We recently posted a guide to the different types of ethernet cables, if you need help deciding which one is right for you.

Public Wi-Fi can also be dangerous, so it would be best to avoid it until a fix is released. Without any clear idea of who is on the network or how they’re using it, you open yourself up to attack.

It’s a pain, but during this time of uncertainty I would also ensure that you are connecting to secure services and webpages that include HTTPS in their address. Though this doesn’t guarantee you’ll be safe, it’s another layer of protection that you should always be aware of (and not just in the face of a WPA2 exploit). You can also find extensions such as HTTPS Everywhere, for Chrome, which ensure you are connecting to secure websites when browsing the internet.

Lastly, you can use a VPN service and connect to that when using Wi-Fi on your smartphone or connected devices. This will ensure you data is encrypted end-to-end. If you need help choosing a VPN, consult this guide.

One of the big issues will be for Wi-Fi connected devices around the house. Anthony discussed this issue earlier this morning.

Are iOS Users Vulnerable To KRACK?

Apple users can rest slightly more easily as the exploit doesn’t work quite as simply on these platforms as it does on Android (and Linux).

At this point, it seems that Apple have developed patches for iOS, macOS, watchOS and tvOS which are currently in beta and these will be rolled out in software updates in the coming weeks.

Similarly, Microsoft rolled out a security patch on October 10th, ahead of the announcement.

Do I Need To Buy A New Router?

Simply put, no. However, these devices and other devices that connect to the internet via Wi-Fi are potentially open to attack until manufacturers and suppliers roll out patches for them. Several have released statements regarding the exploit, which I have included below:

Belkin, Linksys, Wemo

“Belkin, Linksys, and Wemo are aware of the WPA vulnerability. Our security teams are verifying details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.”


“We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed.”


“NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II). NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.

“NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.

“To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.”


A spokesperson for Belong suggested that modems and routers will be “automatically updated once [a patch] is available.”


“We are aware of the issue and will be rolling out patches to Nest products over the next couple weeks.”

No matter your device, because of the ubiquity of WPA2, pretty much anyone who connects to the internet is able to be targeted with this exploit. Ensure your devices are as up-to-date as possible and that you keep an eye out for available patches as soon as they become available.


Posted in Blogs, Education, Security, Uncategorized | Tagged , , , , | Leave a comment