Eee PC Default Security - Some Attention Needed

February 11th, 2008 Drazen Drazic Posted in Bad Stuff, Dumb Security, Industry Specialists Talk, Research, Vulnerability Management |

Declan Ingram talks about the news article on Rise Security and the Eee PC:

News this morning of the remote vulnerability in the ASUS EeePC (http://eeepc.asus.com/global/) doesn’t really come as a surprise. Vulnerabilities in default installs are really nothing new.

As an avid EeePC fanboi, this one does annoy me. (FYI - It took us about 4 seconds to do it when I purchased mine a few weeks back…..well a little more, I only slightly exaggerate). The guys at RISE are attacking a vulnerability in Samba - (http://www.zerodayinitiative.com/advisories/ZDI-07-033.html) which was released May 15, 2007.

It’s now Feb 11th, 2008, and as I check the EeePC software update program there is still no update.

C’mon guys - get it together. You can’t ship a custom OS and then not update it. You are using non-open-driver hardware so I can’t easily roll my own choice of OS (which, of course is www.openbsd.org) The Samba team have made the patches, you have even setup the update channels - this is just being lazy.

2 Responses to “Eee PC Default Security - Some Attention Needed”

  1. Anon Says:
    February 12th, 2008 at 9:42 pm

    Declan, it seems no secret. Can you tell us your method as to how you so easily do this?

  2. Declan Ingram Says:
    February 13th, 2008 at 8:09 am

    @Anon,

    The guys at RISE do a good writeup here :

    http://www.risesecurity.org/blog/entry/6/

Leave a Reply