Factory-fresh ASUS Eee PC vulnerable to hackers
Everybody's ritual when they get a new computer is different: some people start installing their favorite programs, some people set their desktop picture to Pushing Daisies (not us, other people... who aren't us), and others check for vulnerable processes that might allow hackers to gain root access. RISE Security falls into that latter category, and spotted a vulnerable version of Samba on a virgin Xandros Eee PC. They ran a pre-built exploit they had for just an occasion, and found that they can indeed root the system through ill-gotten means. No word if there's an update available to patch this hole, but in the interim keep an eye out for scruffy-looking men wearing skull and crossbone paraphernalia snooping around your network.
[Thanks, Eliot]
[Thanks, Eliot]



















Reader Comments (Page 1 of 1)
Nathan @ Feb 8th 2008 7:19PM
I think that the bezel on the Eee is like that mole on that really pretty woman's face who works in the cubicle down from yours. Oh sure, she's really nice and makes pretty good conversation, maybe you'd even consider taking her out for coffee, but the whole time all you can think about is that damn mole.
Nathan @ Feb 8th 2008 7:20PM
Seriously, that's so distracting, I wish you would just go get it removed!
skulldriveshaft @ Feb 8th 2008 7:24PM
You gonna say that to Cindy Crawford?
Nathan @ Feb 8th 2008 7:27PM
Yes actually. Even in her heyday I didn't find her particularly attractive.
roman.kim @ Feb 8th 2008 7:31PM
That is exactly why I got a black one. And I've got XP on mine, so I can actually get something done.
kojo87 @ Feb 8th 2008 8:43PM
you seriously thing Windows is the only OS that can accomplish anything Roman? by no means am i anti Windows but you have to admit that is an extremely narrow minded approach. just because Linux is different doesn't meant it not as capable. in fact its more capable than XP on a low powered machine like this. the only reason i really keep Windows on my desktop is for games and media. if i could get Steam and my graphics card working properly on Ubuntu, i would probably switch completely.
manimal @ Feb 9th 2008 10:09PM
kojo87: I agree, but lately wine's been so good that it actually plays better on my ubuntu install than on my windows install.
MarkZ @ Feb 8th 2008 7:24PM
Oh, oh, but Linux is so perfectly secure and unhackable...
paul34 @ Feb 8th 2008 7:25PM
I was also under the impression that Jesus used Linux.
skulldriveshaft @ Feb 8th 2008 7:39PM
What distro are you talking about?
smbd is a daemon primarily used for hooking up with windows networks (SAMBA).
someone would have to be actively sniffing for a telltale EEE user identifier in the air, so getting rooted is a little out there.
you can always migrate straight to Ubuntu to avoid the security issues of Xandros, because if a distro is giving you root without a password, doesn't have multiple user logins, doesn't have a screen lock, probably has some high security requirements missing.
On the other hand, using the EEE for what it was intended for, browsing, typing, viewing, it won't really matter, just do a system re-install once a month to keep it all clean.
Pc_Madness @ Feb 8th 2008 11:46PM
I think this was a hole that was patched a while back, so its just Asus being lazy really.
silverblackvoid @ Feb 9th 2008 6:16AM
@paul34
Jesus uses Unix!
Bladefree21 @ Feb 8th 2008 8:24PM
Who isn't vulnerable to hacking.. How long does it take to hack an iPhone..
Derek @ Feb 8th 2008 10:09PM
Everything that is connected to the web can get hacked. Period.
Mike @ Feb 8th 2008 10:09PM
As of matter of course, no matter who made it or what it is I reload
everything a by before I use it. In this case ubuntu all the way.
Never trust a manufacture to get it right.
http://packratstudios.com
ugg.tryptophan @ Feb 8th 2008 10:15PM
nothing is safe from hackers, not even your virginity
Thierry Fortier @ Feb 9th 2008 2:22AM
why I still virgin?
abarkett @ Feb 9th 2008 2:39AM
Bad grammar?
Thierry Fortier @ Feb 9th 2008 2:22AM
9inch screen is coming soon...
Andrew Yeomans @ Feb 9th 2008 4:32AM
I reported this on December 19: http://vip.asus.com/eservice/techmaildetail.aspx?ID=WTM200712192037257291&Type=in
So that's the date to measure Asus's response from.
I hope RISE Security has also followed a path of responsible disclosure and given Asus a chance to respond before going public. Doesn't appear so, though.
Rodrigo (BSDaemon) @ Feb 11th 2008 8:35AM
Andrew Yeomans said:
"I reported this on December 19: http://vip.asus.com/eservice/techmaildetail.aspx?ID=WTM200712192037257291&Type=in"
- Well, let´s wait for the Asus´s response so...
I hope RISE Security has also followed a path of responsible disclosure and given Asus a chance to respond before going public. Doesn't appear so, though.
- That´s a dumb comment... really dumb, since the vulnerability is public, with public exploit (also developed by RISE)...