Factory-fresh ASUS Eee PC vulnerable to hackers

by Paul Miller posted Feb 8th 2008 at 7:10PM

Everybody's ritual when they get a new computer is different: some people start installing their favorite programs, some people set their desktop picture to Pushing Daisies (not us, other people... who aren't us), and others check for vulnerable processes that might allow hackers to gain root access. RISE Security falls into that latter category, and spotted a vulnerable version of Samba on a virgin Xandros Eee PC. They ran a pre-built exploit they had for just an occasion, and found that they can indeed root the system through ill-gotten means. No word if there's an update available to patch this hole, but in the interim keep an eye out for scruffy-looking men wearing skull and crossbone paraphernalia snooping around your network.

[Thanks, Eliot]

Filed under: Laptops

Tags: asus, eee pc, EeePc, hack, root, rooted, samba, xandros

Subscribe to these comments

Reader Comments (Page 1 of 1)

Low Ranked

Nathan @ Feb 8th 2008 7:19PM

I think that the bezel on the Eee is like that mole on that really pretty woman's face who works in the cubicle down from yours. Oh sure, she's really nice and makes pretty good conversation, maybe you'd even consider taking her out for coffee, but the whole time all you can think about is that damn mole.

Neutral

Nathan @ Feb 8th 2008 7:20PM

Seriously, that's so distracting, I wish you would just go get it removed!

Highly Ranked

skulldriveshaft @ Feb 8th 2008 7:24PM

You gonna say that to Cindy Crawford?

Neutral

Nathan @ Feb 8th 2008 7:27PM

Yes actually. Even in her heyday I didn't find her particularly attractive.

Neutral

roman.kim @ Feb 8th 2008 7:31PM

That is exactly why I got a black one. And I've got XP on mine, so I can actually get something done.

Neutral

kojo87 @ Feb 8th 2008 8:43PM

you seriously thing Windows is the only OS that can accomplish anything Roman? by no means am i anti Windows but you have to admit that is an extremely narrow minded approach. just because Linux is different doesn't meant it not as capable. in fact its more capable than XP on a low powered machine like this. the only reason i really keep Windows on my desktop is for games and media. if i could get Steam and my graphics card working properly on Ubuntu, i would probably switch completely.

Neutral

manimal @ Feb 9th 2008 10:09PM

kojo87: I agree, but lately wine's been so good that it actually plays better on my ubuntu install than on my windows install.

Low Ranked

MarkZ @ Feb 8th 2008 7:24PM

Oh, oh, but Linux is so perfectly secure and unhackable...

Neutral

paul34 @ Feb 8th 2008 7:25PM

I was also under the impression that Jesus used Linux.

Neutral

skulldriveshaft @ Feb 8th 2008 7:39PM

What distro are you talking about?

smbd is a daemon primarily used for hooking up with windows networks (SAMBA).

someone would have to be actively sniffing for a telltale EEE user identifier in the air, so getting rooted is a little out there.

you can always migrate straight to Ubuntu to avoid the security issues of Xandros, because if a distro is giving you root without a password, doesn't have multiple user logins, doesn't have a screen lock, probably has some high security requirements missing.

On the other hand, using the EEE for what it was intended for, browsing, typing, viewing, it won't really matter, just do a system re-install once a month to keep it all clean.

Neutral

Pc_Madness @ Feb 8th 2008 11:46PM

I think this was a hole that was patched a while back, so its just Asus being lazy really.

Neutral

silverblackvoid @ Feb 9th 2008 6:16AM

@paul34

Jesus uses Unix!

Neutral

Bladefree21 @ Feb 8th 2008 8:24PM

Who isn't vulnerable to hacking.. How long does it take to hack an iPhone..

Highly Ranked

Derek @ Feb 8th 2008 10:09PM

Everything that is connected to the web can get hacked. Period.

Neutral

Mike @ Feb 8th 2008 10:09PM

As of matter of course, no matter who made it or what it is I reload
everything a by before I use it. In this case ubuntu all the way.
Never trust a manufacture to get it right.

http://packratstudios.com

Neutral

ugg.tryptophan @ Feb 8th 2008 10:15PM

nothing is safe from hackers, not even your virginity

Neutral

Thierry Fortier @ Feb 9th 2008 2:22AM

why I still virgin?

Neutral

abarkett @ Feb 9th 2008 2:39AM

Bad grammar?

Neutral

Thierry Fortier @ Feb 9th 2008 2:22AM

9inch screen is coming soon...

Neutral

Andrew Yeomans @ Feb 9th 2008 4:32AM

I reported this on December 19: http://vip.asus.com/eservice/techmaildetail.aspx?ID=WTM200712192037257291&Type=in

So that's the date to measure Asus's response from.

I hope RISE Security has also followed a path of responsible disclosure and given Asus a chance to respond before going public. Doesn't appear so, though.

Neutral

Rodrigo (BSDaemon) @ Feb 11th 2008 8:35AM

Andrew Yeomans said:

"I reported this on December 19: http://vip.asus.com/eservice/techmaildetail.aspx?ID=WTM200712192037257291&Type=in"

- Well, let´s wait for the Asus´s response so...

I hope RISE Security has also followed a path of responsible disclosure and given Asus a chance to respond before going public. Doesn't appear so, though.

- That´s a dumb comment... really dumb, since the vulnerability is public, with public exploit (also developed by RISE)...