Eee PC Default Security – Some Attention Needed
February 11, 2008

Declan Ingram talks about the news article on Rise Security and the Eee PC:

News this morning of the remote vulnerability in the ASUS EeePC (http://eeepc.asus.com/global/) doesn’t really come as a surprise. Vulnerabilities in default installs are really nothing new.

As an avid EeePC fanboi, this one does annoy me. (FYI – It took us about 4 seconds to do it when I purchased mine a few weeks back…..well a little more, I only slightly exaggerate). The guys at RISE are attacking a vulnerability in Samba – (http://www.zerodayinitiative.com/advisories/ZDI-07-033.html) which was released May 15, 2007.

It’s now Feb 11th, 2008, and as I check the EeePC software update program there is still no update.

C’mon guys – get it together. You can’t ship a custom OS and then not update it. You are using non-open-driver hardware so I can’t easily roll my own choice of OS (which, of course is www.openbsd.org) The Samba team have made the patches, you have even setup the update channels – this is just being lazy.

Comments (2)
Posted in: Bad Stuff, Dumb Security, Industry Specialists Talk, Research, Vulnerability Management


  1. Anon says:
    February 12, 2008 at 9:42 pm

    Declan, it seems no secret. Can you tell us your method as to how you so easily do this?

  2. Declan Ingram says:
    February 13, 2008 at 8:09 am

    @Anon,

    The guys at RISE do a good writeup here :

    http://www.risesecurity.org/blog/entry/6/