News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    Posted on March 28th, 2019 at 03:51 woody Comment on the AskWoody Lounge

    A fiery condemnation from Zack Whittaker at TechCrunch:

    A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.

    One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners.

    This specific security breach wasn’t directly responsible for the ShadowHammer infiltration, but it demonstrates an incredible lack of concern over simple security procedures.

    Günter Born has additional analysis on his site.

    If that helped, take a second to support AskWoody on Patreon