• TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    A fiery condemnation from Zack Whittaker at TechCrunch:

    A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.

    One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners.

    This specific security breach wasn’t directly responsible for the ShadowHammer infiltration, but it demonstrates an incredible lack of concern over simple security procedures.

    Günter Born has additional analysis on his site.