• TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    Home » Forums » Newsletter and Homepage topics » TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    Author
    Topic
    woody
    Manager
    March 28, 2019 at 3:51 am #345893
    Options

    A fiery condemnation from Zack Whittaker at TechCrunch: A security researcher warned Asus two months ago that employees were improperly publishing pas
    [See the full post at: TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it]

    2 users thanked author for this post.
    Elly, PhotM
    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • b
      Manager
      March 28, 2019 at 8:01 am #345923
      Options
      woody wrote:

      ASUS was warned of hacking risks months ago,
      A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.

      A day after the ShadowHammer attack was notified to ASUS by Kaspersky (and 3-8 months after the actual attacks).

       

      woody wrote:

      but did nothing about it
      One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners.

      Six days later, he could no longer log in to the mailbox” (eight weeks ago now).

      Doesn’t sound much like “did nothing about it” to me.

       

      Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

      Reply | Quote
      • woody
        Manager
        March 28, 2019 at 8:20 am #345932
        Options

        (Just to be clear, those are Zack’s words, not mine.)

        Reply | Quote
        • b
          Manager
          March 28, 2019 at 8:30 am #345936
          Options

          Zack didn’t say, “but did nothing about it“.

          He did say, “A day after we alerted Asus to the researcher’s email, the repos containing the credentials were pulled offline and wiped clean.”

          Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

          Reply | Quote
    • rick41
      AskWoody Plus
      March 30, 2019 at 1:07 pm #346675
      Options

      “This specific security breach wasn’t directly responsible for the ShadowHammer infiltration, but it demonstrates an incredible lack of concern over simple security procedures.”

      Three months ago I bought an Asus router (RT-AC68U), but hesitated due to the company’s history of a lax attitude toward router security issues, including failing to keep customers apprised of threats (see link). Asus had even received warnings from the FTC regarding this.   While the router has performed beautifully thus far, it appears that attitude persists — across products —  and I’m now wondering if getting the Asus router was a mistake.

      Computerworld – Asus router warnings on privacy and security

      Reply | Quote
    Viewing 1 reply thread
    Reply To: TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    September 2023
    S M T W T F S
     12
    3456789
    10111213141516
    17181920212223
    24252627282930

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.