Newsletter Archives

  • TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    A fiery condemnation from Zack Whittaker at TechCrunch:

    A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.

    One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners.

    This specific security breach wasn’t directly responsible for the ShadowHammer infiltration, but it demonstrates an incredible lack of concern over simple security procedures.

    Günter Born has additional analysis on his site.

  • ASUS tackles the ShadowHammer breach with improved security

    I just received this official announcement from ASUS:

    ASUS response to the recent media reports regarding ASUS Live Update tool attack

    ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.

    ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.

    Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here:

    Users who have any additional concerns are welcome to contact ASUS Customer Service.

    To be fair, their servers were hit by a very sophisticated hacking group with an amazingly narrow target. My problem isn’t with ASUS. Nor is it with Kaspersky, which uncovered some truly breathtaking black hat technology. My gripe’s with the Chicken Little sounds emanating from Kaspersky PR.

  • ASUS Live Update utility cracked – sophisticated backdoor installed on a million machines, but you don’t need to worry about it

    Kaspersky just released an announcement about Operation ShadowHammer, a truly spectacular hack of ASUS’s update servers that, ultimately, only affects 600 machines with specific hardcoded MAC addresses.

    Mostly it’s a publicity stunt for Kaspersky’s Security Analysts Summit in Singapore in two weeks. But it also makes glittery press.

    Details in Computerworld Woody on Windows.