In the news aggregator we use here I saw a post before the weekend entitled: ASUS Eee PC rooted out of the box. I bookmarked it for today but honestly thought nobody else would see it and if they did, they would see how flimsy the whole thing was and not bother reposting it.
But it turns out that Rise Security, who say they were founded in 2004, yet did not purchase their domain until mid-2006 — in other words: liars or idiots, were taken extremely seriously. But why?
The article’s premise is that they can “hack” a stock Eee PC because it runs a vulnerable version of the Samba server. But I can’t see how this would ever be an issue.
Say you buy one, take it home and turn it on. Are you going to get hacked there and then? No. You don’t have your networking set up. So you turn on WiFi for the first time and connect to the internet. The Eee PC checks for updates (including a patch for Samba). Theoritically if you had somebody inside your network that knew your IP and knew it was a stock Eee PC, they could, theoretically, brute your Samba server.
What’s more likely is you download a few updates and you’re nigh-on-immediately safe.
And this “out the box” thing is nuts. Every OS disk a few months behind the latest patches is horribly insecure. That’s why we have updates people!
While the Eee PC was very successful and ran Linux, it was not clear if Asus planned to continue to use Linux in future products. Asus’s recent announcement of three new Linux-based products indicates their commitment to using Linux.