• TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    Home » Forums » Newsletter and Homepage topics » TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    Author
    Topic
    woody
    Manager
    March 28, 2019 at 3:51 am #345893

    A fiery condemnation from Zack Whittaker at TechCrunch: A security researcher warned Asus two months ago that employees were improperly publishing pas
    [See the full post at: TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it]

    2 users thanked author for this post.
    Elly, PhotM
    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • b
      AskWoody_MVP
      March 28, 2019 at 8:01 am #345923
      woody wrote:

      ASUS was warned of hacking risks months ago,
      A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.

      A day after the ShadowHammer attack was notified to ASUS by Kaspersky (and 3-8 months after the actual attacks).

       

      woody wrote:

      but did nothing about it
      One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners.

      Six days later, he could no longer log in to the mailbox” (eight weeks ago now).

      Doesn’t sound much like “did nothing about it” to me.

       

      Reply | Quote
      • woody
        Manager
        March 28, 2019 at 8:20 am #345932

        (Just to be clear, those are Zack’s words, not mine.)

        Reply | Quote
        • b
          AskWoody_MVP
          March 28, 2019 at 8:30 am #345936

          Zack didn’t say, “but did nothing about it“.

          He did say, “A day after we alerted Asus to the researcher’s email, the repos containing the credentials were pulled offline and wiped clean.”

          Reply | Quote
    • rick41
      AskWoody Plus
      March 30, 2019 at 1:07 pm #346675

      “This specific security breach wasn’t directly responsible for the ShadowHammer infiltration, but it demonstrates an incredible lack of concern over simple security procedures.”

      Three months ago I bought an Asus router (RT-AC68U), but hesitated due to the company’s history of a lax attitude toward router security issues, including failing to keep customers apprised of threats (see link). Asus had even received warnings from the FTC regarding this.   While the router has performed beautifully thus far, it appears that attitude persists — across products —  and I’m now wondering if getting the Asus router was a mistake.

      Computerworld – Asus router warnings on privacy and security

      Reply | Quote
    Viewing 1 reply thread
    Reply To: TechCrunch: ASUS was warned of hacking risks months ago, but did nothing about it

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.