Eee PC vulnerability: All that glitters…

At the end of last week, RISE Security (a Brazilian research group) posted a blog entry announcing that they had rooted the popular Asus Eee PC. It would appear that the machines are running a vulnerable version of Samba [1] which can be targeted by hackers in order to compromise the box.

Should we be surprised? No. But the Eee PC runs Linux, so should be safe? No. The fact is that all software is prone to vulnerabilities. It is true that certain operating systems or certain applications can affect how likely you are to be successfully attacked, but nothing is foolproof.

One of the real issues with the Eee PC is that the box is designed for ease of use, and so targeted at the novice as well as the geek. The novice will not care for the details of the vulnerability nor how it could be attacked. Neither will they care about installing other operating systems on the machine. They will be using the machine as per the key features outlined on the packaging.

Clearly, shipping any product with a known exploitable vulnerability is not good. But this case is less about any inherent weakness or flaw with the Eee PC, and more about the dangers of how users perceive technology. Simple technology requires simple security, which in this case means having an update mechanism that ‘just works’.