Some people try to match their newly-purchased computer to their furniture, or, if it is a portable one, to their pieces of jewelery. Some other would rush an install their favorite pieces of software, perform their visual tweaks and set it up for long hours of work. There is yet another category of buyers that reminds me somehow of the Soviet Union and the industrial espionage. They try to hack into the device, see how things work, then close it back and hope to work again.

This is the case of a security group that tried (and succeeded) to hack into a cheap, pretty and extremely popular unit of Asustek Eee sub-notebook PC. Unfortunately for the million of users that already own a device of its kind, the hacking operation did not require a screwdriver and a soldering iron, as some bolder users have imagined, but some brains and minimalistic hacking skills.

The Eee sub-notebooks come with an eye-candy distribution of Linux, called Xandros. It is based on the Debian architecture, so its vulnerabilities are inherited from the latter. Although Linux is more difficult to exploit than Microsoft's Windows operating systems, it is not bullet-proof, and the Asustek Team should have looked more carefully on what they bundled with the operating system.

The vulnerability resides in a vulnerable version of Samba (Samba lsa_io_trans_names Heap Overflow) on a factory-default distribution of Xandros Eee PC. This vulnerability can be easily exploited and used in order to gain root access to the affected machine. Since the Eee PC is mostly used by business users due to its organizer-like abilities, it is easy to draw the conclusion that pretty important data can reach the hands of unauthorized users.

I cannot help noting the fact that the Linux-based operating systems has been quite a pain in the back for the Asus team, that has been accused of GNU/GPL license violations in the past. However the incident should bring another "E" to the existing triad: Easy to Learn, Easy to Work, Easy to Play, Easy to root.