SplashTop Security Hole Still Exists
Phoronix: SplashTop Security Hole Still Exists
Back in August we were the first web-site to share how SplashTop Linux could be hacked and the following month we shared about a SplashTop security problem where the contents of any attached hard drives are exposed freely to the network, if you're not running a hardware firewall. This issue was discovered by Kano, a Phoronix Forums member and the developer behind the Kanotix distribution...
The security aspect is only one thing. The version from the hp homepage (version 220.127.116.11) is really bad in other ways too. First of all they use ndiswrapper instead of native iwlagn/iwl4965 driver. Then there are basically no standard LAN drivers at all there not even the ones needed for VMs, you have to use WiFi if you want or not (as hack you can replace the kernel.bin by another one, but then the branding is a mix between Asus and HP). Pidgin can not connect to ICQ. When you watch the Voodoo video on the Splashtop website they use Wifi, use Pidgin, but do NOT connect via LAN or try ICQ (just because it is impossible!). To make it harder for newbees to try the system on different PCs the ce_bz file is now missing in newer ExpressGate builds and does not exist in Voodoo IOS, but you can strip the first 1536 bytes from another one you have got already and put that header in front of the cefull file and you can boot it with any standard bootloader (or just reuse another ce_bz). The fully positive review video is a real joke when you have got deeper knowledge about the system.
Last edited by Kano; 10-26-2008 at 12:22 PM.