Aspire One: Linpus shipped with developers .bash_history

Photo: Mountainbread on Flickr.

… including their internal IP-numbers, usernames and passwords.

I sent an e-mail three days ago to marketing@linpus.com (only contact adress on their website), info@acercomputer.se (listed as Swedish contact on Acers site), support@acercomputer.se and security@acer.com about this advicing them to change their passwords and take other necessary steps that might be needed to secure their environment.

All bounced except marketing@linpus.com from which I have yet to receive an answer.

Not so nice for them but it’s funny reading.

From the beginning of the file:

ls -a
rm .AME/ .bash_history .cache/ .dbus/ .gsynaptics/ .lftp/ .PIMDS/ .update-notifier/ -rf
ls

Yeah… doing that do not remove the current sessions history. Sorry guys

Out of 982 lines in the file, 423 are “ls” variants and 51 “lftp”:

¤¤¤¤¤¤¤@¤¤¤:~/$ wc -l linpus_roots_bash_history.txt
982 linpus_roots_bash_history.txt
¤¤¤¤¤¤¤@¤¤¤:~/$ grep ls linpus_roots_bash_history.txt | wc -l
423
¤¤¤¤¤¤¤@¤¤¤:~/$ grep ftp linpus_roots_bash_history.txt | wc -l
51

I found this after doing a restore of the unit so it might be that this file is only on the restore image. I have no way of checking this, so if anyone that has not restored their unit feels like checking this please do so and then give me your results in the comments section.

Also, if someone has the official security contact for Acer I would appreciate that.

Cheers,