When ASUS's live software update servers were hacked last year, an estimated million-plus computers were infected with a backdoor. But only some 600 were actually being targeted, Kaspersky Lab, which revealed the compromise, said this week.\n\nIt subsequently released a downloadable tool for users to see if one of their computers was among those targeted, but declined to unveil the MAC addresses themselves, concealing them in the tool and protecting them using a salted hash algorithm.\n\nFor some, the temptation was too strong. Aussie cybersecurity company Skylight Cyber (founded by Israeli duo Adi Ashkenazy and Shahar Zini) this week cheekily reverse-engineered the tool to work out what encryption protocol was being used, then brute-forced it to reveal (and publish) 583 of the MAC addresses, saying Kaspersky Lab's approach "does not really serve" the security community.\n\nThe move - and research by others in the community; Skylight Cyber was not alone in cracking the list, although it was the first to publicly publish a plain text version - reveal that the MAC addresses primarily belong to other large technology corporations like Intel, as well as ASUS itself,\u00a0 VMware, AMPAK and more.\n\nhttps:\/\/twitter.com\/360TIC\/status\/1110797967621914625\nShadowHammer Attack: The MAC Addresses\nSkylight Cyber said in a blog initially shared with the Hacker News and now publicly posted, that it used reverse engineering toolkit IDA, a custom-tweaked version of the HashCat password cracking tool and AWS's p3.16xlarge instance (which carry eight of NVIDIA\u2019s V100 Tesla 16GB GPUs: "say hello to my little friend") to crack the encryption on 583 of the MAC addresses in less than an hour, in a "short but sweet" challenge.\n\nhttps:\/\/twitter.com\/SkylightCyber\/status\/1111479177201356800\n\nAs they wrote: "Kaspersky have released an online tool that allows you to check your MAC address against a DB of victim MAC addresses (which is hidden). Good on Kaspersky on one hand, but on the other hand, this is highly inefficient, and does not really serve the security community. So, we thought it would be a good idea to extract the list and make it public so that every security practitioner would be able to bulk compare them to known machines in their domain."\n\nFor how they did it, see the blog. The MAC addresses are here.\n\nAs well as being an entertaining read, it's a sharp reminder that easily available compute power makes brute forcing even the SHA256 encryption protocol viable in a short period of time. As for your average password? Forget it.