Originally published at: https://boingboing.net/2017/12/11/keyloggers-preinstalled-on-man.html
…
Might affect other maufacturers as well, as HP said that this "impacts all Synaptics OEM partners”.
Check out the comments as well.
This is why friends don’t let friends use an off-the shelf PC. Always, wipe and reinstall from a clean windows source. the extra time needed to find and get all the drivers is well worth the reduced aggravation from crapware and the increased stability, security, and privacy.
(eta: deleted and reposted as an original comment instead of a reply, sorry)
The source here is the drivers.
Oh man this comment:
I can forsee a future when software developers go to jail for their stupid mistakes, that’s my prediction.
I recall saying this in college. I graduated in '02. It looked like it might become true at one point, but nope!
I recall can’t recall ever even reading about someone indicted for a bug.
I predict revisiting this idea in a similar fashion come 2035ish?
I’ve been putting off replacing the HDD with an SSD from a previous laptop on my new one… guess this is as good a push as any.
No one would ever go to jail for this. The logging is off by default and you need admin access to change the registry to turn it on. Then you need to exfiltrate the logs. Any attacker would be better off installing their own keylogger. It’s still a flaw that needs to be patched but it’s far from a crime.
Oh yeah, this is nothing compared to the stuff we have seen people not prosecuted for in the past 15 years. Was just calling out the comment as wishful thinking at best.
Yeah, knowing The Register’s commenters it’s somewhere between righteous indignation and willful ignorance.
Let me see if I understand this. There is a debug setting left in a piece of software that gets installed by manufacturers. This setting could be turned on if an attacker can acheive a local execution exploit.
If they alreayd acheived that, why do they need this? They can just install a key logger of their own.
It’s amazing to me how many people in my industry are completely ignorant of computer security. How many, like, all. Our corporate website, which holds all my client data, including HIPAA-protected health information, requires the use of Internet Explorer. I could name two other major players in health insurance that force agents to run Internet Explorer in order to enroll people. The sites literally will not run on Firefox or Chrome.
Does anybody know how this happens? Surely there isn’t an HTML tag that says [Firefox=SCREW]… is there? Is there some popular site-building suite that puts in a Chrome blocker? Is it, perchance, Microsoft brand?
Got my Elitebook Folio all cleaned up this morning.
I feel so safe now!
Now where did I put my phone? Oh! That cool app I got last week will fix that!
And I gotta adjust the temp on my Nest thermostat.
And check my IoT fridge for beer on THIS app
And…
This topic was automatically closed after 5 days. New replies are no longer allowed.