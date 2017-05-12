HP Issues Fix For Keylogger Found On Several Laptop Models (zdnet.com) 26
HP says it has a fix for a flaw that caused a number of its PC models to keep a log of each keystroke a customer was entering. The issue, caused by problematic code in an audio driver, affected PC models from 2015 and 2016. From a report: HP has since rolled out patches to remove the keylogger, which will also delete the log file containing the keystrokes. A spokesperson for HP said in a brief statement: "HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue." HP vice-president Mike Nash said on a call after-hours on Thursday that a fix is available on Windows Update and HP.com for newer 2016 and later affected models, with 2015 models receiving patches Friday. He added that the keylogger-type feature was mistakenly added to the driver's production code and was never meant to be rolled out to end-user devices. Nash didn't how many models or customers were affected, but did confirm that some consumer laptops were affected. He also confirmed that a handful of consumer models that come with Conexant drivers are affected.
Fine. (Score:1)
Re: (Score:2)
From what I saw yesterday, the "explanation" is:
1: mediocre programmer guy wants to check the keystrokes that affect volume control, adds a keylogger to the code for debugging
2: poor version control, or a total lack thereof, combined with lack of code review, allows "temporary" debugging keylogger code to become part of and remain enabled in main-line production code
3: someone eventually discovers it and SHTF
In other words, Hanlon's Razor. [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
HP Issues Fix For Keylogger Found On Several Laptop Models
More like "HP Issues Fix For Keylogger SECRETLY INSTALLED On Several Laptop Models"
Wipe it (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Because it is a driver, and Microsoft writes as few of those as it can.
Re: (Score:2)
Re: (Score:2)
Never ever do a reinstall on your only available computer.
Re: (Score:2)
Same, but Windows 8/8.1
I have precisely three drivers listed in my WDS driver packages.
One is for an IBM BladeCenter SAS RAID controller that blue-screens with the default Windows one (so all the blades have to start using that driver from the very first boot or they will blue-screen, even if you push updates later).
Two for gigabit-network cards that aren't covered by plain Windows install disk / WDS installs (purely to kick-start them being able to get out to Windows Update and download a better driver and
Flaw? (Score:1)
A fully functioning keylogger is a flaw?
Patch in Question (Score:2)
Is it just me, or is this patch that difficult to find? I know google is my friend, but this is just sad.