Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger

    Home Forums AskWoody blog Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger

    This topic contains 8 replies, has 6 voices, and was last updated by  OscarCP 10 months, 1 week ago.

    • Author
      Posts
    • #152171 Reply

      woody
      Da Boss

      You can make up your own mind, of course, but last week I posted a reference to Catalin Cimpanu’s report of a massive replacement of HP Synaptics driv
      [See the full post at: Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger]

      1 user thanked author for this post.
    • #152221 Reply

      b
      AskWoody Lounger

      But if someone had to bypass a UAC prompt to edit the registry to enable this disabled keylogger, wouldn’t they have been equally able to install a hidden keylogger of their own choice which could have remained unfound for longer? Not good to have sitting there, but not active until hacked.

    • #152264 Reply

      EyesOnWindows
      AskWoody Lounger

      To really get your dander up, read the article “An alarming number of sites employ privacy invading session replay scripts by Dan Goodin“. It starts off with “No, you’re not being paranoid. Sites really are watching your every move. Sites log your keystrokes and mouse movements in real time, before you click submit.”

      The study‘s “Site list” referred to in that article was updated 30 November 2017 to list 2455 sites.

      HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 1803
      Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 4.00 GB
      EyesOnWindows

      1 user thanked author for this post.
    • #152340 Reply

      OscarCP
      AskWoody Lounger

      If I remember this correctly, Mr. Cimpanu in his original posting in “bleeping computer” gave the world the advice to turn off the Registry entry corresponding to the alleged HP keylogger and showed everyone who cared to read his posting the particular Registry key that needed to be deactivated.

      Perhaps I am wrong, but isn’t doing that the same as what is meant, in the smarmy business-speak of the HP “reassuring” message, that the offending feature has been “defeatured”?

      And, again, unless I am not too off-target here, would not have been reading Mr. Cimpanu’s posting an absolute delight to black hats everywhere, because of that scrumptious bit of information he revealed in his first posting?

      Because, if I am right about that, why should anyone take this getleman’s word seriously  on anything he posts?

       

       

      • #152650 Reply

        b
        AskWoody Lounger

        If I remember this correctly, Mr. Cimpanu in his original posting in “bleeping computer” gave the world the advice to turn off the Registry entry corresponding to the alleged HP keylogger and showed everyone who cared to read his posting the particular Registry key that needed to be deactivated.

        The registry entry was already turned off. Administrative permissions were required to turn it on.

        Perhaps I am wrong, but isn’t doing that the same as what is meant, in the smarmy business-speak of the HP “reassuring” message, that the offending feature has been “defeatured”?

        No, “defeatured” referred to removed code in new drivers which have been available for more than a month.

        And, again, unless I am not too off-target here, would not have been reading Mr. Cimpanu’s posting an absolute delight to black hats everywhere, because of that scrumptious bit of information he revealed in his first posting?

        You could say the same about any article concerning a flaw or any security bulletin announcing a vulnerability. That’s why responsible disclosure requires that a patch has already been made available (or at least that the vendor has had sufficient time to do so).

        Because, if I am right about that, why should anyone take this getleman’s word seriously on anything he posts?

        Don’t shoot the messenger. It wasn’t an exclusive as it was based on an HP Security Bulletin.

        This wasn’t a keylogger but a touchpad tuning utility:
        “The purpose of this tool is to assist in the diagnostic, debug and tuning of the TouchPad. The debug tool does not create a keylogger or text file. The data [format] is in a proprietary binary format.”
        https://www.synaptics.com/sites/default/files/synaptics-touchpad-software-driver-qa.pdf

        The guy who discovered it didn’t even have an HP laptop on which to test his theories: https://zwclose.github.io/HP-keylogger/

        • This reply was modified 10 months, 1 week ago by  b.
        • #152667 Reply

          OscarCP
          AskWoody Lounger

           

          B: Thanks for your comments.

          “Shooting the messenger” Well, not quite, actually more like “playing Devil’s advocate. I felt this topic deserved a more critical discussion than it was having.

          I find your posting informative, but still have misgivings about Cimpanu’s posting in “bleeping computer”.

          For example: if the key he showed in there was already deactivated, it certainly would take Administrator privileges to activate it. But a black hat that can get into one’s machine and subvert its OS to get that far, should be also able to assume Administrator privileges.

          Besides, although the key in question might have been already disclosed in an announcement by HP, it does not make me feel more secure, or particularly grateful, to see the most critical details been broadcast far and wide by the likes of Mr. Cimpanu.

          So: “shoot the messenger”? I wouldn’t, in general, not being of a violent disposition.

          But if he is a dangerously indiscreet messenger…

           

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.