Subject: General Tech | December 14, 2017 - 12:09 PM | Alex Lustenberg
Tagged: video, vesa, toshiba, titan v, synaptics, Silverstone, shazam, radeon, podcast, PBT, nvidia, nervana, keylogger, jonsbo, Intel, hp, hdr, corsair, Clear ID, apple, amd, Adrenalin, 14tb
PC Perspective Podcast #479 - 12/14/17
Join us for discussion on NVIDIA Titan V, AMD Adrenalin, and more!
The URL for the podcast is: http://pcper.com/podcast - Share with your friends!
- iTunes - Subscribe to the podcast directly through the iTunes Store (audio only)
- Google Play - Subscribe to our audio podcast directly through Google Play!
- RSS - Subscribe through your regular RSS reader (audio only)
- MP3 - Direct download link to the MP3 file
Hosts: Ryan Shrout, Josh Walrath, Jeremy Hellstrom, Allyn Malventano,
Peanut Gallery: Ken Addison, Alex Lustenberg
Program length: 1:12:23
Subject: General Tech, Mobile | December 12, 2017 - 02:37 AM | Tim Verry
Tagged: synaptics, security patch, security, keylogger, hp, Cyber Security
HP has issued security patches for more than 460 models of the company's laptops and thin clients to address a hidden keylogger present in the Synaptics touchpad drivers. Discovered by security researcher Michael Myng while delving into the Synaptics Touchpad Software in an attempt to change the backlight behavior of the keyboard, the keylogger was reportedly built into the software stack to debug errors. While it shipped to customers disabled by default, an attacker that was able to achieve administrative privileges could change the appropriate registry value and enable keylogging to locally record all of the user's keystrokes without their knowledge. Further malicious code or local physical access could then be used to retrieve data for analysis of possible passwords, usernames, account numbers, and other personal information.
Image courtesy Robbert van der Steeg via Flickr Creative Commons
HP claims in its security bulletin that at no time did it or Synaptics have access to customer data and that this security vulnerability is a "local loss of confidentiality" and should be acted upon as soon as possible by downloading the security patch for your laptop from HP or by running Windows Update.
According to the HP security bulletin, the vulnerability reportedly affects all Synaptics OEM partners including HP that have shipped systems with certain Synaptics Touchpad driver versions. In the case of HP this includes commercial / enterprise notebooks, tablets, thin clients, and mobile workstations from their G2, G4, G6, Elite X2, EliteBook, Thin Client, ProBook, Spectre Pro, Stream, X360, and ZBook Mobile Workstation series and consumer devices with Compaq, Beats, ENVY, OMEN, Pavilion, Spectre, Split, Stream, and even the 15" Star Wars Special Edition laptop!
While this is a serious security risk, there is no need to panic. You should apply the patch manually or through Windows Update as soon as possible, but so long as you have been and continue to follow security best practices (strong passwords, running anti-virus and anti-malware scans regularly, restricting physical access, and not running as administrator on your daily driver user account, ect) you should be safe as there are several steps that would need to be completed before an attacker could take advantage of this hidden keylogger, especially remotely.
You can find the full list of affected laptops and their associated security patches on HP's support website. For a PGP signed version of the page you can email email@example.com.
Subject: General Tech | May 12, 2017 - 02:05 PM | Jeremy Hellstrom
Tagged: hp, keylogger, security
The poorly thought out feature HP added to their audio driver in some past models of laptops can now be removed. The previous driver listened for a certain key to be depressed actually recorded all keystrokes made by the user and stored the information in plain text under the Public profile. The file was deleted each time the computer restarted but could still exist in backups, you should check for MicTray.log in those backups. Slashdot reported this morning that HP has released a fixed driver which you should grab from Windows Update or HP.com immediately.
"HP says it has a fix for a flaw that caused a number of its PC models to keep a log of each keystroke a customer was entering. The issue, caused by problematic code in an audio driver, affected PC models from 2015 and 2016."
Here is some more Tech News from around the web:
- Microsoft confirms coming keyboard support for Xbox One games @ Ars Technica
- Microsoft's Windows 10 ARM-twist comes closer with first demonstration @ The Register
- Intel breathes $2bn sigh of relief over patent trial @ The Register
- Avast blocks the entire internet – again @ The Register