Welcome to the Net Muslims Forums.
Page 3 of 3 FirstFirst 123
Results 41 to 49 of 49
  1. #41
    Member Array
    Join Date
    Jan 2007


    NSA Backdoor Exploit in Windows 8 Uncovered

    By Jacob Kleinman - August 22, 2013

    An internal document issued by IT experts working for the German federal government warned national agencies and companies not to use Windows 8. The reason? An alleged backdoor exploit has been discovered, and the details were obtained and published by German site Zeit Online. The leaked message suggests that the NSA likely has access to a hidden feature which apparently can’t be shut off and allows Microsoft to remotely control any computer running the software.

    The Windows 8 feature under scrutiny by the German government is called Trusted Computing, a backdoor setting established ten years ago by a number of American tech giants including Microsoft, HP and IBM. Trusted Computing is supposed to protect computers from being manipulated by malicious third parties using viruses or other methods. The chip used to install Trusted Computing on Windows 8 computers allegedly offers Microsoft backdoor access, though the implication appears to be that the American company will extend that power to the U.S. government as well.

    A second leaked report also notes that Windows 7 can “be safely operated until 2020,” implying that the German government may revert to the now-outdated operating system until the current security holes are plugged. However, in response to Zeit Online’s report, the Reichstag issued a statement partially denying claims it would downgrade its software.



    Windows 8 and all later windows operating systems will have a backdoor access for the government to access your PC. Windows 7 is the last “safe” operating system you can use. So it’s best to not upgrade above that for a while.

  2. #42
    Member Array
    Join Date
    Jan 2007


    Delete Your Yahoo Account or Emails

    by Sam Biddle - Oct. 4 2016

    There's no good reason to have a Yahoo account these days. But after Tuesday's bombshell report by Reuters, indicating the enormous, faltering web company designed a bespoke email-wiretap service for the U.S. government, we now know that a Yahoo account is a toxic surveillance liability.

    Reuters's Joseph Menn is reporting that just last year, Yahoo chose to comply with a classified "directive" to build "a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials" - the NSA in particular.

    It's still unknown what the "specific information" here was - or is - but Yahoo CEO Marissa Mayer's decision not to put up any fight against the extremely broad request apparently prompted the departure of then-Chief Information Security Officer Alex Stamos, now head of security at Facebook.

    Reached via Twitter DM, Stamos told The Intercept that he's "not commenting at all on Yahoo." When asked if Facebook had ever received a similar government directive, Stamos replied that he would "pass that to Facebook comms."

    A Facebook spokesperson told The Intercept, "Facebook has never received a request like the one described in these news reports from any government, and if we did we would fight it."

    It remains unclear what form the directive took, though according to Andrew Crocker, an attorney with the Electronic Frontier Foundation, the best guess is that it invoked Section 702 of the Foreign Intelligence Surveillance Act, which permits the bulk collection of communications for the purpose of targeting a foreign individual.

    But this Yahoo program doesn't appear to have had even an ostensibly non-U.S. target. Rather, literally every single person with a Yahoo email inbox was evidently placed under surveillance, regardless of citizenship.

    Crocker said the Yahoo program seems "in some ways more problematic and broader" than previously revealed NSA bulk surveillance programs like PRISM or Upstream collection efforts. "It's hard to think of an interpretation" of the Reuters report, he explained, "that doesn't mean Yahoo isn't being asked to scan all domestic communications without a warrant" or probable cause.

    "The Fourth Amendment implications of that are pretty staggering," Crocker said.

    The Yahoo program, as described, also differs from previous federal data grabs in that the scanning occurred in real time, as messages arrived in a user's inbox, rather than being conducted in an archive of stored communications.

    The fact that every single Yahoo email account was subject to this surveillance seems at odds with figures in Yahoo's transparency report, which claims fewer than 20,000 accounts were tapped at the behest of the U.S. government. It would also appear to run contrary to the spirit of two quotations on Yahoo's transparency site, where Yahoo General Counsel Ron Bell claims, "We fight any requests that we deem unclear, improper, overbroad, or unlawful," and Mayer says, "We've worked hard over the years to earn our users' trust and we fight hard to preserve it."

    The Reuters report is sourced to "two former employees and a third person apprised of the events," rather than government officials - raising the possibility that similar orders have been issued to other major service providers.

    An Apple spokesperson declined to comment on the record when asked if Apple has received or complied with the same or a similar directive, but he pointed to a section from a recent public letter by CEO Tim Cook, which he said was still accurate:

    Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.

    A Google spokesperson provided the following statement: "We've never received such a request, but if we did, our response would be simple: 'no way.'" The spokesperson later clarified that the company has not received a "directive" or "order" to that effect, either.

    "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo," a Microsoft spokesperson said in a statement. The spokesperson would not comment on the record as to whether the company has ever received such a request.

    Asked whether Twitter had ever received such a directive aimed at its messaging system, Nu Wexler, the company's public policy communications chief, replied that "Federal law prohibits us from answering your question, and we're currently suing the Justice Department for the ability to disclose more information about government requests." Twitter filed the lawsuit in 2014.

    In a subsequent statement, Wexler clarified:

    We've never received a request like this, and were we to receive it we'd challenge it in a court. Separately, while federal law prohibits companies from being able to share information about certain types of national security related requests, we are currently suing the Justice Department for the ability to disclose more information about government requests.

    Yahoo issued this statement: "Yahoo is a law abiding company, and complies with the laws of the United States."

    Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in a statement that "the order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit."

    He added: "It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court."

    Here is how to delete your Yahoo account.



    You don't have to delete your account. You can either delete your emails or sign into another account (gmail, outlook/hotmail) and import your email there and not use yahoo as your primary account anymore. It's not that others are any more safer but you an at least avoid the ones that are too eager to give access to your personal information and emails to others.

  3. #43
    Member Array
    Join Date
    Jan 2007


    How to Trump-Proof Your Electronic Communications

    If Donald’s going to be in charge of the surveillance apparatus, we should all take precautions.

    Under President Obama, people became increasingly concerned about government surveillance both at home and abroad. If you thought Obama was bad, though, imagine Donald Trump—known for his vindictiveness and his lack of respect for the Constitution—in charge of the powerful U.S. government surveillance apparatus. While campaigning, Trump called on Apple to break into the phone of one of the San Bernardino shooters and publicly called for a boycott of the company until it did. In the immediate aftermath of Trump’s victory, Twitter was abuzz with online security tips for those concerned with a dystopic surveillance state that could put people—particularly women, minorities, and activists—at risk.

    “All of this advice is good security advice” in general, says Micah Lee, a security engineer and journalist at the Intercept. “A Trump presidency makes it more pressing because Trump seems to be eager to abuse his power, but everyone has been able to abuse their power and do these sorts of things for a long time.”

    The National Security Agency has extraordinary access to data on U.S. citizens, and as John Napier Tye, a former State Department section chief for internet freedom and a whistleblower, wrote in Future Tense last week, the possibility of Trump using it for nefarious purposes—such as collecting and leaking private information on his enemies—doesn’t exactly seem far-fetched. Whether the Obama administration will succeed—or even attempt—to meaningfully rein in NSA powers before Jan. 20 remains to be seen. Government requests to companies make a big difference in whether any steps to limit surveillance are effective, and the Foreign Intelligence Surveillance Court, which approves electronic surveillance in the United States, is already a rubber stamp under Obama.

    For now, here is a look at some of the security tips being suggested and what protection they may provide.

    Two-factor authentication for email

    Two-factor authentication adds an extra layer of security for your email accounts.
    It works by requiring you to enter a temporary code from a phone app (like Google Authenticator) or a text message in addition to your username and password or by plugging a security key such as YubiKey into your USB port.

    But would it protect you if you’re one of Trump’s targets? “I think it depends on how Trump goes about trying to get revenge on his enemies,” says Lee. If you’re an activist under investigation by the Trump Justice Department, two-factor probably won’t help you because the government can just put in a data request into Google to get access to your emails. (It can even send a national security letter accompanied with a gag order.)

    But if you’re using a foreign email provider that’s not responsive to U.S. government requests for data, or if the government is trying to hack into emails, then two-factor may help.

    “Hypothetically, there is such a thing as parallel construction,” says Harlo Holmes, a digital security trainer at the Freedom of the Press Foundation. (Parallel construction is when law enforcement builds parallel evidence for a criminal investigation to conceal how it began—for instance, by hacking without a necessary warrant or approval.) “It’s conceivable that an account that’s easy to hack could be infiltrated by an agency that would use parallel construction to support what they already learned from the hacking.”

    If nothing else, two-factor authentication does offer some protection against run-of-the-mill hackers.

    Virtual private networks

    A VPN can be used to route traffic through an encrypted connection to the VPN’s server.

    It’s not anonymous—the VPN provider knows who you are—but if you’re worried about someone sitting in an unmarked van outside of your house and monitoring your Wi-Fi network (hey, it’s happened before) a VPN could offer some protection. “It has the benefit of giving you a bit of location privacy,” Lee says, because it allows you to log in with the same IP address whether you’re at home, at your office, or at a coffee shop. Otherwise, you may have a different IP address from different locations, which makes it easier to know when you’ve switched locations. (Some workplaces even have their own IP addresses that list the names of the businesses.) Connecting using your carrier’s network may only deliver your general location (usually just the city and state), but authorities could always ask your carrier for specific information. Additionally, commercial outfits such as Skyhook Wireless are capable of providing users of their service with very specific location data based on hotspot IP addresses.

    That said, many VPNs have issues of their own. Some log data, which could easily be handed over to the government in response to a data request. And there are many shady VPNs—and no easy way to verify security claims made by VPNs on their sites (or on the many affiliate-based review sites). You also have to pay for a VPN, usually about $4.99-$15 per month.

    The Tor browser

    Unlike VPNs, the Tor browser (Tor stands for “the onion router”) does offer anonymity by running traffic through multiple relays—and it’s free. Additionally, Tor’s bundled browser has been heavily modified to maximize privacy on the web by disabling Flash and clearing cookies when a window is closed.

    Lee emphasizes that since we don’t yet know what Trump would do, it’s too early to say that you should always use Tor exclusively. Tor is slow and actually blocked by many sites (such as Yelp), and it’s not perfect, particularly when it comes to real-time attacks, as opposed to gathering your data after the fact. “If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit,” Lee says.

    But Tor could well prove useful for individuals perusing potentially sensitive sites—like information on converting to Islam or researching online activism. And as Holmes points out, “Tor has a million other uses.” For instance, it can allow you to look up medical symptoms without your searches becoming a part of an advertisement profile.


    Signal is a scrappy, free phone app created by Open Whisper Systems that’s available for both Android and iOS. Open Whisper Systems can see your metadata, but it doesn’t log it, which limits its ability to turn info over to the government.* When the company received a request for data through a grand jury investigation, it was only able to respond with the most recent time and date the user logged into his or her account.

    The government could theoretically try to force Open Whisper Systems to modify its service to make it more surveillance-friendly (just as it tried to force Apple to do), but Signal is far more secure for things like activist organizing than, say, Facebook groups.

    Passwords and encryption

    Lee says that smartphones are a big attack vector right now and that Android users should enable disk encryption on their phones. (It’s on by default on iOS, but of course you’d need a good password as well.) Using a password manager such as KeePass, 1Password, or LastPass and setting strong, unique passwords for each service you use—as well as your phone—could help you if you are in danger of being detained.

    An uptick in future street harassment by law enforcement is more than possible, with stop-and-frisk proponent Rudy Giuliani being floated as a possible attorney general pick—which would put him in charge of the Justice Department and give him oversight of the FBI. Using strong, unique passwords and encrypting your phone offers protection against run-of-the-mill hackers as well. This is a better option than TouchID, since some courts have ruled that it’s constitutional to force suspects to unlock their phones with their thumbprints, but so far, it seems that forcing users to input passwords is not.

    Company responses

    Some have called for Google, Facebook, and other companies to take greater responsibility for user privacy. For instance, New York Times columnist Zeynep Tufekci tweeted, “tech companies should immediately go to end-to-end encryption and ponder alternative financial models.” Others suggest the companies could give people better tools to scrub their behavioral data. In fact, Google does have some options available for users to prune their account data, which is a good practice, but it’s not clear whether deleting user data is effective against the state—it depends on where Google stores it, for how long, how it’s intercepted, and other factors.

    “If you really need to make sure law enforcement or anyone that Trump is controlling doesn’t have access to a lot of your private information, then don’t give it to Facebook and Google,” Lee recommends. Stick to encrypted messaging apps such as Signal, and consider paying to use email or service providers that you trust and that have a policy of fighting unconstitutional government requests for data, such as Electric Embers or Riseup. (That said, there’s a bit of a trade-off as well—smaller providers that are likely to resist government requests for data have fewer security staffers and are not immune to being hacked themselves.)

    OK, these tips may sound a bit on the paranoid side. But these tools are versatile and offer some protection not just against mass surveillance, but against run-of-the-mill hackers as well. Fear of how a Trump presidency might tap into NSA surveillance capabilities provides a good opportunity to take better stock of our own security and encourage others to do so as well.


  4. #44
    Member Array
    Join Date
    Jan 2007


    Your Apps May Be Spying on You and This is What You Can Do to Prevent it

    Both iOS and Android have a variety of security features built into them in order to provide security to its users. One of them, which is quite important, is the implementation of app permissions. When you are downloading an app, it will request permission to access certain aspects of your device. You must then decide if you want to grant these permissions or not.

    It is great that these operating systems have considered our security (and privacy) to this extent. Unfortunately there is a possibility that these permissions can be used against youfor malicious purposes. Certain apps may indeed be spying on you and collecting your information against your will, among other malicious activities.
    There are steps that you can take to mitigate against this possibility however. These are what we will be exploring in the context of both iOS and Android.

    As of Android 6.0+ and iOS 6+, users have granular control over app permissions. For relatively low-level permissions, apps will be granted access to these automatically by both operating systems.

    If the app needs permission to access functionality which could be harmful to the device’s operation or could compromise the user’s privacy, the user will be alerted and asked if they wish to grant the app permission to access the requested functionality.

    What Are App Permissions And How Do They Work?


  5. #45
    Member Array
    Join Date
    Jan 2007


    Not in front of the telly: Warning over 'listening' TV


    Samsung is warning customers about discussing personal information in front of their smart television set.

    The warning applies to TV viewers who control their Samsung Smart TV using its voice activation feature.

    When the feature is active, such TV sets "listen" to what is said and may share what they hear with Samsung or third parties, it said.

    Privacy campaigners said the technology smacked of the telescreens, in George Orwell's 1984, which spied on citizens.
    Data sharing

    The warning came to light via a story in online news magazine the Daily Beast which published an excerpt of a section of Samsung's privacy policy for its net-connected Smart TV sets. These record what is said when a button on a remote control is pressed.

    The policy explains that the TV set will be listening to people in the same room to try to spot when commands or queries are issued via the remote. It goes on to say: "If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party."

    Corynne McSherry, an intellectual property lawyer for the Electronic Frontier Foundation (EFF) which campaigns on digital rights issues, told the Daily Beast that the third party was probably the company providing speech-to-text conversion for Samsung.
    She added: "If I were the customer, I might like to know who that third party was, and I'd definitely like to know whether my words were being transmitted in a secure form."

    Soon after, an activist for the EFF circulated the policy statement on Twitter comparing it to George Orwell's description of the telescreens in his novel 1984 that listen to what people say in their homes.

    In response to the widespread sharing of its policy statement, Samsung has issued a statement to clarify how voice activation works. It emphasised that the voice recognition feature is activated using the TV's remote control.

    It said the privacy policy was an attempt to be transparent with owners in order to help them make informed choices about whether to use some features on its Smart TV sets, adding that it took consumer privacy "very seriously".

    Samsung said: "If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV."

    It added that it did not retain voice data or sell the audio being captured. Smart-TV owners would always know if voice activation was turned on because a microphone icon would be visible on the screen, it said.

    The third party handling the translation from speech to text is a firm called Nuance, which specialises in voice recognition, Samsung has confirmed to the BBC.

    Samsung is not the first maker of a smart, net-connected TV to run into problems with the data the set collects. In late 2013, a UK IT consultant found his LG TV was gathering information about his viewing habits.

    Publicity about the issue led LG to create a software update which ensured data collection was turned off for those who did not want to share information.



    This is from 2015 but by now expect all smart TVs to be able to listen in and watch you from built in cameras, as well as all smart phones and consoles that comes with built in camera/audio in capabilities.

  6. #46
    Member Array
    Join Date
    Jan 2007


    Do Not USE Google Allo Warns Snowden

    22 Sep, 2016

    Google Allo, the new "smart" chat app launched
    on Wednesday, is 'dangerous' and should be avoided, according to whistleblower Edward Snowden.

    The ex-NSA contractor posted a series of Tweets to warn everyone away from the chat app, which he says will "record every message you ever send and make it available to police upon request".

    Allo, designed to unseat chat pack leader WhatsApp, promises to deliver quick conversations with features like; "Smart Reply" that can guess your answers and respond to messages with just the tap of a button, and "Google Assistant", which answers your questions and helps you search for things directly in your chat.

    How does Allo plan on predicting your every word and witty emoji, you ask? "The more you use it, the more it improves over time," which basically means they'll collect and store as much of your data as possible and then use artificial intelligence to guess your replies.

    However, the efficiency of time-saving typing may end up costing customers their already compromised privacy.

    When Google first announced the introduction of Allo earlier this year they, too, had planned end-to-end-encryption in "Incognito Mode" and assured they would only store messages transiently, rather than indefinitely.

    However, it now appears that Google won't be doing that after all. Wednesday's announcement revealed Google plans to store all conversations that aren't specifically started in "incognito mode" by default.

    As Snowden pointed out, last year every single one of the NSA and FBI's 1,457 surveillance requests was granted by the US foreign intelligence surveillance court... and Allo's stored data (i.e. your data) will be fair game too.

    In contrast, all of WhatsApp's chats are encrypted and unreadable - although they did announce last month that they will now be sharing your contacts and who you talk to with Facebook.


  7. #47
    Member Array
    Join Date
    Jan 2007


    Wikileaks: CIA has tools to snoop via TV

    Wikileaks has published details of what it says are wide-ranging hacking tools used by the CIA.

    The alleged cyber-weapons are said to include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers.

    Some of the software is reported to have been developed in-house, but the UK's MI5 agency is said to have helped build a spyware attack for Samsung TVs.

    A spokesman for the CIA would not confirm the details.

    "We do not comment on the authenticity or content of purported intelligence documents," he said.

    A spokesman for the UK Home Office was unable to comment.

    Wikileaks said that its source had shared the details with it to prompt a debate into whether the CIA's hacking capabilities had exceeded its mandated powers.

    Embarrassment factor - Analysis by BBC's security correspondent Gordon Corera

    These latest leaks - which appear to give details of highly sensitive technical methods - will be a huge problem for the CIA.

    There is the embarrassment factor - that an agency whose job is to steal other people's secrets has not been able to keep their own.

    Then there will be the fear of a loss of intelligence coverage against their targets who may change their behaviour because they now know what the spies can do.

    And then there will be the questions over whether the CIA's technical capabilities were too expansive and too secret.

    Because many of the initial documents point to capabilities targeting consumer devices, the hardest questions may revolve around what is known as the "equities" problem.

    This is when you find a vulnerability in a piece of technology how do you balance the benefit to the public of telling the manufacturer so they can close it and improve everyone's security with the benefit to the spy agency of leaving it in place so they can exploit it to collect intelligence.

    The NSA has already faced questions about whether it has this balance right when many of its secrets were revealed by Edward Snowden, and now it may be the CIA's turn.

    Hacked TVs

    The effort to compromise Samsung's F8000 range of smart TVs was codenamed Weeping Angel, according to documents dated June 2014.

    They describe the creation of a "fake-off" mode, designed to fool users into believing that their screens had been switched off.

    Instead, the documents indicate, infected sets were made to covertly record audio, which would later be transferred over the internet to CIA computer servers once the TVs were fully switched back on, allowing their wi-fi links to re-establish.

    Under a "future work" section, it is suggested that video snapshots might also be taken and the wi-fi limitation be overcome.

    Samsung has not commented on the allegations.
    Apple attacks

    Wikileaks also claims that as of last year, the CIA has built up an arsenal of 24 Android "zero days" - the term given to previously unknown security flaws in code.

    Some of these are said to have been discovered by the CIA, but others were allegedly obtained from the UK's GCHQ agency as well as the NSA and unnamed third-parties.

    Devices made by Samsung, HTC and Sony, among others, were said to have been compromised as a result, allowing the CIA to read messages on Whatsapp, Signal, Telegram and Weibo among other chat services "before encryption is applied".

    It is also claimed that a specialised CIA unit was set up to target iPhones and iPads, allowing the agency to see a target's location, activate their device's camera and microphone, and read text communications.

    The unit is also reported to have made use of further iOS "zero days" obtained from GCHQ, the NSA and FBI.

    "It is longstanding policy that we do not comment on intelligence matters," GCHQ told the BBC.

    "Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate."

    Other claims say the CIA:

    • was trying to find ways to infect vehicles' computer control systems. Wikileaks claims these might have been used for undetectable assassinations
    • had found ways to infect "air-gapped" computers - machines that are not linked up to the internet or other insecure networks. Methods are said to have included hiding data in images or hidden parts of computer storage
    • had developed attacks against popular anti-virus products
    • had built up a library of hacking techniques "stolen" from malware developed in Russia and elsewhere

    Wikileaks describes its release as the first in a series of planned leaks about the CIA's cyber-activities, which it refers to as Vault 7.

    It added that the material had already circulated among hackers who used to work for the US government as well as contractors in an unauthorised manner.

    Analysis: Mark Ward, Technology reporter

    There is a huge amount of information in the CIA data dump but a lot of it, such as its apparent success in compromising smart TVs, is not that surprising. Lone researchers have managed similar hacks, so smart government agents were always going to be able to go further.

    Plus, we kind of know that a lot of the modern internet-of-things gear is broken as all kinds of holes have been found in all kinds of gadgets - including cars.

    What's more interesting is the work said to have been done on iPhone and Android handsets. That's because Apple works hard to make sure iOS is secure and Google has made a real effort lately to secure its operating system. For a spy agency, access to those gadgets is key because they travel everywhere with a target.

    What is likely to hit the CIA the hardest is losing control of all the zero day exploits and malware detailed in the papers.

    It is more than likely that the agency paid millions to build up an arsenal of tools that are guaranteed to work - largely because they are based on flaws, bugs and vulnerabilities that have never been seen before. Operating systems of all stripes are really big haystacks and the information in some of the leaks looks like a good map to all the needles hiding within.

    With the zero days now largely burned the CIA may have to re-trench for a while but it will doubtless have other unused attack tools stored and ready to deploy.

    What's potentially more worrying is that as information about the bugs gets out then cybercriminals and other "bad guys" will pile in and use them.

    We saw that with the zero days released in the much smaller Hacking Team data breach, and there is much more useful data to be found in this trove.


  8. #48
    Member Array
    Join Date
    Jan 2007


    Cover your webcams: Spying through Your WebCams


    Cover your smartTVs: Spying through Your Smart TV


  9. #49
    Member Array
    Join Date
    Jan 2007


    HP laptops found to have hidden keylogger

    Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.

    Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.

    HP said more than 460 models of laptop were affected by the "potential security vulnerability".

    It has issued a software patch for its customers to remove the keylogger.

    The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012.

    In a statement, the company said: "HP uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."

    'Loss of confidentiality'

    Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop.

    He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.

    According to HP, it was originally built into the Synaptics software to help debug errors.

    It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.

    In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.

    At the time, the company said the keylogger code had been mistakenly added to the software.


    Comments: This is why when you buy a new laptop/desktop/tablet, it’s best to wipe it clean and do a fresh install.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts