August 9, 2011
Here's a new one; how about keylogging software pre-installed on brand new laptops, straight from the factory.......BY THE MANUFACTURER!!
The "StarLogger" software was discovered by Mohamed Hassan, founder of NetSec Consulting, after he scanned 2 brand new Samsung laptops [model numbers R525 and 540].
StarLogger auto starts with Windows and records all keystrokes made on the computer. It can be difficult to detect, and can be set to periodically and surreptitiously send e-mails containing information gleaned from the computer to a preset e-mail address, with screen capture images attached.
When Hassan first contacted Samsung to report this intrusion they referred him to Microsoft, saying all they did was manufacture the hardware. However, a senior supervisor at Samsung finally admitted that they had indeed installed the software on the laptops in order to monitor machine performance "and to find out how it is being used."
In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.
Good grief!!
Sounds as though users should be adding one more essential security step to the conventional strategy.....i.e. thoroughly scan any brand new machine as soon as possible!!
Or do you do that already??
August 11, 2011
I do one better - I boot and nuke the machine and install Windows from scratch.
And of course, by breaking the seal on the laptop you agree to do whatever it is they want from you...
August 11, 2011
This is now being reported as "incorrect":
[url:q9q3elbp]http://www.pcworld.com/article/223823/samsung_series_9_laptop_shows_no_signs_of_spyware.html[/url:q9q3elbp]
Samsung is (naturally) denying any such claim.
September 17, 2008
Hi Jim:
This from CNET about keylogger in laptops from Samsung
September 17, 2008
Sorry Jim forgot the link
[url:ibt01fze]http://news.cnet.com/8301-31921_3-20049259-281.html?part=rss&subj=news&tag=2547-1_3-0-20[/url:ibt01fze]
August 11, 2011
WHOA! Everyone settle down. It's not true. Repeat, this is a false report!
http://nakedsecurity.sophos.com/2011/03 ... y-software.
Don't give it another thought. People react far too quickly to this stuff and that's understandable, but often it's over-reaction.
August 9, 2011
[quote:3ue2c8oc]WHOA! Everyone settle down. It's not true. Repeat, this is a false report![/quote:3ue2c8oc]
Ken - What [i:3ue2c8oc]are[/i:3ue2c8oc] you on about? That's exactly what the previous posts have all been saying!!
[quote:3ue2c8oc]Sorry Jim forgot the link[/quote:3ue2c8oc]
Nightowl - LOL....never done that myself.
Thanks Guys, just caught up with this latest news this morning.
Seems the "Vipre" AV software has caused a little embarrassment for Mohamed Hassan by reporting a false positive and Samsung are in the clear.
It is an interesting concept though. I wonder how many manufacturers have actually considered it but then decided not to go ahead simply because of the potential to damage their reputation.
I also think it reflects badly on manufacturers public image [in general] that a report such as this could be so readily accepted as believable.....the "I wouldn't put it past them" syndrome?
Or maybe I am more cynical than the average.
Cheers guys....Jim
August 11, 2011
Honestly, I see so much of this false reporting and scare-mongering that I just have no tolerance for it anymore. Sorry, but I didn't read any of the other links, just figured everyone was perpetuating the scare. Sorry, my bad, reverse dramatization, I guess.
Before I post ANYTHING about scary stuff like this, I often spend up to an hour or more researching it. Because if I was to post a fake scare based on a false positive on my Security Corner blog at TechTarget, they are likely to reprimand me for it.
And I deal with people who actually open things like the UPS Notification spam that has been floating around. Don't people know that if they get 500 of those things at once that it can't be real? Sheesh!
Forgive my lapse of temper and realize that I, too, am human, even though the 'net now has me labeled as the "Sheikh of Geek"
August 9, 2011
Agree 100% Ken. If everyone started reporting false positives, flagged by errant security software, as real/legitimate threats it would be bedlam!!
I find it unbelievable (and incredibly naive) that Mohamed Hassad (so-called security 'expert') did not bother to double check and confirm Vipre's findings [via other security programs] before actually reporting the incident on the net.....it ain't exactly rocket science!! Thankfully his claims were very quickly disproved.
I guess the embarrassment he would now be suffering through his ill considered action would be punishment enough.
"The Sheikh of Geek" eh?......Is that a good thing??
August 11, 2011
[quote="ozbloke":2h6mfmo0]"The Sheikh of Geek" eh?......Is that a good thing?? [/quote:2h6mfmo0]
Well, the people who have assigned me that moniker are some of your fellow Aussies, so I have to assume those blokes know what they're talking about!
Have not figured it out yet, but I seem to get on with you folks living in Oz. Have a good fellow in Perth, WA I chat with all the time and one in Palmerston, NT. Then there's the Sheila, Cindy, from Adelaide. Hell, I feel like I ought to throw some shrimp on the barbie and pop a couple of Tooheys or XXXXs.
But, don't pay any attention to this codger, mate! I'm just enjoyin' me grog...
G'day!
