Do you own a Hewlett-Packard (HP) laptop?

Yes?

Just stop whatever you are doing and listen carefully: Your HP laptop may be silently recording everything you are typing on your keyboard. While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes.

In general, Keylogger is a program that records every keystroke by monitoring every key you have pressed on your keyboard. Usually, malware and trojans use this ability to steal your account information, credit card numbers, passwords, and other private data. HP computers come with Audio Chips developed by Conexant, a manufacturer of integrated circuits, who also develops drivers for its audio chips. Dubbed Conexant High-Definition (HD) Audio Driver, the driver helps the software to communicate with the hardware. Depending upon the computer model, HP also embeds some code inside the audio drivers delivered by Conexant that controls the special keys, such as Media keys offers on the keypad.

Keylogger Found Pre-Installed in HP Audio Driver

According to researchers, the flawed code (CVE-2017-8360) written by HP was poorly implemented, that not just captures the special keys but also records every single key-press and store them in a human-readable file. This log file, which is located at the public folder C:\Users\Public\MicTray.log, contains a lot of sensitive information like users' login data and passwords, which is accessible to any user or 3rd party applications installed on the computer. Therefore, a malware installed on or even a person with physical access to a PC can copy the log file and have access to all your keystrokes, extracting your sensitive data such as bank details, passwords, chat logs, and source code.

"So what's the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP?" Modzero researchers question HP.

In 2015, this keylogging feature was introduced as a new diagnostic feature with an update version 1.0.0.46 for HP audio drivers and existed on nearly 30 different HP Windows PC models shipped since then.

Affected models include PCs from the HP Elitebook 800 series, the EliteBook Folio G1, HP ProBook 600 and 400 series, and many others. You can find a full list of affected HP PC models in the Modzero's security advisory. Researchers also warned that "probably other hardware vendors, shipping Conexant hardware and drivers" may also be affected.

How to Check if You are Affected and Prevent Yourself

If any of these two following files exist in your system, then this keylogger is present on your PC:

• C:\Windows\System32\MicTray64.exe
• C:\Windows\System32\MicTray.exe

If any of the above files exist, Modzero advises that you should either delete or rename the above-mentioned executable file in order to prevent the audio driver from collecting your keystrokes.

"Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools," researchers warned. "If you regularly make incremental backups of your hard-drive - whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups."

Also, if you make regular backups of your hard drive that include the Public folder, the keylogging file in question may also exist there with your sensitive data in plain text for anyone to see. So, wipe that as well.

Source: https://thehackernews.com/2017/05/hp-audio-driver-laptop-keylogger.html

Hi,

There is a new update for Java please ensure you use the latest version 8 update 71 Download

If you have any questions feel free to comment or open a ticket.

Your EasyCommand Team

Have you made the move to Windows 10 already?

If so, and you live in a part of the world where internet connectivity isn't merely "on" or "off", but can be somewhere in between - in other words, if you have to keep your usage inside a data cap - then you need to know about WUDO.

WUDO is short for Windows Update Delivery Optimization, and it's a great feature that may very well make updates on your home network much slicker.

But it could cost you money, and it's opt-out, not opt-in, so you need to be aware of it.

→ A data cap, for those fortunates who have never experienced one, is a data transfer ceiling above which you typically either pay more, or endure a slowdown, until the end of the month. Excess data charges are often very high (you might prefer the word extortionate), and throttled data rates may be turgidly slow (you might prefer the word unusable). Caps typically kick in after anywhere from hundreds of megabytes to tens of gigabytes, depending on your country, your ISP and your internet plan. Some caps count downloaded data only; others add up all your network traffic, both in and out.

Like torrenting, only different

The easiest way to explain WUDO is to say that it's just like Bittorrent, or any similar peer-to-peer (P2P) file sharing network, only different.

Your PC connects to Microsoft, downloads a trusted list of files that it needs for the update, and then asks around on the network to see if anyone else nearby has any of those files handy.

At worst, your PC will end up downloading the latest patches all the way from Microsoft; at best, it will get the files straight from another computer on your home network that already fetched the update.

This means that if you have three PCs to update, and each needs 1GB of updates, and 1GB takes three hours to download on your 1Mbit/sec internet link, you don't have to wait nine hours for the update to come down the line three times.

If you're lucky, only one PC will need to visit the outside world, whereafter the other two will simply grab the matching files from their neighbours on your home network, typically 10 to 100 times faster.

In fact, WUDO not only looks for other computers on your own internal network – it also tries, just like Bittorrent, to find other computers on the internet that can help you out.

That not only spreads the load beyond Microsoft's core servers, which is good for resilience, but also lets your PC choose update sources that are nearby, which is good for throughput.

But it raises three important issues:

• Is it safe to get trusted updates from untrusted computers?
• Do you have to give to receive?
• Is this the default setting?

The answers are, "Yes," "Yes," and "Yes."

Trusted data over untrusted links

As long as your PC downloads a list of the files it needs – a so-called manifest, or cryptographically-signed catalog – directly from an official Microsoft server first, you're safe.

Your PC can validate cryptographically that it received the same file that it would have acquired directly from Microsoft, even if the download came from one or more unknown third parties.

If any downloaded components are damaged or modified, whether by accident or design, they can be discarded and fetched again.

Giving to receive

The "giving to receive" issue could be a problem if you have a capped or metered data plan.

If you have multiple PCs, you're always likely to save bandwidth, provided that WUDO doesn't let other people upload from you more than you download in total.

But if you have just one Windows 10 computer and a metered connection, WUDO might end up costing you money.

After all, you'll always have to download the entire update from the outside at least once.

So if you only get to make use of it once, anything you later upload to others, no matter how helpful to them, is additional update traffic for you.

On by default

In other words, if you have a metered conection, you need to know that full-blown WUDO is on by default in Windows 10.

Fortunately, it's easy to change...

...once you know how.

Go to the not-actually-very-obvious Settings → Updates and Security → Advanced options → Choose how you download updates → Get updates from more than one place.

Your choices are:

1. Off. Your computer calls home to Microsoft, and gets updates only from there.
2. PCs on my local network. WUDO will "torrent-share" files, but only between computers on your own LAN.
3. PCs on my local network and on the internet. You'll potentially get files from, and offer file uploads to, computers anywhere in the world.

If you have more than one PC on your own LAN, the middle option sounds like a good one, as you won't incur any additional upload charges, but you will probably reduce your total internet download quota.

That's good for you, helpful to Microsoft, and beneficial to everyone else.

If you can afford the altruism of torrent-style uploads for other people, go for option 3 and you'll be doing the world a modest favour, as well as speeding up your own updates, especially if you have multiple PCs to patch.

The thing to bear in mind: whether you're willing or able to go for option 3, it's the default, and you have to opt out if it doesn't suit you.

Google feeds this data into its location database, the Google Location Server, from the smorgasbord of input it got in the past from its Street View cars, and now collects from Android phones and tablets.

With that data set, it's built a global database of wireless access points and their geographic locations, which it uses in services and Android applications to approximate individuals' locations based on the Wi-Fi networks detected by their handsets.

Google's Peter Fleischer, writing from the halls of the Google Global Privacy Counsel, explained that users will have to opt out if they don't wish to have their Wi-Fi hotspot mapped:

We're introducing a method that lets you opt out of having your wireless access point included in the Google Location Server. To opt out, visit your access point's settings and change the wireless network name (or SSID) so that it ends with "_nomap". For example, if your SSID is "Network" you'd need to change it to "Network_nomap"

Fleischer's blog posting went to explain why Google is foisting responsibility for opt-out onto users, requiring them to fiddle with their router SSID instead of, say, Google providing an online opt-out tool. It has to do, he says, with "the right balance of simplicity."

"As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse. Specifically, this approach helps protect against others opting out your access point without your permission."

<Start sarcasm>

Gosh, thanks, Google! You’re protecting our access points from being booted off your location server! Heaven knows we were losing sleep, worried that hackers would opt out our access points without our permission. After all, we profit so greatly from your location-based services, and from enabling your users to tag posts with their locations, and to enabling your users to check in to restaurants, and to just simply helping your users to know where the heck they are.

Without recompense. And without our permission being required or desired.

Really, thank goodness. It would be awful if a hacker kicked us out of this Wi-Fi Fun Fest. After all, we know these location-based services are, in Google’s own words, “Some of the most popular features of today’s Internet,” off of which you are profiting so greatly, while we, of course, are profiting in ways that do not exactly equate to financial matters, per se, but rather to, well, actually, come to think of it, a big, fat, hen's-egg of nothing.

<End sarcasm>

What Google probably means by "balance of simplicity" is that it will be hard for users to do. That would be simpler for Google to handle, because having a bunch of users opt out would create big holes in its location mapping abilities.

eWEEK’s Wayne Rash pinpoints why this approach has absolutely nothing to do with simplicity. In a nutshell, there’s nothing simple for most people when it comes to tangling with their routers.

"The method seems simple, but it is fraught with problems," writes Mr. Rash. "Not the least of these problems … is that a lot of people have no idea how to change the SSID on their router. How many people? Well, if you're in a populated area, look for access points on your laptop. Note how many SSIDs are named ‛linksys’ or ‛belkin.’ Those are all people who bought their router at the store, plugged it in and started using it. These people likely don't know what an SSID is, much less how to change it."

Granted, the change should be fairly easy if people can figure out how to do it: just search for a new SSID on your computer (assuming you know how) and connect to the new one with the "_nomap" suffix.

But as Mr. Rash points out, there will be a boatload of nontechnical users on the support lines with people who make wireless access points and routers when all of a sudden those nontechnical users can’t connect. "I can only imagine what the folks at Cisco and Netgear will be thinking about Google after their first week of such calls," he writes.

It only gets more grisly from there. We have wireless routers sold for 802.11n that are also simultaneous dual-band routers, meaning they have two radios: one set for 2.4GHz and another for 5GHz.

"On most routers these two radios have different SSIDs that are set in different places," writes Mr. Rash. "How many users who already don't know how to manage their devices will realize this and also realize that they have to change both of them to say "_nomap" at the end to prevent automatic Wi-Fi data collection?"

And, he continues, what about Wi-Fi-enabled HDTVs using 5GHz that need to have the new name setup? Or the Wi-Fi-enabled consumer electronics? Will most users remember what frequency their gadgets are using and that they need to have a new name?

Google thinks highly enough of this fiddle-yourself-into-opt-out policy that it’s fluttering its eyelashes at other location providers, hoping that, over time, the "_nomap" string will be adopted universally. "This would help benefit all users by providing everyone with a unified opt-out process regardless of location provider," Google says.

But, asks Sophos’s Graham Cluley, "What happens if another net firm wants to produce its own rival to Google Street View, and sends their camera-equipped tricycle down the country lanes of Oxfordshire?"

"It's quite possible that folks might wish to opt out of Google knowing their Wi-Fi router, but don't care if another company does. Should we have a different way then of people marking their router name? Imagine if company A said use the "_nomap" suffix and company B said use "_nosnoop" instead. You can't have both!"

Of course, we know why Google is opting for "_nomap" opt-out as opposed to "_yesmap" opt-in. The company would collect, as Cluley notes, "a heck of a lot less data" that way.

Every day, our information gets pummeled into novel uses by companies who don’t ask us if it's OK.

When will the day come when access to our data is considered to be an assault unless it's a consensual act? Not today, not the way Google’s envisioning opt-out.