Daily Archives: May 12, 2017

Keylogger Found in Audio Driver of HP Laptops

Posted on by
Reply

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.

Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
Keylogger found in preinstalled audio driver

According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.

This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).

This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file “monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys.”

This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at:

C:\users\public\MicTray.log

Audio driver also exposes keystrokes in real-time via local API

If the file doesn’t exist or a registry key containing this file’s path does not exist or was corrupted, the audio driver will pass all keystrokes to a local API, named the OutputDebugString API.

Source: Keylogger Found in Audio Driver of HP Laptops

Cloudflare goes berserk on next-gen patent troll Blackbird, vows to utterly destroy it using prior-art bounties

Posted on by
Reply

Rather than a corporation that hires outside lawyers to pursue infringement claims, Blackbird is a small law firm strapped to a war chest of patents. It is an all-in-one form-filling, claim-filing robot. It has no extra baggage and no expensive legal bills to pay, making it a rather lean and mean machine.

“In the past, patent trolls had to hire lawyers and law firms,” Prince said. “These guys do away with it entirely and have the owner be a law firm themselves.”

Because Blackbird is owned by the attorneys who pursue its cases, Prince explained, they are able to file lawsuits without having to worry about lawyer fees. This, he said, allows them to scoop up patents on the cheap and fire off multiple “lottery ticket” infringement claims for nothing more than the court filing fees. It allows for a machine-gun attack on companies, with patent infringement claims the bullets.

“This is a unique case. They pose an amplified risk to innovative companies everywhere,” Prince said. “You can see by the volume of the lawsuits they filed, they have optimized patent trolling to a level that can inflict maximum damage.”

Now, instead of just fighting to invalidate the single patent in their case, Cloudflare is backing a campaign to have all of Blackbird’s patent holdings – roughly 70 of them – declared invalid for future litigation.

To achieve this, Cloudflare has ring-fenced $50,000 in bounties for prior-art proof to challenge Blackbird’s holdings. Of that prize pot, $20,000 will pay those who find prior art on the ‘335 patent, and $30,000 for other patents.

In addition, Prince says Cloudflare plans to file with the state bar associations in Illinois and Massachusetts, where Blackbird’s principal attorneys reside, alleging that by owning the patents they litigate, Blackbird lawyers are committing clear ethical violations

Source: Cloudflare goes berserk on next-gen patent troll, vows to utterly destroy it using prior-art bounties

DEATH TO PATENTS!

Avast blocks the entire internet – again

Posted on by
Reply

“Non tech savvy users will have issues reporting or getting the problem fixed,” he explained. “To regain web access you have to disable Web Shield or disable Avast or uninstall Avast. To fix the issue you have to do a clean install of the latest version of software.”

It’s unclear how widespread the problem is. Avast’s PR reps have acknowledged our requests for comment but are yet to supply a substantive response.

All HTTP requests are blocked from all applications including Windows Update. “TCP connections are established but no HTTP request is sent,” according to Michael S.

Source: Avast blocks the entire internet – again