Samsung Laptop Key Logger

[Mr. Slow]

Oops . . . missed the link!

http://www.networkworld.com/newslett...32811sec2.html


-- Remove ".invalid" and replace with ".com" to reply

[Bullwinkle]

Samsung installs keylogger on its laptops
User discovers that Samsung is pre-loading keyloggers on its laptop
computers.
[UPDATE: Samsung has launched an investigation into the matter and is
working with Mich Kabay and Mohamed Hassan in the investigation. Samsung
engineers are collaborating with the computer security expert, Mohamed
Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for
Advanced Computing and Digital Forensics, and with the antivirus vendor
whose product identified a possible keylogger (or which may have issued a
false positive). The company and the University will post news as fast as
possible on Network World. A Samsung executive is personally delivering a
randomly selected laptop purchased at a retail store to the Norwich
scientists. Prof. Kabay praises Samsung for its immediate, positive and
collaborative response to this situation.]

A user discovered a keylogger pre-installed on two brand-new Samsung laptops
that the company admitted was there to "monitor the performance of the
machine and to find out how it is being used."

Mohamed Hassan wrote in Mich Kabay's Security Strategies newsletter that as
soon as he received his Samsung R525 laptop, he ran a full system scan and
found a commercial keylogger called StarLogger.

StarLogger claims it records every keystroke made on the computer, even on
password-protected boxes, starting up whenever the computer starts up. The
software emails results at intervals to a specified email address and will
even include screen captures.

Hassan ended up buying a second Samsung laptop, a model R540, and found the
same keylogger installed on that one.

"The fact that on both models the same files were found in the same location
supported the suspicion that the hardware manufacturer, Samsung, must know
about this software on its brand-new laptops," he writes.

Hassan reports that at first Samsung Support personnel denied that they
installed the software and directed him to Microsoft, but then eventually
admitted that Samsung was responsible.

As Hassan notes, the incident is reminiscent of the Sony BMG rootkit fiasco
of 2005. At the time, Sony BMG used a rootkit to monitor computer user
behavior and limit how music CDs were used on the computer.

Kabay says that Samsung has not responded to further requests for comment.

"FredW" <fredw@blackholespam.net> wrote in message
news:uvu8p6t6gbtp0t6mlr4top13qn8iunapcg@4ax.com...
On Thu, 31 Mar 2011 13:44:41 +0100, "Mr. Slow"
<millenniumgold@btinternet.invalid> wrote:

>Oops . . . missed the link!
>
>http://www.networkworld.com/newslett...32811sec2.html
>
>
>-- Remove ".invalid" and replace with ".com" to reply

Someone who is not able to recognize a "false positive".
http://www.zdnet.com/blog/hardware/s...positive/12128

--
Fred W. (NL)

[VanguardLH]

Mr. Slow wrote:

<snipped>
>
> -- Remove ".invalid" and replace with ".com" to reply

That is not a proper signature. The sigdash delimiter line is comprised
of just the "-- \n" characters: 2 dash characters, a space character and
a newline. Because of the newline, nothing else can appear after the
"-- " character sequence. Signatures go AFTER the sigdash line.

I wasn't aware that v15 of WLM is screwing up signatures (other than
improper positioning) along with its debacle of no longer quoting
(prefixing and indenting).

Because you did not have "-- " on a line by itself, you have no
signature. The "Remove" text is in the *body* of your post, not as a
signature.

[David H. Lipman]

From: "VanguardLH" <V@nguard.LH>

| Mr. Slow wrote:

| <snipped>

>> -- Remove ".invalid" and replace with ".com" to reply

| That is not a proper signature. The sigdash delimiter line is comprised
| of just the "-- \n" characters: 2 dash characters, a space character and
| a newline. Because of the newline, nothing else can appear after the
| "-- " character sequence. Signatures go AFTER the sigdash line.

| I wasn't aware that v15 of WLM is screwing up signatures (other than
| improper positioning) along with its debacle of no longer quoting
| (prefixing and indenting).

| Because you did not have "-- " on a line by itself, you have no
| signature. The "Remove" text is in the *body* of your post, not as a
| signature.

LOL :-)


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

[Mr. Slow]

"VanguardLH" wrote in message news:in2oi0$7sv$1@news.albasani.net...

Mr. Slow wrote:

<snipped>
>
> -- Remove ".invalid" and replace with ".com" to reply

That is not a proper signature. The sigdash delimiter line is comprised
of just the "-- \n" characters: 2 dash characters, a space character and
a newline. Because of the newline, nothing else can appear after the
"-- " character sequence. Signatures go AFTER the sigdash line.

I wasn't aware that v15 of WLM is screwing up signatures (other than
improper positioning) along with its debacle of no longer quoting
(prefixing and indenting).

Because you did not have "-- " on a line by itself, you have no
signature. The "Remove" text is in the *body* of your post, not as a
signature.

Thank you but with respect, one can either nit-pick over obscure Usenet
protocols which few understand, or comment on the (quite serious) subject
matter. I (and the previous posters) would prefer the latter, you the
former.

No signature, out of fear of further reprimand. I might even top-post next
time!

MS.

[Mr. Slow]

"FredW" wrote in message news:kcu9p6hl67f46gpsq5fgc6m22r4hgpk2uk@4ax.com...

On Thu, 31 Mar 2011 22:50:34 +0100, "Mr. Slow"
<millenniumgold@btinternet.invalid> wrote:
>
>Thank you but with respect, one can either nit-pick over obscure Usenet
>protocols which few understand, or comment on the (quite serious) subject
>matter. I (and the previous posters) would prefer the latter, you the
>former.

O please, do yourself and everybody else a favor and get rid of WLM 2011
(WLM 15).

Look at the post you wrote and see that it is not possible to see where
the previous post ends and where your reply begins.
That is called "quoting" which is not done by your WLM.
Other deficiencies of WLM are already mentioned by Vanguard.
Why don't you read and accept the failures of WLM?

It is not "nit-picking" but it is rude to use such a sloppy product.
If you really want to use WLM, please go back to WLM 2009.
WLM 2011 is the worst product from Microsoft in many years.

--
Fred W. (NL)

Bull****. If you have an issue with WLM, refer it to Microsoft not me. I am
not a rude person but hate to see legitimate spyware discussions derailed in
this way.

What's more important? The suggestion that Samsung may be distributing new
laptops with key loggers and rootkits installed, or some suggestions that
WLM misquotes postings (which anyone with half a brain can sort out anyway)?
I know here my money is . . .