Re: Lattice Ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

.
For your information, I actually tracked down the original report
about this (and posted some corrections in a comment to the
researcher):
  1. This was not HP's keyboard driver.  This was Synaptics' touch
      pad driver (SynTP.sys).

Never said it is HP's driver.  But understand, that it only went in to HP machines. 

As far as we know.  That, I have said.


  1. The code in question was apparently the common classic issue
      that the driver checks if a hotkey related to the touchpad is
      pressed, and has a test feature to help each laptop manufacturer
      check if they configured the correct (laptop-specific) scan code
      for that hotkey by using a special test driver that logs the keys
      that match/don't match the configured one.  On a number of
      occasions HP (and maybe others) have sent such test drivers to end
      users instead of the drivers without the debug feature.

A keylogger is not useful in this case, particularly as timing is an acute issue.  At the most basic, when they want what you portray, a utility like evtest.

  1. In this case, no keys were logged unless someone (or something)
      with admin rights on the laptop did extra steps to turn on the
      feature and to read back the results.  Any malicious code with
      those rights could just install its own logging without depending
      on that particular wrong driver being installed,
  2. So to me, that particular issue falls into the less serious tier of:
    Possible misuse if other things go wrong first, upgrade when ready as
    a defense in depth.
  3. Jakob
Correct, it is not turned on by default.  Never said otherwise.  But it can be manually.

So far I've raised three independent issues in this thread, and have been fought on all three.  I am bored now with trying to raise awareness, so let's just all agree that nobody wants to hear it.  You do your thing and I'll do mine.



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux