Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Samsung Keylogger Stories a False Alarm

CmdrTaco posted more than 3 years ago | from the everyone-sit-down-and-chill-out dept.

Security 183

Trailrunner7 writes "The panic that arose yesterday about Samsung allegedly shipping laptops that contained a pre-installed keylogger turns out to have been a complete mistake after further investigation by security researchers and the company itself. In fact, the controversy was the result of a false positive from one commercial antimalware suite and nothing else. Several outlets reported on Wednesday that Samsung laptops had been found to contain a keylogger known as StarLogger right out of the box from the factory. However, upon closer inspection by security companies, the folder on the laptops that supposedly contained the malware was actually a directory that is part of Windows' multi-language support."

cancel ×

183 comments

Sorry! There are no comments related to the filter you selected.

epic FAIL (5, Insightful)

pasv (755179) | more than 3 years ago | (#35677212)

We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one

Re:epic FAIL (1)

Anonymous Coward | more than 3 years ago | (#35677290)

We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one

You wouldn't even need a kernel debugger. I think just a basic examination of the binary itself, and maybe some network traffic capturing would have ruled this "malware" detection out as a false positive.

Re:epic FAIL (1)

Mascot (120795) | more than 3 years ago | (#35677380)

From what I read, it wasn't even question of a binary. The mere presence of a _folder_ with the offending name triggered the AV. That AV's gotto be the new benchmark as far as being crappy goes.

Re:epic FAIL (2)

pasv (755179) | more than 3 years ago | (#35677422)

Sure you could do binary analysis and network traffic capturing but both of these things can be veiled in obscurity. Binary analysis is often extremely time consuming (especially if the author of said (spy|mal)ware is using anti-debugging tricks and self encryption which prevents normal strings from being extracted). As for the network monitoring it's possible to use stenography to pipe out information in things as obscure as DNS requests and outgoing TCP headers. But there is nothing that says keylogger quite like a hook seen from a kernel debugger. Gotta go to the source. Can't say this StarKeylogger would employ any of these techniques tho. I'm feeling just as lazy as the person who pointed said keylogger out in the first place.

Re:epic FAIL (0)

Anonymous Coward | more than 3 years ago | (#35677534)

I'm feeling just as lazy as the person who pointed said keylogger out in the first place.

Primary differences being:
A) This asshat claims to be a security expert
B) Reported his "findings" to the press

Re:epic FAIL (1)

countertrolling (1585477) | more than 3 years ago | (#35678150)

How does a kernel debugger(de-bugger, interesting concept) detect hardware keyloggers on a chip?

Re:epic FAIL (1)

Whalou (721698) | more than 3 years ago | (#35677332)

If you consider this an epic fail on the part of security experts, the HBGary incident must be a legen...

wait for it

...dary fail.

Re:epic FAIL (0)

Anonymous Coward | more than 3 years ago | (#35677448)

If you consider this an epic fail on the part of security experts, the HBGary incident must be a legen...

wait for it ...dary fail.

My coffee is black. That's my second dairy fail of the day.

Re:epic FAIL (1)

Anonymous Coward | more than 3 years ago | (#35677352)

There was no security researcher who thoroughly researched it. It was some random stupid ass blogger. And someone posted it to Slashdot and it got promoted to the front page because it was inflammatory and would get lots of hits.

This is the future of news; random dilhole bloggers will post the news because nobody is willing to pay for "real" (although maybe biased) reporting.

Re:epic FAIL (0)

Anonymous Coward | more than 3 years ago | (#35677386)

We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one

There was no "security researcher" - the guy who reported it is a "security consultant." If that doesn't give you pause, nothing will.

Re:epic FAIL (5, Interesting)

cf18 (943501) | more than 3 years ago | (#35677420)

Indeed.

- an antivirus software that rise alarm base on a two letter directory name inside \Windows , even when it is empty.

- a "security researcher" that take the alarm at face value and never check if is actually there, check if the process run, what kind of content it was logging and where it is sending them.

- a low level support manager confirm the software's existence, probably thinking about the fan speed and temperature monitoring software.

Re:epic FAIL (1)

omnichad (1198475) | more than 3 years ago | (#35677946)

The folder being empty could simply mean rootkit, though it would be a terrible fail of a rootkit not to hide the folder itself. The fact that the folder is actually a standard part of Windows is the worst fact.

Re:epic FAIL (4, Funny)

ifrag (984323) | more than 3 years ago | (#35678298)

It could have been worse, they could have scanned it with McAfee and rendered the machine unable to boot.

Re:epic FAIL (3, Informative)

recoiledsnake (879048) | more than 3 years ago | (#35677996)

First line of the article:

Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix

Then a whole lot of fluff about the Sony root kit fiasco.

The money quote:

The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.

That seems to be some very concrete proof.

Then some ramblings about how a class action lawsuit will come out of this. I too smell a lawsuit but not against Samsung.

Re:epic FAIL (1)

maxume (22995) | more than 3 years ago | (#35677446)

All of us? What about the people independent of Samsung that researched it further and provided some evidence that it wasn't true?

My initial reaction was more along the lines of "That sounds unlikely" than "Burn them!".

IT World standard practice (2)

PhreakOfTime (588141) | more than 3 years ago | (#35677666)

My initial reaction was more along the lines of "That sounds unlikely" than "Burn them!".

My initial response was;
It's a Network World/IT World article, so its probably made up garbage that will be debunked within hours.

And look at that... it was. Shocking.

I have a friend who likes to sent me IT World articles. It's become a running joke how bad their articles are written. Well, a joke to me at least, he still thinks they are some sort of reputable news source for all things IT and that I am just 'picking on them'.

Re:epic FAIL (2)

19thNervousBreakdown (768619) | more than 3 years ago | (#35677490)

Heh I remember reading the line where he said that it definitely wasn't a false positive because it had never had one before, and going .... "what? Well, the part where he captures the network information or at the very least sees the log files on his disk somewhere must be coming soon." Nope! Just another credulous fool. By the end I was wondering how the hell he could claim that Samsung was logging every keystroke, when even if it was installed, in all likelihood Starlogger can be configured to do a number of different things.

The part about it being "completely undetectable" gave me a chuckle too. That's not something you should say without some sort of qualifier, but he just kept on going about how bad-ass his investigation was.

The main thing is though, no real evidence has been given either way (although given the ease of verifying his claim, the fact that it's an accusation, and its extraordinary nature, the burden of proof should clearly go on the accuser's shoulders) so either vilifying or exonerating Samsung is silly at this point. Besides, what did they think they were admitting to? Apparently there is some sort of information-gathering going on, and any at all without clear prior notice to the user and the user's acceptance is ... unacceptable.

Re:epic FAIL (1)

jdgeorge (18767) | more than 3 years ago | (#35678078)

Apparently there is some sort of information-gathering going on, and any at all without clear prior notice to the user and the user's acceptance is ... unacceptable.

That's copmletely unsubstantiated.

Re:epic FAIL (4, Insightful)

John Saffran (1763678) | more than 3 years ago | (#35677536)

Not to blow my own horn, but there were some of us who were sceptical of the story until it was proven by independent sources (http://slashdot.org/comments.pl?sid=2061772&cid=35673170).

Basically the qualifications of the author aren't technical and he's commenting on a technical topic and the story was lacking on details so such a big claim couldn't (and shouldn't) be taken at face value without independent validation.

In this case the independent validation seems to very strongly refute the claim, which is unfortunate for the author's reputation .. I hope he's learned a lesson from this, nobody needs security people talking about things they don't understand.

Re:epic FAIL (2)

BlueKitties (1541613) | more than 3 years ago | (#35677564)

It's not an EPIC FAIL, it's marketing at its finest. I've never heard of VIPRE until this morning when I saw the news. Honestly, I wouldn't be surprised if they made it all up just to get attention. If not, that's probably the most profitable false positive in history (save me the medical diagnosis puns...)

Re:epic FAIL (1)

LordLimecat (1103839) | more than 3 years ago | (#35677626)

FAIL on the part of everyone who blindly believes some slashdot story that doesnt name the supervisor, or any details of methodology, or any details beyond the finders name.

I mean seriously, do people really take all slashdot stories at face value?

Re:epic FAIL (1)

Anonymous Coward | more than 3 years ago | (#35677874)

I mean seriously, do people really take all slashdot stories at face value?

I don't know. I've never read TFAs.

Re:epic FAIL (0)

Anonymous Coward | more than 3 years ago | (#35677810)

sad thing is that the previous info against samsung will remain indexed on the internet for evermore with fiction becoming fact over time.

FUD Campaign (1)

Xest (935314) | more than 3 years ago | (#35678000)

I've seen a few people mention it already in previous articles but I'm actually beginning to wonder myself if this is an orchestrated FUD campaign against Samsung. The actors story was, well, a complete fucking non-story too.

Rogue Apple fanboy, or Apple PR getting a bit twitchy about Android and Samsung's Galaxy phones and tablet perhaps?

Will be interesting to see if this anti-Samsung FUD continues or if it's mere coincidence that two FUD stories have been posted about Samsung in such a short period.

Re:epic FAIL (1)

molnarcs (675885) | more than 3 years ago | (#35678178)

We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one

Agreed, though I'm quite happy with the results of this FAIL - it showed what would happen if indeed, Samsung installed a keylogger. Sooner or later a company would have decided this to be a good idea. So it's kind of nice to have this small shitstorm without actual damage. The linked article uses such strong wordings as "the panic that arose yesterday" ... good! Companies should be reminded from time to time how sensitive this issue is...

How close an examination? (0)

Anonymous Coward | more than 3 years ago | (#35677218)

Because SRAT likes to live in the IME folder ... and that's definitely a keylogger.

So much for being a CISA CISSP MSIA ... (0)

Anonymous Coward | more than 3 years ago | (#35677220)

But the original writer and now famous Security researcher is MSIA, CISSP, CISA ... That must say something no ?
what do you mean Security Certification are worthless ?

Re:So much for being a CISA CISSP MSIA ... (2)

WrongSizeGlass (838941) | more than 3 years ago | (#35677376)

But the original writer and now famous Security researcher is MSIA, CISSP, CISA ... That must say something no ? what do you mean Security Certification are worthless ?

I believe you forgot LOL, SOL and GTFO.

Re:So much for being a CISA CISSP MSIA ... (1)

John Saffran (1763678) | more than 3 years ago | (#35677454)

No it doesn't mean that they're worthless .. they're just not technical certifications so in this case we should've been sceptical (like I said in the original story, http://slashdot.org/comments.pl?sid=2061772&cid=35673170 [slashdot.org] ) because the certifications aren't relevant to the abilities required to make an informed comment.

Re:So much for being a CISA CISSP MSIA ... (1)

Stenchwarrior (1335051) | more than 3 years ago | (#35677594)

Those are not technical certs. Anyone with the ability to understand the auditing process, computers or otherwise, will pass the exam.

Re:So much for being a CISA CISSP MSIA ... (5, Insightful)

sglane81 (230749) | more than 3 years ago | (#35677818)

Not to mention these gems:

I installed ... security software ... The scan found two instances of a commercial keylogger called StarLogger ... This key logger is completely undetectable ...

So, this program found something which couldn't be found. Check.

After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop

Removed the keylogger by removing the folder? Check.

I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.

So, "false-positive proof." Good to know that your extensive experience running an anti-virus program has yielded perfect results. Don't worry about the fact that you don't actually know what you're talking about.

... logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied ... SS changed its story ... SS personnel relented and escalated the incident ...

Can we claim Godwin here? I have a feeling Samsung Support doesn't refer to itself as the SS.

You obviously have some kind of agenda, Mohamed Hassan, MSIA, CISSP, CISA. I know now to never trust anything NetSec Consulting Corp does. Also, congrats on being an "adjunct professor of Information Systems in the School of Business at the University of Phoenix."

Re:So much for being a CISA CISSP MSIA ... (2)

RoverDaddy (869116) | more than 3 years ago | (#35678292)

Removed the keylogger by removing the folder? Check

I'm guessing that by 'removing the keylogger', he meant 'let the anti-virus' software do its default recommended action'.

A likely story... (0)

Anonymous Coward | more than 3 years ago | (#35677228)

SURE it's just for multilanguage support. SURE it is. :)

Whatever (0)

Anonymous Coward | more than 3 years ago | (#35677230)

infoworld / networkworld got their click throughs, some people will never publish a retraction, spreading fud earns support from sponsors and readers can get their outrage glands working. Everyone wins, everyone loses.

Unless people want to stop taking unconfirmed near-zero evidence postings seriously?

Then why the adminision of guilt? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35677236)

Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

Re:Then why the adminision of guilt? (2)

TheCRAIGGERS (909877) | more than 3 years ago | (#35677362)

Yeah, but wasn't the admission of guilt quoted from an email of the original finder? It's not like we saw a Samsung press release on this.

Re:Then why the adminision of guilt? (0)

Anonymous Coward | more than 3 years ago | (#35677532)

Clueless low tier customer service drone spouting crap and gets reported as news? Sounds like that to me.

Re:Then why the adminision of guilt? (0)

Anonymous Coward | more than 3 years ago | (#35677590)

Probably because some clueless lower support guy had to answer a question like "HEY YOU FILTHY SPYING HACKER BASTARD!!! Why the hell do you put a fucking keylogger on my fucking computer you piece of shit?!?!?! There is no imaginable reason for this shit except that you are the biggest asshole in the world who wants to destroy my computer and STEAL MY FACEBOOK!!!"

Re:Then why the adminision of guilt? (0)

Anonymous Coward | more than 3 years ago | (#35678128)

And such a complaint would be perfectly legitimate. If they didn't want to deal with that, then they shouldn't have installed spyware on their computers.

Re:Then why the adminision of guilt? (2, Insightful)

LordLimecat (1103839) | more than 3 years ago | (#35677696)

This is why they didnt give you a supervisors name, or any further details on the phone call. There was nothing resembling evidence; it was all rumor and assertion.

Re:Then why the adminision of guilt? (1)

MobileTatsu-NJG (946591) | more than 3 years ago | (#35678410)

Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

I see no admission of guilt. Instead I see an answer to a question that probably didn't use the word 'keylogger'.

Appropriate quote (4, Insightful)

_merlin (160982) | more than 3 years ago | (#35677238)

The following fortune quote accompanied this story for me:

It is not good for a man to be without knowledge, and he who makes haste with his feet misses his way. -- Proverbs 19:2

Disturbingly appropriate, considering the story is about people jumping all over a false assumption. But I'm constantly surprised at the number of times a Windows installation with full multilingual support trips anti-malware or anti-virus software. Don't these guys even use their MSDN subscriptions to get a full set of Windows installs to test against?

Re:Appropriate quote (0)

Anonymous Coward | more than 3 years ago | (#35677434)

When was the last time you've actually legitimately found a virus with anti virus software. It's pretty obvious that these applications are mostly "for show" at this point.

Re:Appropriate quote (1)

Stenchwarrior (1335051) | more than 3 years ago | (#35677494)

Fuck to the yes! I only put AV on computers now a days to make end users feel warm and cozy. Then when they bring it back in 6 months later I install the ones that actually work. Too bad they don't prevent.

Re:Appropriate quote (1)

LordLimecat (1103839) | more than 3 years ago | (#35677726)

Antivirus are a useful second line of defense, the first line being "keep your crap up to date". I mean, otherwise you cant protect yourself from that 0-day that the vendor wont have a patch for for 2 weeks, even though all the AV firms have a definition out tomorrow.

And if a virus attempts to spread through network share (by replacing folders with EXEs with folder icons), having an AV that detects it is really useful.

Re:Appropriate quote (4, Informative)

mlts (1038732) | more than 3 years ago | (#35677758)

I have found that AdBlock does far more to keep malware off a system than any antivirus program out there. Couple that with a decent firewall/NAT box/router, common sense about not running downloaded stuff, and a solid backup system, and that will pretty much make for malware-free computer usage. Using sandboxie doesn't hurt either.

Re:Appropriate quote (0)

Anonymous Coward | more than 3 years ago | (#35677472)

Or apply the Sagan standard "extraordinary claims require extraordinary evidence". If you're going to claim something extraordinary, you better double-check every step of your chain of argument. In this case, verifying the conclusion of the antimalware suite, since observing a bug in antimalware is less extraordinary than the conclusion you're deriving from it.

where is the outrage? (2)

pablo_max (626328) | more than 3 years ago | (#35677510)

Turn on the TV. Go to any "News" site. Everything is designed to make you react in some way. They especially like to find the most "outraged" person and interview them.
It is a bit sad. People will freak out about stuff like this and demand action, yet your government erodes your rights and destroys your country a little bit more each day and the same people are quite.
Tell me /., where is the outrage for things that matter?

Re:Appropriate quote (1)

Twinbee (767046) | more than 3 years ago | (#35677530)

Or alternatively: "Before pointing fingers, properly research first", which is terser, less pretentious, and made in 20 seconds by yours truly. Also it has the advantage that it doesn't come from a book with lots of false information.

Auto-immune diseases. (0)

Anonymous Coward | more than 3 years ago | (#35678080)

But I'm constantly surprised at the number of times a Windows installation with full multilingual support trips anti-malware or anti-virus software.

Right on spot, but I think we are witnessing the precursors of auto-immune diseases. The point at which the relations between attacker and defendant become too complex for an immune system to keep it straight all the time.

Interesting times indeed.

(captcha was: security, btw)

Re:Samsung Keylogger Stories a False Alarm (1)

neo12 (1892318) | more than 3 years ago | (#35677240)

At least Samsung is not a Chinese company.

Oh noes (1)

Haedrian (1676506) | more than 3 years ago | (#35677242)

Quick! Call the worldwide boycott off before the entire company loses its 13.5Billion revenue.

On a related note, could Samsung sue the journalists for libel?

Re:Oh noes (2)

Sonny Yatsen (603655) | more than 3 years ago | (#35677262)

Even if they could, which I doubt, why would they want to bring extra attention to this when it'll just go away tomorrow?

Re:Oh noes (1)

erroneus (253617) | more than 3 years ago | (#35677804)

Because apparently only Slashdot users know about the Streissand effect. Governments and every business on the planet seem not to have heard of it.

Re:Oh noes (4, Insightful)

MarkGriz (520778) | more than 3 years ago | (#35677394)

Could? More like should.

The title of the article was not "Did Samsung install keylogger on its laptop computers?"

No, the title was "Samsung installs keylogger on its laptop computers", though it looks like they've updated it now to
"UPDATE: Samsung keylogger could be false alarm"

Great journalism there. Leap out of the gate screaming "keylogger!!!!" with zero fact checking, but later back off and say "oops we could be wrong"

Re:Oh noes (1)

Stenchwarrior (1335051) | more than 3 years ago | (#35677508)

mod this guy up

Re:Oh noes (4, Insightful)

LordLimecat (1103839) | more than 3 years ago | (#35677750)

Everyone who left a comment decrying Samsung in the last article is just as much to blame. You give approval to such antics by your reaction.

Good for Slashdot for following up (4, Insightful)

HawkinsD (267367) | more than 3 years ago | (#35677252)

At least Slashdot has the journalistic ethics to post the follow-up. Good for them. I note that Network World is doing the same.

Yes, I said "journalistic" in the same sentence as "Slashdot." It's important.

Re:Good for Slashdot for following up (1)

MarkGriz (520778) | more than 3 years ago | (#35677300)

Yet the original story still has not been updated to correct the error.
So much for journalistic ethics.

Re:Good for Slashdot for following up (0)

Anonymous Coward | more than 3 years ago | (#35677552)

If a newspaper makes a mistake they post a correction in the next edition. They don't go out and take back every newspaper and tipex out the mistake.

That is no different to what Slashdot has done.

Re:Good for Slashdot for following up (0)

Anonymous Coward | more than 3 years ago | (#35677762)

They sure as hell do in their online editions. They'll update the actual story, or at least link directly to the retraction/correction.

Re:Good for Slashdot for following up (1)

jones_supa (887896) | more than 3 years ago | (#35677326)

True.

Makes no sense (3, Insightful)

StillNeedMoreCoffee (123989) | more than 3 years ago | (#35677272)

The earlier article quoted Samsung as admitting to placing the software on their computers to gather information. Either that part of the earlier story is false or the current one is. This is not good journalism.

Re:Makes no sense (0)

Anonymous Coward | more than 3 years ago | (#35677338)

Yes, this. Clearly there is a huge gap in the facts. In the previous story Slashdot stated that "Samsung has admitted they did this" and in the same story again "Three PR officers from Samsung have so far refused comment", so if it wasn't PR that admitted to it who did? Where is that person now?

Re:Makes no sense (0)

Anonymous Coward | more than 3 years ago | (#35677584)

Where is that person now?

Hanging from a lamppost near Samsung headquarters.

Re:Makes no sense (3, Informative)

Anonymous Coward | more than 3 years ago | (#35677346)

It was confirmed by a low level support person who may or may not have understood what was going on.

All the PR and Legal depts had "No Comment" till it was more thoroughly researched.

Re:Makes no sense (0)

Anonymous Coward | more than 3 years ago | (#35677950)

It was confirmed by a low level support person who may or may not have understood what was going on.

All the PR and Legal depts had "No Comment" till it was more thoroughly researched.

Not even that. It was only claimed that tech support confirmed it by the same clueless "security consultant" that completely misunderstood everything about this. We have no evidence that even this part is true.

Re:Makes no sense (0)

Anonymous Coward | more than 3 years ago | (#35677566)

The earlier article quoted Samsung as admitting to placing the software on their computers to gather information. Either that part of the earlier story is false or the current one is. This is not good journalism.

Yes, it's great "journalism". As far as reporting facts goes, it sucks. But "journalists" don't care about mundane things like facts. Ever notice how nobody's a "reporter" any more?

We now have "journalists" to do so much more than just report mundane facts. That's not good enough anymore.

Re:Makes no sense (1)

Anonymous Coward | more than 3 years ago | (#35677610)

In one of the original articles he says he contacted support. So this statement is likely from some support drone who had no idea what the customer was talking about. He probably jumped to conclusions because he has to handle support tickets in 30 seconds or less.

What I've learned from support contacts is to NEVER explain anything. They won't bother understanding what you wrote. State in a single sentence what you want to have done. They'll ignore everything else. Seriously, one sentence only. If you write two or three they will either be ignored altogether or trigger completely unrelated keywords that result in nonsensical preformulated responses.

Support doesn't have the attention span to handle complex issues like this.

Re:Makes no sense (0)

Anonymous Coward | more than 3 years ago | (#35678106)

No the article quoted what Hassan claims to have heard back from Samsung. Do you really trust Hassan after learning all this?

support request (0)

Anonymous Coward | more than 3 years ago | (#35677274)

That was certainly one way to get moved up in the queue and get a real answer out of samsung.

I don't care about facts. (4, Funny)

mevets (322601) | more than 3 years ago | (#35677276)

I still hate the keylogging bastards that they are, and I want to see the whole company in jail...

Sorry Samsung (0)

Anonymous Coward | more than 3 years ago | (#35677316)

Urgh. This seems such a stupid mistake, so much panic was created simply by the existence of a folder. I'm annoyed at myself for believing the hype and swearing off Samsung products yesterday. Sorry Samsung, forgive and forget?

So the keylogger (1)

Grand Facade (35180) | more than 3 years ago | (#35677320)

is a Microsoft product?????

Foot in mouth awards (0)

Anonymous Coward | more than 3 years ago | (#35677366)

And the 2010 Foot in Mouth award goes to...

The writer AND the "security researcher" both of whom put the credibility of their school, degree, and certifications at risk.

I sense two egos deflated for the better.

Re:Foot in mouth awards (1, Insightful)

Anonymous Coward | more than 3 years ago | (#35678036)

And the 2010 Foot in Mouth award goes to...

The writer AND the "security researcher" both of whom put the credibility of their school, degree, and certifications at risk.

I sense two egos deflated for the better.

You should really included Slashdot community there as well, as we jumped on crucifying them based on no evidence whatsoever, just the word of a random blogger.

"Extraordinary claims require extraordinary evidence"
-- Carl Sagan

What about their use of Carrier IQ on Android? (2)

Bill Dimm (463823) | more than 3 years ago | (#35677408)

Re:What about their use of Carrier IQ on Android? (0)

Anonymous Coward | more than 3 years ago | (#35678402)

+1 to Parent. The Carrier IQ issue is on par with the false laptop keylogger story.

Hold on a second. (1, Interesting)

Conspiracy_Of_Doves (236787) | more than 3 years ago | (#35677444)

Where did this quote come from, then?

monitor the performance of the machine and to find out how it is being used

Re:Hold on a second. (0)

Anonymous Coward | more than 3 years ago | (#35677754)

Where did this quote come from, then?

monitor the performance of the machine and to find out how it is being used

It's technically hearsay - the original "security expert" stated that this is what he was told by someone at Samsung support.

Re:Hold on a second. (1)

Skuld-Chan (302449) | more than 3 years ago | (#35678046)

Could have been the poor tech in India had no idea what the question was to begin with...

That quote could have been attributed to system monitoring software used to conserve battery usage for instance.

Re:Hold on a second. (0)

Anonymous Coward | more than 3 years ago | (#35678258)

Could have been the poor tech in India had no idea what the question was to begin with...

Then maybe Samsung should hire tech support employees who know English.

Notes to self: (1)

Stenchwarrior (1335051) | more than 3 years ago | (#35677468)

Pick up milk and eggs

Pick up dry-cleaning

Don't use VIPRE.

Wife's Laptop (3, Interesting)

Cytlid (95255) | more than 3 years ago | (#35677476)

My wife has a Samsung R580 which is almost a year newer than the laptops the guy mentioned in the article. I was going to scan it with some decent rootkit programs (like f-secure blacklight or rootkit revealer) only to find out some of my favorites don't work with 64bit Win7. I wrote to the guy who wrote the article, asking about the name of the "commercial security scanner" he installed. He never replied back. I booted my wife's laptop into Linux last night using a Live CD, and performed some find commands for supporting files of the StarLogger program (which showed up in a google search). Nothing. I was thinking if this was true, hers was exempt because it was almost a year older. Turns out, I find out today, I did more research than this supposedly "phd security expert" had.

Re:Wife's Laptop (1)

Cytlid (95255) | more than 3 years ago | (#35677500)

That should read that her laptop is a year _older_ not newer... oops. We all make mistakes.

Re:Wife's Laptop (1)

ISurfTooMuch (1010305) | more than 3 years ago | (#35677772)

You did more research, but this idiot got all the press. He thought he had something, so he ran to the media with it, and they ate it up. Of course, he looks really stupid now, but that's only because others were more thorough.

Inb4... (2)

supersloshy (1273442) | more than 3 years ago | (#35677486)

Inb4 all of the commenters from the previous Samsung article come in here and act like they didn't assume that the keylogger was real, didn't yell about how Samsung should/will be persecuted for this, and didn't ask for people to boytt Samsung ;)...

I always hear Slashdotters complaining about "moral panic" and complaining about the "idiots" who don't do their research before making claims... How is this any different? Really, it's no different. Is the level of "corporate hate" on Slashdot really that high as to exclude any common sense (apparently not so common) when dealing with a subject like this where it's impossible to tell whether he was right? He said he was right in the previous article, but why did you blindly trust him? All it takes for a simple, non-assuming comment is to add "If this is true," to the beginning of your comments. It isn't very hard and it doesn't make you look like an idiot when the entire reason you said those things turned out to be bullcrap.

Unexpected (0)

Anonymous Coward | more than 3 years ago | (#35677496)

And this is a surprise?

Won't slow down your PC! (2)

evilgrug (915703) | more than 3 years ago | (#35677528)

The tagline for VIPRE AntiVirus is 'Finally Antivirus Software That Won't Slow Down Your PC!'.

I guess we know why. Who wants to spend all those CPU cycles searching through binaries both in RAM and on disk, comparing them against a database of virus patterns, and performing advanced heuristics checks when it's so much easier to match directory names and call it a day?

Anyone tried this vipre on other laptops? (0)

Anonymous Coward | more than 3 years ago | (#35677586)

I suppose this slovene language is not specific to samsung. Do we have any slovene speaking people here to run vipre on their machines (laptop/desktop/server)?

A security researcher? (0)

Anonymous Coward | more than 3 years ago | (#35677608)

Oh, [weaselwords] "Security Researchers" [/weaselwords] and the company who supposedly put it there in the first place (and admitted it was there) say it's not really there even though the new evidence is bullshit?
That sounds legitimate. It must be a false alarm.

Oh, the bank robber who robbed the bank and his "Legitimate businessmen" gangster buddies say he didn't rob the bank even though he confessed and the new evidence is circumstantial?
That sounds legitimate. Bank robber is free to go.

Slovenian StarLogger (4, Insightful)

BitterKraut (820348) | more than 3 years ago | (#35677640)

From Samsung's comment at http://www.samsungtomorrow.com/1071 [samsungtomorrow.com] it seems that the security program used identified the folder as StarLogger based solely on the fact that the folder's name is SL for Slovene. Incredible.

Re:Slovenian StarLogger (1)

LordStormes (1749242) | more than 3 years ago | (#35677744)

Wouldn't that folder be in nearly every Windows install? Or is that something that's only installed when you turn that language on in the Windows setup? Otherwise, it should have been pretty easy for VIPRE to test that condition. Do we know if Mr. Security Expert had the Slovenian language installed?

Re:Slovenian StarLogger (4, Informative)

jcla (821834) | more than 3 years ago | (#35677806)

I checked my newly purchased Samsung laptop last night after I saw the article and it had the /sl folder on it, but it took about half a second and an ounce of brainpower to notice that there was a large number of similar directories that all looked like language/country codes. And they all had the same kind of non-executable file in them. I'm not Slovenian. J

One word: (0)

Anonymous Coward | more than 3 years ago | (#35677944)

University of Phoenix.

Expert?!? LOL (1)

Anonymous Coward | more than 3 years ago | (#35678010)

Seriously?
"Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix. "
Goes to show you all that credentials do mean a thing.

And according to Register "Hassan investigated the matter before working on a story for NetWork World that compared the incident to the infamous Sony BMG rootkit fiasco of 2005."
LOL that's some amazing investigation skill for a security consultant. Turns out he was using a 3rd rate antivirus software, didn't bother to verify the result is correct (finding actual evidence of the keylogger program or use another antivirus to verify), and it was Microsoft software and not Samsung related at all.

He needs to hang up his jacket as a security "expert"

Their phones still ship with one (1)

Anonymous Coward | more than 3 years ago | (#35678084)

They ship CarrierIQ on their Android phones on Sprint. It's hooked in to read all sms messages, button presses, etc.
http://forum.xda-developers.com/showpost.php?p=11763089 [xda-developers.com]

This reporter (0)

Anonymous Coward | more than 3 years ago | (#35678136)

promises to be more trusting and less vigilant in the future.

Liars! (0)

Anonymous Coward | more than 3 years ago | (#35678210)

This line

Security Expert? (2)

stinkbomb (238228) | more than 3 years ago | (#35678236)

"Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix."

And is now the laughing-stock of the IT security world.

Nice job moron!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>