John Oliver interview with Edward Snowden.

John Oliver has been knocking it out of the park ever since he left The Daily Show to start his own comedy news show on HBO. Last Week Tonight manages to both entertain and inform and, in some ways, is a better show than TDS. Best of all, HBO and Oliver makes full length segments of the show available on YouTube so you don’t have to pay for HBO to see it.

Each week Oliver picks a topic and does a deep dive on it and this week he’s tackling surveillance and Section 215 of the Patriot Act and how we’re not having the debate we should be about the NSA and domestic spying. It’s a great segment, but it’s even better because he managed to score an interview with the man who arguably made it possible to have this debate, Edward Snowden, and he doesn’t pull any punches with his questions:

Once again I have to marvel at how a comedy news program manages to do better journalism than the supposed news channels. It also breaks things down into a context that is not only funny, but which the average person can comprehend.

As Oliver points out, part of the reason we’re not having this debate is because the subject matter is so highly technical and hard to understand for most folks. It’s doesn’t help that too many people barely pay attention to what’s going on around them. Ask them who Taylor Swift is and they can recite lyrics from her latest single, but ask who Edward Snowden is and too many don’t have a clue. These programs need to be seriously revised and given more transparency, but that’s not going to happen so long as we don’t bother to talk about them.

Finally, this gives me a chance to make use of this:

Would've been funnier back when it was still winter, but fuck it.

Would’ve been funnier back when it was still winter, but fuck it.

SEB Mailbag: Hilariously bad extortion email from the “FBI.”

unbearable_consequencesBeing a famous and world renowned blogger such as I am I tend to get a lot of phishing emails where the authors attempt to convince me to send them money. This time out it arrived in the form of yet another letter from the Federal Bureau of Investigations. This isn’t the first time I’ve heard from the “FBI.” I got two emails from them just days apart back in 2008. Back then they contained offers to help me acquire money that I had inherited in another country.

This one is a different story. This one is a threat to ruin my life. Well, it starts that way at least. Then it suggests that the sender knows I wasn’t the person who engaged in the illegal activity because my identity had been used by someone else, but I could still face the consequences unless this person helps me because he’s a Good Christian® and would hate to see me go to jail. (You gotta love how they toss some religion in there.) So if I wire some dude in some other country who doesn’t even have an FBI mailing address $250 he’ll get the whole thing straightened out for me PLUS I’ll get the $10.5 million that I was promised in the previous emails that got me in this mess to begin with! This guy is all over the place and can’t decide which route he should go to convince me to send some money. If one approach is good then all of them must be better, right?

Here’s the hilarious email complete with spelling and grammar errors:

From: “Federal Bureau Of Investigation”<info@fbi.us>
Subject: Re: Final Warning From FBI.

FBI headquarters in Washington, d.c.
Federal bureau of investigation
J. Edgar Hoover building
935 Pennsylvania avenue,
NW Washington, d.c. 20535-0001
Federal bureau of investigation (FBI)

Attention Needed.

Attention to you. This is the final warning you are going to receive from me do you get me????

I hope your understand how many times this message has been sent to you?.

We have warned you so many times and you have decided to ignore our e-mails or because you believe we have not been instructed to get you arrested, and today if you fail to respond back to us with the payment then, we would first send a letter to the mayor of the city where you reside and direct them to close your bank account until you have been jailed and all your properties will be confiscated by the FBI. We would also send a letter to the company/agency that you are working for so that they could get you fired until we are through with our investigations because a suspect is not suppose to be working for the government or any private organization.

Your id which we have in our database been sent to all the crimes agencies in (USA) for them to insert you in their website as an internet fraudsters and to warn people from having any deals with you. This would have been solved all this while if you had gotten the certificate signed, endorsed and stamped as you where instructed in the e-mail below. this is the federal bureau of investigation (FBI) am writing in response to the e-mail you sent to us and am using this medium to inform you that there is no more time left to waste because you have been given from the 13th of January. As stated earlier to have the document endorsed, signed and stamped without failure and you must adhere to this directives to avoid you blaming yourself at last when we must have arrested and jailed you for life and all your properties confiscated.

You failed to comply with our directives and that was the reason why we didn’t hear from you on the 13th as our director has already been notified about you get the process completed yesterday and right now the warrant of arrest has been signed against you and it will be carried out in the next 48hours as strictly signed by the FBI director. We have investigated and found out that you didn’t have any idea when the fraudulent deal was committed with your information’s/identity and right now if you id is placed on our website as a wanted person, i believe you know that it will be a shame to you and your entire family because after then it will be announce in all the local channels that you are wanted by the FBI.

As a good Christian and a honest man, I decided to see how i could be of help to you because i would not be happy to see you end up in jail and all your properties confiscated all because your information’s was used to carry out a fraudulent transactions, i called the efcc and they directed me to a private attorney who could help you get the process done and he stated that he will endorse, sign and stamp the document at the sum of $250.00 usd only and i believe this process is cheaper for you. You need to do everything possible within today and tomorrow to get this process done because our director has called to inform me that the warrant of arrest has been signed against you and once it has been approved, then the arrest will be carried out, and from our investigations we learn that you were the person that forwarded your identity to one impostor/fraudsters in Benin Republic last year when he had a deal with you about the transfer of some illegal funds into your bank account
which is valued at the sum of la

I pleaded on your behalf so that this agency could give from tomorrow on,so that you could get this process done because i learn that you were sent several e-mails without getting a response from you, please bear it in mind that this is the only way that i can be able to help you at this moment or you would have to face the law and its consequences once it has befall on you. You would make the payment through western union money transfer with the below details.

Receiver name: Okagbue Christian
Country: Republic Nigeria
City: Abuja
Text question: You
Text answer: Me
Amount: $250
Senders name:
Senders Country:

Send the payment details to me which are senders name and address, mtcn number, text question and answer used and the amount sent. Make sure that you didn’t hesitate making the payment down to the agency by today or tomorrow so that they could have the certificate endorsed, signed and stamped immediately without any further delay. After all this process has been carried out, then we would have to proceed to the bank for the transfer of your compensation funds which is valued at the sum of $10,500.000.00 MILLION U.S. Dollars which was suppose to have been transferred to you all this while.

Note/ all the crimes agencies have been contacted on this regards and we shall trace and arrest you if you disregard this instructions. You are given a grace tomorrow to make the payment for the document after which your failure to do that will attract a maximum arrest and finally you will be appearing in court for act of terrorism, money laundering and drug trafficking charges, so be warned not to try any thing funny because you are been watched.

Thanks as i wait for your response

Respectively:

Agent Norman Wood.
E-mail: drnormanwood@qq.com
Federal Bureau Of Investigation (FBI)

Religious sites are more dangerous than porn sites for getting malware.

We all have that one friend/relative/client who seems to get infected with some form of virus or malware every week and those of us who take on the task of cleaning up their PCs every time they do always tell the same joke: This wouldn’t happen if you’d stop visiting all those porn sites.

But it turns out that it’s actually religious sites that are the real malware threat. At least according to a report from the folks at Symantec:

The average number of threats found on religious sites was 115 mostly fake antivirus software. By contrast, pornographic sites had less than a quarter, at around 25 threats per site. Of course, the number of pornographic sites is vastly greater than religious sites.

According to Greg Day, Symantec’s security CTO for Europe, the Middle East and Africa, while trojans may seem more serious, “if you have installed fake AV you may think you are protected, when in reality you are open to all sorts of attacks.”

This does make a certain bit of sense when you think about it. A lot of religious websites are set up and maintained by church people with varying degrees of computer skills whereas most successful porn sites are run by people who know what they’re doing and how to secure their platforms. No one thinks the asshats who put malware out on the net are going to bother with some piddly-ass church site so there’s less concern about updating software or locking down server access even if the person running it has a clue how to do those things. From the hacker’s point of view, however, every PC infected is one more PC in the botnet that can send out spam/DDoS attacks/whatever. A lot of attempted hacks are automated with scripts these days so if it’s trivial to hack a site and install your malware it’s worth doing so even if it only nets you a handful of PCs. Not like the hackers themselves even have to think about it.

Which is why you should always wear a condom when you go to religious websites. You know, just to be safe.

ISPs and FBI warning about a nasty rootkit called Alureon.

I got an email from an SEB regular about an email they got to check their PC to see if it’s infected that directed them to DCWG.org. She wanted to know if it was legit or a scam. I checked it out and wrote back and I thought the info would be useful for others so here’s her original email followed by my reply:

Subject: dcwg scam

Not hate mail, but a query:  Is this dcwg.org computer checking site that the FBI is sending us to legit?

You’re the only computer guy I “know” [and not in the biblical sense!]

And my reply:

I hadn’t heard about it before, but it doesn’t appear to be a scam. Their about page (http://www.dcwg.org/aboutcontact/) says it’s a joint effort between the FBI, Georgia Tech, The Internet Systems Consortium, Mandiant, National Cyber Forensics and Training Alliance, Neustar, Spamhaus, Team Cynmru, Trend Micro, and the University of Alabama at Birmingham. That’s a pretty impressive group and many of them have links back to dcwg.org. They also provide several links to the FBI (http://www.fbi.gov/news/stories/2011/november/malware_110911) and other sources for confirmation, plus there’s a good number of news articles about it (http://www.usatoday.com/tech/news/story/2012-04-20/internet-woes-infected-pcs/54446044/1). On top of that there’s a number of articles about it at various ISP such as Comcast (http://forums.comcast.com/t5/Security-and-Anti-Virus/DNS-Changer-Bot-FAQ/td-p/1215341). The fact that it has pretty good prominence on Google’s search is a good indicator it’s legit as well.

If you were sent a notice from your ISP I’d take it seriously and run a couple of the tests to verify. This is a nasty rootkit that modifies what DNS servers you connect to to resolve domain names (it’s how you get from typing in stupidevilbastard.com to an IP address the computer can understand which for SEB would be 209.240.81.155). The rootkit modifies the hosts file on your PC and can, apparently, even modify some home routers as well (especially if you never changed the default password). One clear sign is if your antivirus software has been disabled, but check the links for more info. It appears it’s the Alureon rootkit which you can read more about at Wikipedia: http://en.wikipedia.org/wiki/Alureon

Don’t panic too much. Even if you are infected and lose connectivity in July your PCs can be fixed. The reason they’re working now is the FBI has seized the rogue DNS servers and replaced them with non-naughty ones, but they’re not going to keep them running forever. When they shut them done in July your PC won’t be able to resolve domain names. It’s not that you’re not connected to the net, just that you’d be limited to typing in IP addresses like the one I gave you for SEB. That bypasses DNS altogether.

Les

A small security reminder: Beware of suspicious links!

Even if they come from friends and family on Facebook and other social sites. And always use different passwords on every site!

Worm steals 45,000 Facebook login credentials, infects victims’ friends

A worm previously used to commit financial fraud is now stealing Facebook login credentials, compromising at least 45,000 Facebook accounts with the goals of transmitting malicious links to victims’ friends and gaining remote access to corporate networks.

The security company Seculert has been tracking the progress of Ramnit, a worm first discovered in April 2010, and described by Microsoft as “multi-component malware that infects Windows executable files, Microsoft Office files and HTML fil…

If you have an affected HP printer you’re going to want to apply this firmware update.

If you have an affected HP printer you’re going to want to apply this firmware update.

Sounds like it won’t be too long before we start seeing this exploit show up in the wild. I wonder if anti-virus programs could be made to detect the malicious documents? #google+ #computing #security #HP

Printer malware: print a malicious document, expose your whole LAN

One of the most mind-blowing presentations at this year’s Chaos Communications Congress (28C3) was Ang Cui’s Print Me If You Dare, in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers. Cui discovered that he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. As part of his presentation, he performed two demonstrations: in the first, he sent a document to …

Beware cold calls from people claiming to be from Microsoft about problems with your computer.

I got a fun phone call this evening. The number was blocked and my initial reaction was to not answer it, but my boss is in town and the phones at work don’t always show up properly on my phone’s caller ID so I went against my better judgement and answered it. The man on the other end of the line had a very thick Indian accent and sounded like he was working in a call center. He claimed to be an official Microsoft Technical Support technician and that they had been alerted to problems with my PC that could result in “very bad” crashes that could result in “total loss of all data.”

Naturally I was very concerned about this newly discovered risk and he helpfully offered to show me where on my computer I could see for myself the dozens of error messages they had been receiving through a “web server” (you could almost hear the double quotes in the way he said it). He had me sit down in front of my PC (I was already there) and gave me step-by-step instructions on how to launch the Event Viewer in Windows. Therein he directed me to the Custom Views and Administrative Events log where there were, indeed, dozens and dozens of error messages and warnings including some that were critical! Oh my!

These generic error messages spell my DOOOOOM!

This is why, he explained as though I were a five-year-old, that my computer was at risk and that I had hit the limit which triggered their contacting me. Not to fear, they could assist in fixing the problem! He asked if I had Internet Explorer, I said I do, so he instructed me to go to a webpage where I should download a product called Ammyy Admin 3 (it’s free!) which would allow them to assist me directly.

It was at this point that I informed him that I was a computer technician myself and that I knew there wasn’t anything wrong with my computer and that they weren’t receiving notifications through a “web server” of problems I might be having and… that’s when he hung up on me.

Now it appears that the Ammyy Admin 3 software is a legitimate product used by a number of folks that asshole scammers have latched onto for this cold calling scam because it’s free and allows them to take control of your PC once it’s installed. There’s even a forum thread on their site about this scam. Not to mention that if you Google the URL you were given you find that immediately after the link to the Ammyy software homepage are links to people reporting on this scam. Word has it that if you go along with the scam they’ll show you some more generic error messages in the Event Viewer logs and tell you it’s because your system is infected with a virus and then they’ll take you to a website where they’ll try to get you to buy an anti-virus software package that probably doesn’t do jack shit. The details vary as does the software — this account from another support professional back in 2005 said they used a remote desktop package called Teamviewer — but the scam is the same. Show you some scary looking logs and convince you to buy their bullshit software.

Here’s the thing, at any given point in time the Event Viewer is almost always going to be chock full of error messages. That’s just the nature of the Windows beast. If you’re familiar with the Event Viewer then it’s not too difficult to figure out that most of these aren’t anything to be concerned about, but for the average Jane or Joe it can look pretty alarming. Folks have said that once they take control of your PC they’ll also do stupid things like list the files in your Temp or Prefetch folder and then tell you that those files are the result of spyware or a virus. Again, if you’re not that familiar with how Windows works it could look pretty scary. One red flag that you’re being bullshitted is the fact that they have you download a free third-party Remote Desktop tool. Windows already has a Remote Desktop tool built in along with a Remote Assistance tool which Microsoft would probably make use of if it was really Microsoft. Which it isn’t because Microsoft would never call you for something like this.

As near as I can tell, the scammers aren’t using the opportunity of having full access to your computer to steal your personal information (e.g. documents, credit card numbers, bank passwords, etc.) but I didn’t dig into too many of the websites that are talking about this so I can’t say for sure that they aren’t. Needless to say, once you’ve given them access to your machine you should probably consider it comprised badly enough to back up your data, erase your hard drive, and reinstall everything from scratch. Hopefully you’ll have read this first and will recognize these assholes when they come calling.

Own an iPhone or iPad? It’s been tracking everywhere you go for the past year.

Pic of output from iPhone Tracker app.

A sample of the output. The bigger the dot the more times you've been recorded as being there.

Here’s something you probably didn’t know about your iPhone/iPad: It appears to be keeping a record of everyplace you’ve ever been both the device itself and on your computer if you use iTunes to back up your phone. The folks over at AresTechnica.com have the details:

Researchers Alasdair Allan and Pete Warden revealed their findings on Wednesday ahead of their presentation at the Where 2.0 conference taking place in San Francisco. The two discovered that the iPhone or 3G iPad—anything with 3G data access, so no iPod touch—are logging location data to a file called consolidated.db with latitude and longitude coodinates and a timestamp. The data collection appears to be associated with the launch of iOS 4 last June, meaning that many users (us at Ars included) have nearly a year’s worth of stalking data collected.

In order to drive the point home, the two developed an open source application called iPhone Tracker that lets anyone with access to your computer see where you’ve been.

Now some of you might be thinking this isn’t anything new as these products have long had GPS features that will tell you where you are and they often notify you that they’re doing so when you use them. Yeah, but this is slightly different. This tracking isn’t being done using the GPS, but by triangulating your position relative to cell phone towers:

Users don’t get to decide whether their locations are tracked via cell towers or not—unlike GPS, there is no setting that lets users turn it off, there’s no explicit consent every time it happens, and there’s no way to block the logging. (Nitpickers will point out that you do give your consent to iTunes when you download and install iOS 4, but this is not treated the same way as the consent given to the iPhone every time an app wants to use GPS.) So, whether or not you’re using GPS, if you’re using your iPhone as a cell phone, you are being tracked and logged constantly without your knowledge.

The only way to avoid this tracking is to turn off the cellphone part of the device. Now the problem here isn’t so much that your devices are tracking your every move, but that you’re not being told about it. The good news is that, as near as the researchers can determine, this data is not being sent back to Apple or any other third party. The bad news is that it’s not at all difficult to get access to which means that if you lose your phone or your computer is compromised then anyone with the iPhone Tracker app can call up everywhere you’ve ever been with it. You can bet your ass that law enforcement absolutely loves this “feature” so if you’ve ever been anywhere you don’t want someone to know about, well, hope you didn’t have an iPhone with you.

Of course, this only really matters if you give a shit about people knowing your comings and goings. Something which more and more people seem to have stopped worrying about. In fact, the folks at Gawker are reporting that this discovery has spawned a hot new trend:

When it comes to technology today, there is barely any distance between outrageous privacy violation and cool new feature. When news broke yesterday that Apple has been secretly spying on iPhone users, many people immediately broadcasted the illicit data to everyone.

[…] Holy crap, Apple has been secretly logging our every move for months? Let’s… broadcast it to everyone on the internet! Many techies are now showing off their iSpy maps: “I find myself fascinated staring at this automatically generated record of where I’ve been,” wrote tech blogger Alexis Madrigal. Tumblr and Twitter arefull of them. “I don’t get out of West LA enough,” user aboycommemoi observed.

For its part, Apple hasn’t said shit about this discovery, but there is some indication that this may not have been an intentional breach of user trust. More likely it’s a bug or an oversight in the program. The folks at Gizmodo explain:

As Gruber’s been informed, consolidated.db—the tin-foil-hat-inducing log in question—is a cache for location data. (As Pete Warden and Alasdair Allan’s FAQ about their project implies.) What’s supposed to happen with the cache is that the “historical data should be getting culled but isn’t”—because of said bug or oversight. In Gruber’s words:

I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.

So how freaked out should you be? If you don’t own an iPhone or iPad then this isn’t really an issue for you. If you do then it depends on how much you give a shit if someone could potentially get hold of that data. The chances that you’ll be hacked and have it stolen for some nefarious, but unknown purpose is probably minimal. However that data is something that could potentially be used against you by law enforcement if they should happen to have reason to acquire it.

Given the recent hoopla here in Michigan where the State Police have been accused of extracting data from cell phones during routine traffic stops, that may be something to consider. (Note, the MSP put out a response to the ACLU’s assertions saying that they do not collect cell phone data during routine traffic stops and only do so with a court issued warrant.) And while you may say that you’ve nothing to hide from the police, it’s not like there aren’t cases where circumstantial and coincidental evidence got an innocent person convicted.

Just the same, forewarned is forearmed and it’s better to know what is being collected about you — intentionally or not — than not know.

Beware friends asking for emergency money via Facebook chat.

Pic of Facebook scam logo.Scammers are a clever bunch. They’re always coming up with ways to try and separate you from your cash. Lately it involves hacking Facebook accounts and then scamming friends of the victim into sending them money. The folks over at The Consumerist have two recent examples of the scam being thwarted by vigilant would-be victims:

Kevin was worried. His friend Mike said over Facebook chat that he and his wife and kids were stranded in London after getting mugged. They needed money wired immediately to settle their hotel bill. This was especially worrisome because Mike was supposed to be recuperating in the hospital from head surgery… Then Kevin realized that someone had cracked his friend’s Facebook account and was impersonating him.

If you check out both articles you’ll note that in both cases it shouldn’t be too hard to figure out that it was a scam simply from the rather amusingly bad English coming from the fake friends. Though, considering how poor some American’s typing habits are, I can see how it could be difficult to tell with some people.

Still, the scam tends to follow the same pattern. Said friend is stranded in some foreign country after having been mugged with the thief making off with their wallets and cellphones. Could you, pretty please, wire them some huge amount of money via Western Union so they can pay off their hotel bill and make their flight out of the country that’s due to leave in a couple of hours. No, they can’t call you. No, they don’t want you to send someone to pick them up. Just send them the fucking money and stop asking so many difficult questions like why it was they slept with your step-father in high school (see the first link for that amusing twist).

In short, much like the Windows operating system, Facebook has become a big enough thing that it’s now the target of criminals the world over who hope to take advantage of the trust you may have that the person claiming to be your friend really is your friend. You should always keep in mind how piss-poor most people’s password choices are and the fact that Facebook is like a sieve security-wise before rushing off to lend a hand.

[UPDATED] Samsung appears to be installing keyloggers on new computers they sell.

Samsung Logo

Luuuuucccyyy! You got some 'splanin' to do!

Bought a Samsung computer recently? Might want to run a malware check on it as it appears they may be intentionally installing a keylogger on it without telling you. Security consultant Mohamed Hassan has written an article for Network World that explains how he discovered the software on two new Samsung computers he purchased:

While setting up a new Samsung computer laptop with model number R525 in early February 2011, I came across an issue that mirrored what Sony BMG did six years ago.  After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

According to a Starlogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes.

Hassan removed the software and continued on his merry way until some system trouble prompted him to return the laptop and purchase another higher-end Samsung from a different store. When he got home he found that it also had the StarLogger software on it:

Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years. The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops.

Once might have been an anomaly, but twice makes it pretty clear that this was by design. Given the fiasco with the Sony BMG rootkit a couple of years back you’d think Samsung would know better than to pull something like this, but, just like Sony before them, they tried to claim no knowledge of the software:

On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since “all Samsung did was to manufacture the hardware.” When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors.

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.”

In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.

Yeah, that’s a bullshit answer. Keyloggers don’t monitor performance, they monitor your fucking keyboard. Hence the name KEYLOGGER. This particular keylogger is also capable of taking screenshots and emailing them along with the captured data without you ever knowing about it. Imagine buying a brand new computer and doing some online shopping or banking without knowing that it’s recording everything you type and sending it back to the manufacturer. Well, some of you probably don’t have to imagine that happening to you.

I can’t think of a single legitimate reason for Samsung to be capturing that kind of data. What are they really using it for? How are they securing it? How long are they keeping it? What makes them think this is even remotely legal?

This is particularly annoying as I like a lot of things Samsung makes, the LCD monitors on my desk are from Samsung. I don’t own any computers made by them and I’ll definitely think twice before picking one up. The only question now is how long before the class action lawsuit is filed.

[Updated 9:35AM 3/31/11] Samsung didn’t waste anytime looking into this and it appears that they may be the victim of a false positive according to this article at CrunchGear:

Word comes from Samsung’s official Korean language blog, Samsung Tomorrow, that the company was able to recreate the incident and a keylogger is not on a factory-fresh notebook. The company states that the VIPRE security software used by the original whistleblower mistakenly reports the Microsoft Slovene language folder (c:\windows\SL) as the commercially available Starlogger keylogger. See the screenshot above for the proof — or if you have a R525 or R540 notebook, recreate the test yourself. As it sits right now though, it seems Samsung didn’t follow Acer’s lead and ship infected notebooks.

This is good news indeed. I can imagine Samsung wanted to nip this potential PR disaster in the bud as quickly as possible.