HP

HP Laptops Found To Have Hidden Keylogger (bbc.com) 112

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models, BBC reported on Monday citing the findings of a security researcher. From the report: Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work. HP said more than 460 models of laptop were affected by the "potential security vulnerability." It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop. He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing. According to HP, it was originally built into the Synaptics software to help debug errors. It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
Android

Qualcomm Announces Latest Snapdragon 845 Processor (9to5google.com) 37

The processor to power the next generation of Android flagship smartphones has been announced today. Qualcomm unveiled the new Snapdragon 845 processor at the 2017 Snapdragon Tech Summit, where Microsoft announced it was working with its PC partners to bring Windows 10 to Qualcomm's ARM processors. While more technical details of the chip will be announced tomorrow, we do know that the Snapdragon 845 processor is based on a 10nm processor and will feature the latest X20 LTE modem for gigabit connectivity speeds. Generally speaking, the new processor will bring improved performance, better power efficiency, and improved image processing.
Microsoft

Microsoft Debuts Windows 10 on ARM; Asus and HP Unveil Laptops With 20-Hour Battery Life, Gigabit LTE (zdnet.com) 139

Mary Jo Zoley, writing for ZDNet: A year ago, Microsoft announced it was working with its PC partners to bring Windows 10 to Qualcomm's ARM processors. The resulting machines, part of the "Always Connected PC" ecosystem, would start rolling out before the end of calendar 2017, officials said. Today, December 5, Microsoft provided a progress report on Windows on ARM at Qualcomm's Snapdragon Tech Summit. Microsoft and PC makers Asus and HP showed off new PCs running Windows 10 on Snapdragon 835 at the event. Asus' NovoGo will begin shipping at least in quantities before year-end, I've heard. Models with 4 GB of RAM and 16 GB of storage will be available starting at $599, and 8GB/256 GB storage model at $799, Asus officials said today. Asus is claiming 22 hours of continuous video playback and 30 days of standby. HP's Envy x2 -- like most of the ARM-based Always Connected Windows 10 devices -- won't be available until Spring of 2018. Users can get up to 20 hours of active use and 700 hours of "Connected Modern Standby." Pricing is not yet available.
HP

HP Quietly Installs System-Slowing Spyware On Its PCs, Users Say (computerworld.com) 127

It hasn't been long since Lenovo settled a massive $3.5 million fine for preinstalling adware on laptops without users' consent, and it appears HP is on to the same route already. According to numerous reports gathered by news outlet Computer World, the brand is deploying a telemetry client on customer computers without asking permission. The software, called "HP Touchpoint Analytics Service", appears to replace the self-managed HP Touchpoint Manager solution. To make matter worse, the suite seems to be slowing down PCs, users say. From the report: Dubbed "HP Touchpoint Analytics Service," HP says it "harvests telemetry information that is used by HP Touchpoint's analytical services." Apparently, it's HP Touchpoint Analytics Client version 4.0.2.1435. There are dozens of reports of this new, ahem, service scattered all over the internet. According to Gunter Born, reports of the infection go all the way back to Nov. 15, when poster MML on BleepingComputer said: "After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test." According to Gartner, HP was the largest PC vendor in the quarter that ended in September this year.
AMD

First AMD Ryzen Mobile Laptop Tested Shows Strong Zen-Vega Performance (hothardware.com) 85

MojoKid writes: AMD Ryzen Mobile processors are arriving now in retail laptops from the likes of HP, Lenovo and Acer. With the first CPUs to hit the market, AMD took quad-core Ryzen and coupled it with 8 or 10-core Vega GPUs on a single piece of silicon in an effort to deliver a combination of strong Ryzen CPU performance along with significantly better integrated graphics performance over Intel's current 8th Gen Kaby Lake laptop chips. AMD Ryzen 7 2700U and Ryzen 5 2500U chips have 4MB of shared L3 cache each, but differ with respect to top-end CPU boost clock speeds, number of integrated Radeon Vega Compute Units (CUs), and the GPU's top-end clocks. Ryzen 7 2700U is more powerful with 10 Radeon Vega CUs, while Ryzen 5 2500U sports 8. Ryzen 7 2700U also boosts to 3.8GHz, while Ryzen 5 2500U tops out at 3.6GHz. In the benchmarks, Ryzen Mobile looks strong, competing well with Intel quad-core 8th Gen laptop CPUs, while offering north of 60 percent better performance in graphics and gaming. Battery life is still a question mark, however, as some of the very first models to hit the market from HP have inefficient displays and hard drives instead of SSDs. As more premium configurations hit the market in the next few weeks, hopefully we'll get a better picture of Ryzen Mobile battery life in more optimized laptop builds.
Businesses

HP Enterprise CEO Meg Whitman To Step Down (reuters.com) 101

Hewlett Packard Enterprise's Meg Whitman is stepping down as chief executive officer. Reuters reports: Whitman engineered the biggest breakup in corporate history during her 6 year tenure at the helm, creating HPE and PC-and-printer business HP Inc from parent Hewlett Packard Co in 2015. Whitman will be succeeded by the company's president, Antonio Neri, who takes over from Feb. 1. "Now is the right time for Antonio and a new generation of leaders to take the reins of HPE," Whitman said in a statement. Whitman, who will continue as a board member, had been steering the company towards areas such as networking, storage and technology services.
ISS

The International Space Station Is Getting Its First Printer Upgrade in 17 Years (mashable.com) 174

Lance Ulanoff, writing for Mashable: Somewhere, 254 miles above us, an astronaut is probably printing something. Ever since the International Space Station (ISS) welcomed its first residents in November of 2000, there have been printers on board. Astronauts use them to print out critical mission information, emergency evacuation procedures and, sometimes, photos from home. According to NASA, they print roughly 1,000 pages a month on two printers; one is installed on the U.S. side of the ISS, the other in the Russian segment. ISS residents do all this on 20-year-old technology. "When the printer was new, it was like 2000-era tech and we had 2000-era laptop computers. Everything worked pretty good," recalled NASA Astronaut Don Pettit, who brought the first printer up to the ISS. But "the printer's been problematic for the last five or six years," said Pettit who's spent a total of one year on the station. It's not that the Space Station has been orbiting with the same printer since Justin Timberlake was still N'Sync. NASA had dozens of this printer and, as one failed, they'd send up another identical model. But now it's time for something truly new. In 2018, NASA will send two brand new, specialized printers up to the station. However, figuring out the right kind of printer to send was a lot more complicated than you'd probably expect. NASA has turned to HP for its IT supply and needs. The agency requires the following things in its printer: print and handle paper management in zero gravity, handle ink waste during printing, be flame retardant, and be power efficient. HP, Mashable reports, has recommended the HP Envy 5600, its all-in-one (printer, scanner, copier, fax) device that retails for $129.99. The model has been modified, according to the report.
HP

Hewlett-Packard Historical Archive Destroyed In California Fires (pressdemocrat.com) 124

An anonymous reader quotes the Press Democrat: When deadly flames incinerated hundreds of homes in Santa Rosa's Fountaingrove neighborhood earlier this month, they also destroyed irreplaceable papers and correspondence held nearby and once belonging to the founders of Silicon Valley's first technology company, Hewlett-Packard. The Tubbs fire consumed the collected archives of William Hewlett and David Packard, the tech pioneers who in 1938 formed an electronics company in a Palo Alto garage with $538 in cash. More than 100 boxes of the two men's writings, correspondence, speeches and other items were contained in one of two modular buildings that burned to the ground at the Fountaingrove headquarters of Keysight Technologies. Keysight, the world's largest electronics measurement company, traces its roots to HP and acquired the archives in 2014 when its business was split from Agilent Technologies -- itself an HP spinoff.

The Hewlett and Packard collections had been appraised in 2005 at nearly $2 million and were part of a wider company archive valued at $3.3 million. However, those acquainted with the archives and the pioneering company's impact on the technology world said the losses can't be represented by a dollar figure... Karen Lewis, the former HP staff archivist who first assembled the collections, called it irresponsible to put them in a building without proper protection. Both Hewlett-Packard and Agilent earlier had housed the archives within special vaults inside permanent facilities, complete with foam fire retardant and other safeguards, she said. "This could easily have been prevented, and it's a huge loss," Lewis said.

Lewis has described the collection as "the history of Silicon Valley ... This is the history of the electronics industry." Keysight Technologies spokesman Jeff Weber said the company "is saddened by the loss of documents that remind us of our visionary founders, rich history and lineage to the original Silicon Valley startup."

23 Californians were killed in the fires, which also destroyed 6,800 homes, and Weber says Keysight had taken "appropriate and responsible" steps to protect the archive, but "the most destructive firestorm in state history prevented efforts to protect portions of the collection."
AMD

AMD Unveils Ryzen Mobile Processors Combining Zen Cores and Vega Graphics (hothardware.com) 41

MojoKid writes: AMD is officially launching a processor family today known by the code name Raven Ridge, but now referred to as Ryzen Mobile. The architecture combines AMD's new Zen CPU core architecture, along with its RX Vega GPU integrated into a single chip for laptops. There are two initial chips in the mobile processor family that AMD is announcing today: the Ryzen 5 2500U and the Ryzen 7 2700U. Both processors feature four cores capable of executing 8 threads with SMT. However, there are differences with respect to processor clocks and GPU specs. AMD's Ryzen 5 2500U has a base clock of 2GHz and a boost clock of 3.6GHz, while Ryzen 7 2700U cranks up another 200MHz on both of those figures. Ryzen 5 2500U features 8 Radeon Vega graphics CUs (Compute Units) and a GPU clock of 1.1GHz, compared to 10 Radeon Vega CUs and a GPU clock of 1.3GHz for the higher-end Ryzen 7 2700U. AMD is making rather ambitious claims for the new processors, and promises some impressive gains over its 7th generation Bristol Ridge predecessors. According to AMD, CPU and GPU performance will see 200 percent and 128 percent uplifts, respectively. AMD is also showcasing benchmark numbers that have the new CPUs outgunning Intel's new quad-core Kaby Lake R chips in spots, along with significant performance advantages in gaming and graphics, on par with discrete, entry-level laptop GPUs like NVIDIA's GeForce 950M. Thin and light laptops from HP, Lenovo and Acer powered by Ryzen Mobile are expected to ship in Q4 this year.
Security

HP Enterprise Let Russia Scrutinize The Pentagon's Cyberdefense Software (reuters.com) 121

"A Russian defense agency was allowed to review the cyberdefense software used by the Pentagon to protect its computer networks," writes new submitter quonset. "This according to Russian regulatory records and interviews with people with direct knowledge of the issue." Reuters reports: The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of Hewlett Packard Enterprise's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman. Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack. "It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary."
It's another example of the problems security companies face when they try to do business internationally, according to Reuters. "One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software."

Long-time Slashdot reader bbsguru has his own worries. "So, opening your code for review because it is demanded by a potential customer? What could possibly go wrong? HPE may find out, and the U.S. Military is among the many clients depending on the answer."
Google

Google Wants Its New Pixelbook to Win the Laptop and Tablet Battle (fortune.com) 104

Google is once again trying to make a big splash with laptop computers, this time with its new Pixelbook. From a report: Google debuted its Pixelbook, a new laptop-tablet hybrid during its Pixel 2 event in San Francisco on Wednesday, a high-end version of its barebones Chromebook laptops that rely on Google's Chrome operating system (OS). Google hopes its new Pixelbook, which sells for $999 to $1,649, will give it a viable challenger to Apple's MacBooks and other premium laptops. With Google's low-end Chromebooks, the company supplies the OS while third-party companies like HP Inc. and Dell build the devices. But Chromebooks are bulky, short on processing power, have limited storage, and are incompatible with Google's new Pixelbook stylus pen for drawing digital images on touchscreens. Matt Vokoun, Google's director for Chromebooks, emphasized that his company is serious about the Pixelbook. Although Google previously sold both high-end laptops and tablets, they were mostly "demonstration-oriented," he said, meaning Google didn't produce many of them and that they were instead for showing to potential manufacturers to get them on board with the idea.
HP

HP's Spectre x360 13 Promises Up To 16 Hours of Battery Life in a Faster, Cooler Design (pcworld.com) 45

From a report: The HP Spectre x360 13 is already one of the most popular 360-degree convertible laptops, and it's about to get faster and cooler, thanks in part to Intel's latest 8th-generation Core CPUs. Announced Wednesday, the refreshed Spectre x360 13 also offers greatly improved thermals and other nice tweaks. The Spectre x360 13 will ship on October 29 with a starting price of $1,150, including a color-matched pen. Best Buy will begin taking pre-orders October 4. Multiple configurations will be available, but we're listing below the specs we were given for the higher-end model ae013dx: CPU: Intel 8th-generation Core i7-8550U, a quad-core CPU with a 1.8GHz base clock and turbo boost up to 4GHz. Core i5 CPUs will also be available. RAM: 16GB LPDDR3 SDRAM. Storage: 512GB PCIe NVMe M.2 SSD.
Windows

HP Users Complain About 10-Minute Login Lag During 'Win 10 Update' (theregister.co.uk) 105

A number of HP device owners are complaining of seeing black screens for around five to 10 minutes after entering their Windows login information. From a report: They appear to be pointing the finger of blame at Windows 10 updates released September 12 for x64-based systems. One, a quality update called KB4038788, offered a whopping 27 bullet points for general quality improvements and patches, such as an "issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working." Another, KB4038806, was a "critical" patch for Adobe Flash Player that allowed remote code execution.
Software

How Proprietary Software Lets Companies Cheat (locusmag.com) 228

"Proprietary software makes it possible to design products to cheat ordinary users..." writes Richard Stallman -- linking to a new essay by Cory Doctorow: Carriers adapted custom versions of Android to lock customers to their networks with shovelware apps that couldn't be removed from the home-screen and app store lock-in that forced customers to buy apps through their phone company. What began with printers and spread to phones is coming to everything: this kind of technology has proliferated to smart thermostats (no apps that let you turn your AC cooler when the power company dials it up a couple degrees), tractors (no buying your parts from third-party companies), cars (no taking your GM to an independent mechanic), and many categories besides.

All these forms of cheating treat the owner of the device as an enemy of the company that made or sold it, to be thwarted, tricked, or forced into conducting their affairs in the best interest of the company's shareholders. To do this, they run programs and processes that attempt to hide themselves and their nature from their owners, and proxies for their owners (like reviewers and researchers). Increasingly, cheating devices behave differently depending on who is looking at them. When they believe themselves to be under close scrutiny, their behavior reverts to a more respectable, less egregious standard. This is a shocking and ghastly turn of affairs, one that takes us back to the dark ages.

AMD

AMD Releases Ryzen PRO Processors Worldwide, 8-Core Ryzen Threadripper 1900X (techradar.com) 94

Today, AMD announced the global release and broad adoption of AMD Ryzen Pro desktop processors. At its launch event in New York City, the company touted three main pillars that define these chipsets: reliability, security, and performance. They support features like Trusted Platform Module 2.0, which integrates secure microcontrollers into devices, GuardMI technology, which enables silicon-level security to help protect against threats, and SenseMI technology, which consists of a collection of smart features that aims to fine-tune performance for most responsive applications. For the first time, AMD has partnered with the top three PC OEMs: HP, Dell and Lenovo. Brad Chacos for PCWorld provides a "rundown of the commercial-focused Ryzen Pro systems that are coming down the pipeline, straight from AMD":

-Dell Optiplex 5055 desktop PCs are expected to ship in the coming weeks.
-HP EliteDesk 705 desktop PCs are expected to ship in the coming weeks.
-Lenovo ThinkCentre M715 desktop PCs are expected to ship in the coming weeks.
-Lenovo ThinkPad A475 and A275 notebook PCs are expected in Q4 2017.
-Ryzen PRO mobile processors are scheduled for launch in the first half of 2018.

The global launch of the Ryzen Pro processors is not the only bit of news AMD announced. The company also announced the release of a new budget Threadripper 1900X model. From a report via TechRadar: AMD has released its 8-core Ryzen Threadripper 1900X processor, offering people who were put off by high price of the flagship 16-core Threadripper 1950X a chance to build a PC with all of the advanced Threadripper features for almost half the cash. As we expected, the Threadripper 1900X will come with eight cores clocked at 3.8GHz, with a turbo that reaches 4.0GHz (and an XFR boost to 4.2GHz), and will cost $549 -- almost half the Threadripper 1950X's $999 asking price, and a fair bit cheaper than the mid-range Threadripper 1920X, which costs $799. In fact, the price is within touching distance of the AMD Ryzen 7 1800X, which comes with eight cores and 16 threads, and costs $499.
Android

Palm Devices Are Coming In 2018 Without WebOS, Says Report (slashgear.com) 81

According to a new report, TCL will be manufacturing palm-branded devices next year. SlashGear reports: The Palm brand has been in limbo for the past half-decade, moving in and out of HP-connected devices then on into relative obscurity. The Palm operating system was acquired by LG and continues to be used (in some form or another) in LG smart TVs to this day -- as such, it won't be coming with the Palm phone set for next year. On the day when gesture controls for the next iPhone just started to look like the last phone version of Palm OS, word appears of Palm's resurgence. Sadly, this resurgence almost certainly wont include Palm OS. Word comes from Android Planet that TCL Marketing Manager Stefan Streit confirmed that they've finally gotten to a place where they can make a Palm phone. TCL acquired the Palm brand all the way back in 2011.
Microsoft

We're Not Walking Away From Continuum, Says HP (theregister.co.uk) 44

An anonymous reader shares a report: While Windows roadmaps purportedly leaked to a blog last week appear to have a big hole in them where mobile should be, HP Inc tells us it has been assured by Redmond there are no plans to drop Continuum. HP is the sole major mobile vendor committed to the Windows Mobile Edition of Windows 10 and bet big on Continuum, the multimode "use-your-phone-as-a-PC" feature on which some of HP's ambitions rest. El Reg was impressed by HP's plans to build an ecosystem around the multi-mode capabilities of the HP Elite x3 phone, which doubles up as a PC replacement. (Or tries to.) Launching in over 50 markets, the ecosystem includes a streaming apps service HP Workplace to fill in the app gap, and even a "lap dock." HP pitched it at field workers and verticals. The only thing letting Inc-ers down was the quality of the software from Microsoft. Spring came and went without the expected improvements to Continuum. Unauthorised briefings last week suggest the Windows Mobile branch of Windows 10 is now an orphan.
Bug

Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com) 187

"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers.

Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

Electronic Frontier Foundation

HP Patents 'Reminder Messages' (eff.org) 68

Daniel Nazer reports via the Electronic Frontier Foundation: On July 25, 2017, the Patent Office issued a patent to HP on reminder messages. Someone needs to remind the Patent Office to look at the real world before issuing patents. United States Patent No. 9,715,680 (the '680 patent) is titled "Reminder messages." While the patent application does suggest some minor tweaks to standard automated reminders, none of these supposed additions deserve patent protection. Although this claim uses some obscure language (like "non-transitory computer-readable storage medium" and "article data"), it describes a quite mundane process. The "article data" is simply additional information associated with an event. For example, "buy a cake" might be included with a birthday reminder. The patent also requires that this extra information be input via a "scanning operation" (e.g. scanning a QR code). The '680 patent comes from an application filed in July 2012. It is supposed to represent a non-obvious advance on technology that existed before that date. Of course, reminder messages were standard many years before the application was filed. And just a few minutes of research reveals that QR codes were already used to encode information for reminder messages. The Patent Office reviewed HP's application for years without ever considering any real-world products. Indeed, the examiner considered only patents and patent applications.

Slashdot Top Deals