Month: December 2017

\ (credit: Valentina Palladino)

Flaws in software often offer a potential path for attackers to install malicious software, but you wouldn't necessarily expect a hardware vendor to include potentially malicious software built right into its device drivers. But that's exactly what a security researcher found while poking around the internals of a driver for a touchpad commonly used on HP notebook computers—a keystroke logger that could be turned on with a simple change to its configuration in the Windows registry.

The logger, which could potentially be leveraged by an attacker or malware to harvest login credentials and other data, was discovered by security reasearcher Michael Myng (also known as ZwClose) lurking within driver software for Synaptics touchpads—used by hundreds of HP and Compaq business and consumer notebook computer models, as well as many other Windows notebook computers from other manufacturers. Myng disclosed the discovery on his blog on December 7 after the problem was disclosed to HP.

The keylogger was apparently included for debugging during development and is disabled by default. However, a user or software with administrative privileges could activate the keylogger by making a registry change—potentially remotely using Windows Management Instrumentation (WMI) or PowerShell scripts. Once turned on, it captures keystrokes and generates a trace log file.

We've re-launched our Ars Technica merch store just in time for the holidays, and the response has been great—"Nuke it from orbit" mugs and Ars hyperspace logo T-shirts are flying off the virtual shelves.

If you're pondering an order and want to make sure it arrives by Christmas, order today to avoid disappointment. Between the time needed to print the shirts and the time needed to ship them, December 11 is the final day to place most orders for Christmas delivery. Here are the shipping options that will still get your merch to you by December 25:

USPS Priority Mail: Dec 11
FedEx 2 Day: Dec 11
FedEx International Priority: Dec 11
FedEx Standard Overnight: Dec 12

Enlarge (credit: Getty Images | Peter Dazeley)

The Federal Communications Commission has again refused to help New York's attorney general investigate impersonation and other fraud in public comments on the FCC's net neutrality repeal.

For the past six months, New York State Attorney General Eric Schneiderman has been "investigating who perpetrated a massive scheme to corrupt the FCC's notice and comment process" by filing fraudulent comments under real people's names. But FCC Chairman Ajit Pai's office has "refused multiple requests for crucial evidence in its sole possession," Schneiderman wrote in an open letter to Pai last month.

FCC General Counsel Thomas Johnson responded to Schneiderman on Pai's behalf Thursday and once again refused to provide the requested evidence.

Enlarge / Rising demand has caused Bitcoin's transaction fees to skyrocket. (credit: Timothy B. Lee, using data from Blockchain.info)

The cost to complete a Bitcoin transaction has skyrocketed in recent days. A week ago, it cost around $6, on average, to get a transaction accepted by the Bitcoin network. The average fee soared to $26 on Friday, and was still almost $20 on Sunday.

The reason is simple: until recently, the Bitcoin network had a hard-coded 1 megabyte limit on the size of blocks on the blockchain, Bitcoin's shared transaction ledger. With a typical transaction size of around 500 bytes, the average block had fewer than 2,000 transactions. And with a block being generated once every 10 minutes, that works out to around 3.3 transactions per second.

A September upgrade called segregated witness allowed the cryptographic signatures associated with each transaction to be stored separately from the rest of the transaction. Under this scheme, the signatures no longer counted against the 1 megabyte blocksize limit, which should have roughly doubled the network's capacity. But only a small minority of transactions have taken advantage of this option so far, so the network's average throughput has stayed below 2,500 transactions per block—around 4 transactions per second.

The biggest Google Home is finally on its way to stores. The $399 Google Home Max was announced at Google's October 4th hardware event alongside the Google Home Mini, Pixel 2, and tons of other hardware. The Max doubles down on the Home's music capabilities, offering a more powerful sound system in a form factor about the size of a bookshelf speaker.

With pretty much zero fanfare, the Google Home Max has started popping up at stores. Online listings are live at Best Buy and Verizon, with both showing a ship day of "today." The Google Store doesn't seem quite ready yet, and still shows a "join waitlist" button instead of a an actual "buy" link. Don't bother checking Amazon, which refuses to sell Google products like the Google Home and Chromecast, in part because they don't support Amazon Prime Video.