Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The moral of the tale here is that if you're going to be making allegations of this kind you really need to be quite confident about your research, and be able to back it up with detailed information such as the contents of the relevant directory and comparisons of the files therein. Not engaging in a certain amount of diligence leaves the journalist open to both reputational risk and the possibility of libel litigation.


>"Not engaging in a certain amount of diligence leaves the journalist open to both reputational risk and the possibility of libel litigation."

// Samsung gave an authoritative answer via their senior support personnel corroborating the [false] positive report of an installed key-logger from a previously trustworthy system analysis tool. I'd say that was diligent.

I don't think Samsung can win a libel case against someone who published what they themselves confirmed to be the truth (despite this revelation that they in fact lied).

This does leave the possibility that the report that it was confirmed by senior support was fabricated; in which case a libel suit would be back on.


I don't run a security consultancy, but I'd have considered checking if another tool says anything. Or just looking in the directory using another OS to see what's actually in the dreaded C:\Windows\SL.


>"Or just looking in the directory using another OS"

// What good will that do, so I see that it's C:\Windows\SL\WinSL.exe how do I tell without decompiling it that it's a keylogger? Certainly one could go further to test it but if the company that installed the drive image confirms it's a keylogger it seems reasonable to me to not check further.

If they denied it then yes it needs further corroboration but practically ...


Something like http://www.virustotal.com/ allows you to run a file through a zillion scanning engines. If almost none flag it as malware, you've either found a new sample or a false positive. You'd hope that they've at least checked such a service.


"so I see that it's C:\Windows\SL\WinSL.exe how do I tell without decompiling it that it's a keylogger?"

You might have to ask an, uh, security consultant.


It was rhetorical, I actually saw someone answer this the other day though for one of the popular MS Windows keylogging techniques (it was probably on here?).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: