[donatj]

Less of a big deal than they’re trying to make it out to be, it’s disabled by default and a leftover debugging tool.

[crankylinuxuser]

Yeah, that's the problem with zombie code. You can have articles like this, especially when companies like Lenovo did spy on people with all sorts of bios->OS infecting spyware and MITM SSL tricks.

If it's a binary and potentially readable, they probably shouldn't include the code switch to enable it. Better it never be in there to begin with.

But yeah, if it's disabled by default and looks like a debugging tool, it probably is.

[mtgx]

Twice in the same year?

http://www.tomshardware.com/news/hp-keylogger-debugging-tool...

How many of these "debugging tools" has HP left enabled, I wonder?

[moreless]

It's not enabled. And someone with access to your computer can just install their own keylogger anyway, so why is this even a security threat?

[jbb67]

Well we didn't know it was there at all not long ago. How sure can we be now that there is no hidden remote way to turn it on?

[openasocket]

That's not a valid form of reasoning. Just because we didn't know about something before isn't an excuse to make random assumptions.