Versions of the Conexant audio driver on HP laptops can log every keystroke to disk, writing to a visible file in C:\Users\Public
. Your passwords, everything.
So HP issued a driver update. But that driver update is reported to still have the logging capability, turned off. Logging can be reactivated with a simple registry hack.
My future plans do not include buying devices from Hewlett-Packard, or investing in Conexant stock.
Update: HP's official security bulletin on the issue. Meanwhile, the logger can be reused and exploited.