your printer is part of a flaming botnet
https://twitter.com/KSchnirring/status/958084414776401920 [twitter.com]
2018-02-02 04:28
All hail the hacker god.
source: grugq
tag: printer
your printer is part of a flaming botnet
https://twitter.com/KSchnirring/status/958084414776401920 [twitter.com]
2018-02-02 04:28
All hail the hacker god.
source: grugq
Additional TLS 1.3 results from Chrome
https://mailarchive.ietf.org/arch/msg/tls/i9blmvG2BEPf1s1OJkenHknRw9c [mailarchive.ietf.org]
2017-12-19 04:57
Your daily everything is terrible and will never be fixed email.
the uptake of firmware for printers is typically poor.
(Lastly, we note that in the paper “On the Practical Exploitability of Dual EC in TLS Implementations”, the authors remarked that they had no evidence that a version of BSAFE with extended_random support ever shipped. TLS 1.3 appears to have tripped over it.)
source: green
Zazzle Loses Copyright Jury Verdict, and That’s Bad News for Print-on-Demand Publishers–Greg Young Publishing v. Zazzle
http://blog.ericgoldman.org/archives/2017/11/zazzle-loses-copyright-jury-verdict-and-thats-bad-news-for-print-on-demand-publishers-greg-young-publishing-v-zazzle.htm [blog.ericgoldman.org]
2017-11-28 05:17
Greg Young Publishing licenses images for posters, many of which are beach- or surfing-themed. Zazzle users posted item listings that included the copyrighted images. Greg Young Publishing sued Zazzle. In a prior ruling, the court held that Section 512(c) applied to the photos in the online product listings, but not to the manufacture of goods bearing the image. Without Section 512 protection for the latter, the case proceeded to a jury trial.
The trial did not go well for Zazzle.
A Sheep in Wolf’s Clothing – Finding RCE in HP’s Printer Fleet
https://foxglovesecurity.com/2017/11/20/a-sheep-in-wolfs-clothing-finding-rce-in-hps-printer-fleet/ [foxglovesecurity.com]
2017-11-21 03:40
The video is full of not-so-subtle hints that HP’s printers are secure and buying a non-HP printer is bordering on criminally negligent. For example, the opening sequence, white text on black background states “There are hundreds of millions of business printers in the world. Less than 2% of them are secure”. From here, the “Wolf” executes a series of unlikely attacks that leverage the insecure printers to own the companies network and sensitive data, with the obvious implication being that HP printers would not be vulnerable to these attacks.
So, we went out and bought a couple of printers, the MFP-586 and the M553. As HP’s Wolf says, “time to eat”.
source: grugq
Fooling Neural Networks in the Physical World with 3D Adversarial Objects
http://www.labsix.org/physical-objects-that-fool-neural-nets/ [www.labsix.org]
2017-11-01 15:21
Here is a 3D-printed turtle that is classified at every viewpoint as a “rifle” by Google’s InceptionV3 image classifier, whereas the unperturbed turtle is consistently classified as “turtle”.
source: L
I made a camera that prints a GIF instantly
http://imgur.com/gallery/CG9w4 [imgur.com]
2017-08-31 02:40
I built a camera that snaps a GIF and ejects a little cartridge so you can hold a moving photo in your hand! I’m calling it the “Instagif NextStep”. Don’t ask me why I built it, it sounded like a fun challenge and I always wanted to hold a moving photo.
source: HN
Rooting a Printer: From Security Bulletin to Remote Code Execution
http://www.tenable.com/blog/rooting-a-printer-from-security-bulletin-to-remote-code-execution [www.tenable.com]
2017-06-15 19:02
To summarize, don’t overlook printers in your threat model. A printer is a computer and it should be treated like one. Scan it. Update it. Monitor it. Who knows what might lurk within?
source: solar
CMYK All The Way
http://tedium.co/2017/04/18/color-printing-lithography-history/ [tedium.co]
2017-04-23 03:03
How mass-production printing technology, starting with the lithograph, was pushed forward thanks to a growing interest in color.
You don't need printer security
http://blog.erratasec.com/2017/02/you-dont-need-printer-security.html [blog.erratasec.com]
2017-02-21 17:49
The features HP describes are snake oil. If they worked well, they’d still only address a small part of the spectrum of attacks against printers. And, since there’s no technical details or independent evaluation of the features, they are almost certainly lies.
Printer Security
http://web-in-security.blogspot.de/2017/01/printer-security.html [web-in-security.blogspot.de]
2017-02-01 03:14
TL;DR: In this blog post we give an overview of attack scenarios based on network printers, and show the possibilities of an attacker who has access to a vulnerable printer. We present our evaluation of 20 different printer models and show that each of these is vulnerable to multiple attacks. We release an open-source tool that supported our analysis: PRinter Exploitation Toolkit (PRET)
code: https://github.com/RUB-NDS/PRET
paper: https://www.nds.rub.de/research/publications/sok-exploiting-network-printers/
wiki: http://hacking-printers.net/wiki/index.php/Main_Page
source: solar
Google API change triggers Epson printer revolt
http://arstechnica.com/information-technology/2016/12/internet-of-google-api-change-triggers-epson-printer-revolt/ [arstechnica.com]
2016-12-08 16:59
Epson issued a workaround for the printers on December 7, which required customers to turn off their Internet routers and reset the affected printers.
No inconvenience at all!
Side channels that reveal factory secrets
https://blog.acolyer.org/2016/11/09/leave-your-phone-at-the-door-side-channels-that-reveal-factory-floor-secrets/ [blog.acolyer.org]
2016-11-10 19:15
You can tell what a 3D printer is making by listening to it.