All hail the hacker god.

source: grugq

Your daily everything is terrible and will never be fixed email.

the uptake of firmware for printers is typically poor.

(Lastly, we note that in the paper “On the Practical Exploitability of Dual EC in TLS Implementations”, the authors remarked that they had no evidence that a version of BSAFE with extended_random support ever shipped. TLS 1.3 appears to have tripped over it.)

source: green

Greg Young Publishing licenses images for posters, many of which are beach- or surfing-themed. Zazzle users posted item listings that included the copyrighted images. Greg Young Publishing sued Zazzle. In a prior ruling, the court held that Section 512(c) applied to the photos in the online product listings, but not to the manufacture of goods bearing the image. Without Section 512 protection for the latter, the case proceeded to a jury trial.

The trial did not go well for Zazzle.

The video is full of not-so-subtle hints that HP’s printers are secure and buying a non-HP printer is bordering on criminally negligent. For example, the opening sequence, white text on black background states “There are hundreds of millions of business printers in the world. Less than 2% of them are secure”. From here, the “Wolf” executes a series of unlikely attacks that leverage the insecure printers to own the companies network and sensitive data, with the obvious implication being that HP printers would not be vulnerable to these attacks.

So, we went out and bought a couple of printers, the MFP-586 and the M553. As HP’s Wolf says, “time to eat”.

source: grugq

Here is a 3D-printed turtle that is classified at every viewpoint as a “rifle” by Google’s InceptionV3 image classifier, whereas the unperturbed turtle is consistently classified as “turtle”.

source: L

I built a camera that snaps a GIF and ejects a little cartridge so you can hold a moving photo in your hand! I’m calling it the “Instagif NextStep”. Don’t ask me why I built it, it sounded like a fun challenge and I always wanted to hold a moving photo.

source: HN

To summarize, don’t overlook printers in your threat model. A printer is a computer and it should be treated like one. Scan it. Update it. Monitor it. Who knows what might lurk within?

source: solar

How mass-production printing technology, starting with the lithograph, was pushed forward thanks to a growing interest in color.

The features HP describes are snake oil. If they worked well, they’d still only address a small part of the spectrum of attacks against printers. And, since there’s no technical details or independent evaluation of the features, they are almost certainly lies.

TL;DR: In this blog post we give an overview of attack scenarios based on network printers, and show the possibilities of an attacker who has access to a vulnerable printer. We present our evaluation of 20 different printer models and show that each of these is vulnerable to multiple attacks. We release an open-source tool that supported our analysis: PRinter Exploitation Toolkit (PRET)

code: https://github.com/RUB-NDS/PRET

paper: https://www.nds.rub.de/research/publications/sok-exploiting-network-printers/

wiki: http://hacking-printers.net/wiki/index.php/Main_Page

source: solar

Epson issued a workaround for the printers on December 7, which required customers to turn off their Internet routers and reset the affected printers.

No inconvenience at all!

You can tell what a 3D printer is making by listening to it.

Paper: http://dl.acm.org/citation.cfm?id=2978323