Boing Boing publishes big scary article on how your HP Printer is going to own your home, and that article includes this:<p>"Cui gave HP a month to issue patches for the vulnerabilities he discovered, and HP now has new firmware available that fixes this (his initial disclosure was misreported in the press as making printers vulnerable to being overheated and turning into "flaming death bombs" -- he showed a lightly singed sheet of paper that represented the closest he could come to this claim). He urges anyone with an HP printer to apply the latest patch, because malware could be crafted to take over your printer and then falsely report that it has accepted the patch while discarding it."<p>Of course, Boing Boing fails to follow up with information regarding which printers are at risk, if updates might be naturally included in a windows update set, if updates might be included with update software from the printer, otherwise where else to get updates, and what to do if there is no update for your computer.<p>He mentions the latest patch but fails to mention how to obtain it.<p>Boing Boing fails to discuss any mitigation strategies, for instance, this probably cannot effect you in any way if you are printing out a) your own documents, b) web pages, or c)?<p>So except for a few dedicated people, no one reading Boing Boing's article is going to do a damn thing about what seems for many to be a very remote risk.<p>This doesn't seem to me to be a terribly helpful article, just another article warning of how dangerous the world is.
<a href="http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html" rel="nofollow">http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.h...</a><p>Appears to have the materials from the talk. Most interesting bit from the researcher's write up:<p>"We have also unpacked several engine-control processor firmwares (different from the main SoC) and are currently attempting to locate code related to tracking dots. Perhaps we will have some results by December. In any case, HPacker will help the community to do further research in this direction, possibly allowing us to spoof / disable these yellow dots of burden."<p>In case people are not aware of the background, most printers print special patterns of "invisible" dots on every sheet printed. This allow the printed pages to be tied directly to the printer which printed the dots. Thus, if you are printing something like a political flyer which is inconvenient to your government, the government may be able to tie the flyer to you using these dots.
Here's a link to the talk about PostScript hacking, which some people might also find interesting:
<a href="http://www.youtube.com/watch?v=PqL5P46m_zQ" rel="nofollow">http://www.youtube.com/watch?v=PqL5P46m_zQ</a>
Yup, computers that run unaudited software (that was probably rushed to market) are dangerous to your LAN. Nothing to see here.<p>Are there any printers that run a Free Software (or at least open-source) firmware? Are there any peripherals that do?