Category Archives: security hole

HP issues LaserJet firmware update, hopefully ends exploding printer saga

Posted on by
Reply
Some of you might remember the story that HP LaserJet printers might be open to hack attacks that could result in some not-so-spontaneous combustion? Now the company has issued a statement saying that no-one reported their printer exploding, but to be on the safe side, it's produced a firmware update (available at the source link) that'll close the hole and ensure your Holiday doesn't end with a visit from the fire department.

Continue reading HP issues LaserJet firmware update, hopefully ends exploding printer saga

HP issues LaserJet firmware update, hopefully ends exploding printer saga originally appeared on Engadget on Fri, 23 Dec 2011 15:08:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceHP Technical Support  | Email this | Comments

Windows Phone 7.5 SMS bug breaks messaging hub, hard reset is the only remedy

Posted on by
Reply
An SMS message on your Windows 7.5 handset could knock messaging out cold, a one shot kill you can't prepare for. Apparently, WP devices that receive a text containing a certain string of characters will reboot and return with a non-functional messaging client which can only be restored via a hard reset. The flaw is not device-specific and has been found to affect other parts of the OS, locking up your handset if you've pinned a friend as a live tile and that buddy posts the magic bug words on Facebook or Windows Live Messenger. Fixing the problem requires quick tapping fingers, as you've got to remove the pinned tile after rebooting before it flips and freezes the phone again. Before you go abandoning WP7's ship, just know that SMS issues are a known phenomenon and have affected all the major mobile players, iOS and Android included. Until Microsoft releases a fix, cross your fingers and hang tight, but in the meantime, all you mobile masochists can see the bug in action after the break.

Continue reading Windows Phone 7.5 SMS bug breaks messaging hub, hard reset is the only remedy

Windows Phone 7.5 SMS bug breaks messaging hub, hard reset is the only remedy originally appeared on Engadget on Thu, 15 Dec 2011 23:24:00 EDT. Please see our terms for use of feeds.

Permalink 9to5Mac  |  sourceWinRumors  | Email this | Comments

Researchers expose printer vulnerability, turn LaserJets into literal time bombs (update)

Posted on by
Reply
Printers Vulnerable
Your precious printer might seem innocuous but, in reality, it could be a ticking time bomb just waiting for some hacker to trigger it. Oh, and we mean that not just figuratively, but literally as well -- they could actually be caused to burst into flames by some ne'er-do-well half-way around the globe. Of course, the potential doesn't end at remote arson, an attacker could easily gain access to a network or steal documents, and hijacking the lowly device would require little more than printing an infected file. So far researchers at Columbia University have only managed to exploit the hole on HP printers, but it's possible (if not likely) that others are also affected. Most printers look for a firmware update every time they receive a job but, for some reason, they rarely check the validity of an incoming file. A fake upgrade could easily be attached to a file sent over the internet, directly to a device -- no need to even trick anyone. HP says it's taking the issue very seriously and looking into the vulnerability, though, it says newer devices aren't affected (a claim the researchers challenge). For a lot more detail on the what and how check out the source link.

Update: HP (unsurprisingly) issued a rebuttal. It's working up a firmware update right now for certain flaws, but it'll have you know that "no customer has reported unauthorized access."

Researchers expose printer vulnerability, turn LaserJets into literal time bombs (update) originally appeared on Engadget on Tue, 29 Nov 2011 08:19:00 EDT. Please see our terms for use of feeds.

Permalink @mikko  |  sourceMSNBC  | Email this | Comments

Charlie Miller’s latest iOS hack gets into the App Store, gets him tossed out (video)

Posted on by
Reply
This isn't the first brush Apple's iOS platform has had with apps that exploit security holes to run unsigned code, but according to the developer of InstaStock, this may be the first to get a security researcher booted from its developer program. Charlie Miller shared his discovery with Forbes earlier today, showing off an app which successfully made it through Apple's approval process despite packing the ability to download and run unsigned code. That could allow a malicious app to access user data or activate hardware features remotely. Apple pulled the app after the findings were published, and according to Miller, revoked his developer access shortly afterward for what seems to be a clear violation of the guidelines. He told CNET that he alerted Apple to the exploit three weeks ago, however it's unknown whether or not a fix for the problem is included in the new 5.0.1 version of iOS that's currently in testing. He'll be explaining his method in more detail next week at SysCan, but until the hole is confirmed closed we'd probably keep a tight leash on our app store browsing.

[Thanks to everyone who sent this in]

Continue reading Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video)

Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video) originally appeared on Engadget on Mon, 07 Nov 2011 22:57:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceCNET, Forbes, @0xcharlie (Twitter)  | Email this | Comments

Sprint issues OTA fix for HTC Android handset vulnerability

Posted on by
Reply
Earlier this month, we found out that after a software update HTC's Android handsets had a serious security flaw -- any app could gain access to user data, including recent GPS locations, SMS data, phone numbers, and system logs. To its credit, HTC responded quickly to the security issue, and now an OTA update with the fix is going out to those on the Now Network. Sprint users with an EVO 4G, 3D, Shift 4G, Design 4G or View 4G can get the download, as can Wildfire S owners. The patch available now for a manual download, and more info on the fix can be found at the source below.

[Thanks, Korey]

Sprint issues OTA fix for HTC Android handset vulnerability originally appeared on Engadget on Tue, 25 Oct 2011 18:03:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceSprint  | Email this | Comments