163

His claims are quickly debunked in the article, as the true reason is, obviously, protecting their IP and subscription model

you are viewing a single comment's thread
view the rest of the comments
[-] scrubbles@poptalk.scrubbles.tech 33 points 9 months ago

I personally love how they gave ink cartridges the ability to execute arbitrary code. Not like there are ways for them to have a signed hash or something that could do the same amount of validation, but actual code. That's HP's fuckup, not ours.

[-] mozz@mbin.grits.dev 16 points 9 months ago

It wasn't quite that; there was a buffer overflow in the code that was talking to the ink cartridge. So a malicious ink cartridge could in fact take over your printer. Of course, a web page you visit could in fact take over your browser and that's a much more realistic threat vector, and somehow we've survived all this time without limiting ourselves to HP-sponsored and security-assured web pages with a healthy cut of profit going to HP from every visit.

[-] Overzeetop@beehaw.org 15 points 9 months ago

in the code that was talking to the ink cartridge.

So the flaw is in the printer or driver, and HP has just admitted to shipping an insecure, nay negligently dangerous, product to consumers?

[-] Banzai51@midwest.social 5 points 9 months ago

In the 90s, they shipped recovery CDs with viruses baked in. Knowingly shipping destructive code and hardware is kinda HP's thing.

[-] anytimesoon@lemmy.ml 2 points 9 months ago

I've not heard about this. Does anyone have a link to share? Can't find one myself

[-] Banzai51@midwest.social 1 points 9 months ago

This was 95ish. We were under strict orders not to confirm it. HP worked hard to keep it under wraps. Now layer on the fact the web was still in its infancy, you likely won't find a whole lot about it.

[-] Bitrot@lemmy.sdf.org 4 points 9 months ago

They all have flaws, that's ostensibly why they also provide firmware updates. I think it's likely their software team even fixed the original flaw while their make more money team extended it into locking down products even more.

[-] scrubbles@poptalk.scrubbles.tech 3 points 9 months ago

well that makes a bit more sense, thanks for clearing it up. Still stupid, but not as bad as I had been lead to believe.

this post was submitted on 22 Jan 2024
163 points (100.0% liked)

Technology

37573 readers
206 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS