OH: "this research team managed to get arbitrary code exec on an hp all-in-one print/scan/fax machine by sending a fax to it through a jpeg with an oversized DCT(?) table"
-
-
there's something really elegant about "printing" updates as long as you don't think about it
-
no there isn't, in-band signaling must die
End of conversation
New conversation -
-
-
I’d criticize this, but I once came up with a scheme to update TV firmware via special video frames, so.
-
I mean, it required a challenge/response plus an RSA/ECC signature from upstream, so it’s not like you could just play a special video file. I do my homework. In any case, it was because updating over I2C would have been nightmarishly slow.
End of conversation
New conversation -
-
-
Can confirm. I have 'printed' firmware updates before.
-
cursed device
-
Yes. Yes it very much was.
End of conversation
New conversation -
-
-
exactly what the words say. I understand that it might be hard to parse but it is true
-
I mean it kiiiiinnnnda makes sense considering it's an exposed protocol already and saves complexity, but also wtf.
End of conversation
New conversation -
-
Mmmm, reminds me of https://media.ccc.de/v/28c3-4780-en-print_me_if_you_dare … , pretty great talk on almost exactly that from 2011.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Honestly, given that printers have code to check they’re not printing money, it’s only a shock it took this long.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.