Which means the report is right -> HP forgot to allow only digitally signed firmwares to load. If I was a big enterprise, I'd ask for a recall of all the affected printers, since I obviously can't trust them anymore...
That would be a fun precedent to set. :> -dave On Fri, Dec 2, 2011 at 2:05 PM, Nick FitzGerald <[email protected]>wrote: > Jeffrey Walton wrote: > > > HP has issued a security bulletin for the issue (it's kind of odd > > considering their position). > > > > I would give you a link but the HP webmaster is appending tokens in > > the URL. Search for 'HPSBPI02728' on > > http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/. > > FWIW, if you take the example from the actual security bulletin page > itself and dissect that page's URL, the following URL gets you to the > security bulletin "tokenlessly" (or not -- from a cursory look it seems > much the same information is stored in cookies but you can block them > and this page appears to load OK): > > > https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03102449 > > > > Regards, > > Nick FitzGerald > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
