- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
His claims are quickly debunked in the article, as the true reason is, obviously, protecting their IP and subscription model
His claims are quickly debunked in the article, as the true reason is, obviously, protecting their IP and subscription model
I personally love how they gave ink cartridges the ability to execute arbitrary code. Not like there are ways for them to have a signed hash or something that could do the same amount of validation, but actual code. That’s HP’s fuckup, not ours.
It wasn’t quite that; there was a buffer overflow in the code that was talking to the ink cartridge. So a malicious ink cartridge could in fact take over your printer. Of course, a web page you visit could in fact take over your browser and that’s a much more realistic threat vector, and somehow we’ve survived all this time without limiting ourselves to HP-sponsored and security-assured web pages with a healthy cut of profit going to HP from every visit.
So the flaw is in the printer or driver, and HP has just admitted to shipping an insecure, nay negligently dangerous, product to consumers?
They all have flaws, that’s ostensibly why they also provide firmware updates. I think it’s likely their software team even fixed the original flaw while their make more money team extended it into locking down products even more.