Sometimes, the only way to attract attention to dire warnings about weaknesses in a particular system is to exploit them in a way that can’t be ignored. That’s what drove Michael Jordon of Context Information Security to make Doom run on a Canon Pixma printer; not because it’s cool (although it clearly is) but to demonstrate the inherent insecurities in Canon’s wireless printers.
The colors in the brief gameplay video posted by YouTube user SteveHOCP are wonky (and the music has obviously been added after the fact), but there’s no question about it: This is Doom, id Software’s greatest creation, running on a printer. It’s a remarkable demonstration of how far technology has come over the past two decades, but the actual point was to demonstrate something else entirely: The web interface on Pixma wireless printers doesn’t require user authentication in order to connect, which doesn’t seem all that particularly terrible until you start looking at the firmware update process.
“While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware,” Jordon wrote. “So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell – nothing, there is no signing (the correct way to do it) but it does have very weak encryption.”
Things get awfully technical at that point but the condensed version is that a determined individual could create a custom firmware and update a printer to make it do pretty much anything within the capabilities of the hardware. “For demonstration purposes I decided to get Doom running on the printer,” he wrote. “It was not straightforward due to it needing all the operating system dependences to be implemented in Arm without access to a debugger, or even multiplication or division.” But it was doable.
“If you can run Doom on a printer, you can do a lot more nasty things,” Jordon told the Guardian. “In a corporate environment, it would be a good place to be. Who suspects printers?”
Canon said in a statement that it intends to issue a fix “as quickly as is feasible.”
Original article from http://www.pcgamer.com/2014/09/15/doom-made-to-run-on-canon-printer-to-demonstrate-wireless-security-flaw/
Credit card-based scams are nothing new — but ransomware makes these campaigns far more dangerous.
If you have a Visa credit card, be careful not to fall for a new ransomware phishing campaign which offers you benefits and rewards, researchers say.
A new and unusual phishing campaign has caught the eye of Symantec. Tthe scheme relates to credit cards — but attempts to lure consumers to download ransomware instead of handing over their financial details.
While fraudulent credit-card based spam is nothing new, the introduction of ransomware into the mix is a new avenue cyberattackers are using to try and force people out of their hard-earned cash to keep their system files and content. Continue reading →
When making changes to any project, document, or even a web site, it is vital to check your changes before taking them live.
It may seem tempting to simply press the big “GO” button and hope for the best, but all too often a small change in a template or theme can have big consequences elsewhere!
As with everything, always make a backup copy of what you are working on in case you quickly need to roll-back to the last known working version with minimal downtime in the case of a catastrophic error.
If you thought that computers, software and networks in environments where it is literally life or death that they work are kept secure, up to date and modern, you thought wrong: hospitals and health authorities seem to be some of the worst at maintaining IT set ups, and that should scare all of us.
Last week, the computers in the pathology department at the Royal Melbourne Hospital suffered a virus infection.
That can happen to any organisation of course. The RMH virus infection is different though, if you look at the details of what happened. Continue reading →
Will Univision’s 40% stake in The Onion change the direction of this popular site?
The Onion, a satirical publication based in Chicago, routinely sees its articles cited as truth by news sites around the world, but it has always stood apart from the traditional media market. Now it is becoming part of the industry it so often satirizes: According to a statement released Tuesday, broadcaster Univision has acquired control over the publication. Continue reading →