Researchers Discover 16-Year-Old Driver Vulnerability Affecting Millions of Printers Worldwide

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
12,595
Points
113
hp-color-laser-150a-printer-1024x576.jpg
Image: HP



Security researchers have discovered an HP printer driver vulnerability affecting millions of HP, Samsung, and Xerox devices. Tracked as CVE-2021-3438 and marked with CVSS Score 8.8, the high-severity driver flaw could allow attackers to bypass security measures, install programs, delete data, and even create new accounts with elevated user rights. Luckily, HP has already released a security update that can be obtained here (hit “affected products” for a full list of affected printer models). Xerox has also uploaded a document that includes links to security patches designed to address CVE-2021-3438...
Click to expand...

Continue reading...


 
I'm still not sure why we print so much in 2021. Printing seems largely unnecessary and wasteful to me. Most things can be done electronically now.

1627258737587.png
 
Dan_D said:
I'm still not sure why we print so much in 2021. Printing seems largely unnecessary and wasteful to me. Most things can be done electronically now.
Click to expand...

Mostly shipping labels or work related stuff for me.
 
Dan_D said:
I'm still not sure why we print so much in 2021. Printing seems largely unnecessary and wasteful to me. Most things can be done electronically now.
Click to expand...

I have two printers in the house, both networked laser printers. (HP LaserJet 2055dn, HP Color LaserJet MFP m277c6)

Most of my use has been for work, for populating paper forms, and signing them.

The technology does exist to do a lot of that electronically, but when you do - at least in regulated industries - you have to undergo very significant validation and testing activities to prove to your regulators that everything works the way it is supposed to, approvals are actually approvals, nothing can progress without the right people approving it, no one can sign for anyone else, etc. etc. etc.

It's a massive undertaking to get one of these systems up, and you can't just buy something pre-validated, as you have to validate and test in your own environment. And when that environment changes, you need to do it again (or at least assess, and justify (in writing) that there was no impact, if you can.)

Larger organizations usually have all the electronic signatures and everything tested and set up, but smaller ones often struggle to get there bit by bit validating systems as they are needed, and in the short term printing, signing (and in some cases scanning) everything.
 
Zarathustra said:
I have two printers in the house, both networked laser printers. (HP LaserJet 2055dn, HP Color LaserJet MFP m277c6)

Most of my use has been for work, for populating paper forms, and signing them.

The technology does exist to do a lot of that electronically, but when you do - at least in regulated industries - you have to undergo very significant validation and testing activities to prove to your regulators that everything works the way it is supposed to, approvals are actually approvals, nothing can progress without the right people approving it, no one can sign for anyone else, etc. etc. etc.

It's a massive undertaking to get one of these systems up, and you can't just buy something pre-validated, as you have to validate and test in your own environment. And when that environment changes, you need to do it again (or at least assess, and justify (in writing) that there was no impact, if you can.)

Larger organizations usually have all the electronic signatures and everything tested and set up, but smaller ones often struggle to get there bit by bit validating systems as they are needed, and in the short term printing, signing (and in some cases scanning) everything.
Click to expand...

I'm aware. However, from a purely technological perspective we don't need paper for hardly anything anymore, yet it's use still persists.

1627339052231.png
 
Dan_D said:
I'm aware. However, from a purely technological perspective we don't need paper for hardly anything anymore, yet it's use still persists.
Click to expand...
I am fond of paper vs a bidet. Or three shells.
 
Dan_D said:
I'm aware. However, from a purely technological perspective we don't need paper for hardly anything anymore, yet it's use still persists.
Click to expand...
Good god man! What will people use for straws then?!
 
Dan_D said:
I'm aware. However, from a purely technological perspective we don't need paper for hardly anything anymore, yet it's use still persists.
Click to expand...

Yeah, if I could just stop getting all this mail I would be a much happier person. Why we insist on paying a person to deliver pieces of paper in the internet age is beyond me.

There seems to be some sort of thought process that if it arrives via mail it is evidence that the person has seen it. That's certainly not the case for me. Things that arrive via mail go into a big pile. I'll get around to opening and reading them...

,,,some day.
 
Zarathustra said:
Yeah, if I could just stop getting all this mail I would be a much happier person. Why we insist on paying a person to deliver pieces of paper in the internet age is beyond me.

There seems to be some sort of thought process that if it arrives via mail it is evidence that the person has seen it. That's certainly not the case for me. Things that arrive via mail go into a big pile. I'll get around to opening and reading them...

,,,some day.
Click to expand...
Sadly, that junk mail that we all hate is the only thing keeping the USPS afloat. I struggle with it: almost anything I get via USPS are things I don't want - bills, junk mail, adverts, etc. So part of me just says let it die anyway. Nothing that arrives in the mail box sparks joy any longer.

But thinking about it more - yeah we probably need it, at least until we do something like national email and universal internet access, or more likely, free cellular phones and access (at which point that will just become the new spam drop-off point). USPS mail is the one point of contact you can get, for "free", pretty much anywhere in the United States (You do need a place of residence, which is problematic for the homeless, but that gets into an entire different discussion).

I abhor the fact that Amazon uses USPS for delivery for my Prime stuff here, it always arrives at least one day late. And lately, UPS has been dropping off smaller packages at USPS here rather than taking it last-mile to my house - again, delaying everything by at least a day.

That said, for where I live, I suppose I should be grateful that I get delivery of anything, let alone it being a day or two late.
 
Brian_B said:
Sadly, that junk mail that we all hate is the only thing keeping the USPS afloat. I struggle with it: almost anything I get via USPS are things I don't want - bills, junk mail, adverts, etc. So part of me just says let it die anyway. Nothing that arrives in the mail box sparks joy any longer.

But thinking about it more - yeah we probably need it, at least until we do something like national email and universal internet access, or more likely, free cellular phones and access (at which point that will just become the new spam drop-off point). USPS mail is the one point of contact you can get, for "free", pretty much anywhere in the United States (You do need a place of residence, which is problematic for the homeless, but that gets into an entire different discussion).

I abhor the fact that Amazon uses USPS for delivery for my Prime stuff here, it always arrives at least one day late. And lately, UPS has been dropping off smaller packages at USPS here rather than taking it last-mile to my house - again, delaying everything by at least a day.

That said, for where I live, I suppose I should be grateful that I get delivery of anything, let alone it being a day or two late.
Click to expand...

On somewhat of a tangent, I once started the process of trying to prevent the credit bureaus from sharing my personal information with banks for the purposes of marketing. I got to the point where they wanted me to send them a freaking "Certified letter" with my request at which point I rolled my eyes and never got around to finishing it.

It's obnoxious though. If I get an average of 2 offers of credit 6 days a week, that's 624 pieces of mail a year that I need to waste time on properly shredding and disposing of, because they may contain information that I don't want misused. It's a total pain in the ***.

The part of me that likes to see the humorous side of things has considered just physically removing my mailbox and seeing what happens. Maybe 100% of everything will be returned to sender? At least I can hope. I can't remember the last time I received anything of value in the mail, that wasn't just a colossal waste of my time.

...and if the sole thing keeping USPS afloat these days is unsolicited paper-based mass advertising, maybe they SHOULD cease to exist. That's literally the only way to force the alternatives into existence. No one does anything until they absolutely have to. If an announcement went out that the USPS would be shutting its doors permanently in 6 months time, watch the changes happen!
 
You must log in or register to reply here.
Become a Patron!
Back
Top