HP is looking into some new attacks on their Laserjet printer line, discovered by researchers at Columbia. It seems that the printers will, by default, accept unauthenticated firmware updates sent along with a print job. Uh-oh.
From a post on the Interesting People mailing list:
Craig S Wright says: “I was contracted to test the systems on a Boeing 747. They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 – VLANs. We managed to break the VLANs and access other systems and with source routing could access the Engine management systems.”
An interesting, DARPA-funded project over at Columbia: FOG allows for false documents to be created which then “beacon” a message back to the originator when they are opened. Clearly, the intent is twofold – to seed places like Wikileaks with false information, and to ferret out people who are trading in stolen documents.