Zz Yzx wrote:
> I got an e-mail from "Hewlett Packard" telling me there's a security
> breach in my printer's firmware and inviting me to dowload an update.
> I doesnt look quite right.
>
> Anybody else?
Did you think to go out to their web site and see if such a warning exists
there? Why would you post this kind of thing here?
--
-Mike-
[email protected]
Zz Yzx <[email protected]> wrote in
news:[email protected]:
> I got an e-mail from "Hewlett Packard" telling me there's a security
> breach in my printer's firmware and inviting me to dowload an update.
> I doesnt look quite right.
>
> Anybody else?
> "Zz Yzx" rhymes with "physics"; or " Isaacs" if you prefer.
> http://www.abandonedbutnotforgotten.com/zzyzx_road.htm
>
Why would HP have your e-mail address? Did they promise to send you
product updates? (These are retorical questions, no need to answer
here.)
If it's suspicious, don't trust it. If you think your printer might be
affected by the security "breach" (the usual word is vulnerability or
issue), go directly to the manufacturer's site and look for the
appropriate information/files.
You know... I'm not even sure if they call themselves "Hewlett-Packard"
any longer... It might just be HP.
Puckdropper
--
Make it to fit, don't make it fit.
On 04 Apr 2012 01:16:50 GMT, Puckdropper
<puckdropper(at)yahoo(dot)com> wrote:
>
>Why would HP have your e-mail address? Did they promise to send you
>product updates? (These are retorical questions, no need to answer
>here.)
>
Since I registered a product on line, they have my email address. It
is a legitimate update.
I have a network printer accessible over the wi-fi so I did take
advantage of the update. Connected to a PC, I'm not sure how it would
be a security risk.
Zz Yzx <[email protected]> writes:
> I got an e-mail from "Hewlett Packard" telling me there's a security
> breach in my printer's firmware and inviting me to dowload an update.
> I doesnt look quite right.
>
There are recent security issues with HP printers. Some of them auto-update
firmware, and this can be spoofed. And since they are a computer, and
some have a web server built in, they can be used as a launching point
to attack other computers on a LAN.
There's also was a talk where there were claims a printer could start a
fire by overpowering the fuser element in a laser printer. In reality
the researchers were able to singe a page, but no real flames.
Zz Yzx <[email protected]> writes:
> I got an e-mail from "Hewlett Packard" telling me there's a security
> breach in my printer's firmware and inviting me to dowload an update.
> I doesnt look quite right.
Never trust a link in email. Go to the HP site and only download from
there.
Zz Yzx <[email protected]> wrote in news:[email protected]:
> I got an e-mail from "Hewlett Packard" telling me there's a security
> breach in my printer's firmware and inviting me to dowload an update.
> I doesnt look quite right.
Probability that's legitimate is approximately 0.000000000001%
On Tue, 03 Apr 2012 17:42:12 -0700, Zz Yzx <[email protected]>
wrote:
>I got an e-mail from "Hewlett Packard" telling me there's a security
>breach in my printer's firmware and inviting me to dowload an update.
>I doesnt look quite right.
>
>Anybody else?
>"Zz Yzx" rhymes with "physics"; or " Isaacs" if you prefer.
>http://www.abandonedbutnotforgotten.com/zzyzx_road.htm
Yes and it is legitimate
http://www.hp.com/hpinfo/newsroom/press/2011/111223xa.html
Took about two minutes to do the update.
On 4/3/2012 7:42 PM, Zz Yzx wrote:
> I got an e-mail from "Hewlett Packard" telling me there's a security
> breach in my printer's firmware and inviting me to dowload an update.
> I doesnt look quite right.
>
> Anybody else?
No, but I would never click on such a thing. Hover (but don't click!) your
mouse over the link and (assuming you have a relatively smart email client) you
should see the URL of the actual address being displayed. Chances are it's not
going to point to "http://www.hp.com/" or any other valid HP domain name.
Delete the email, then manually go to the support section of www.hp.com and
search for your printer to see if they have a firmware update. That would be
the only place I'd ever download such an animal.
--
Free bad advice available here.
To reply, eat the taco.
http://www.flickr.com/photos/bbqboyee/
On 4/3/2012 10:36 PM, Ed Pawlowski wrote:
> On Tue, 03 Apr 2012 17:42:12 -0700, Zz Yzx<[email protected]>
> wrote:
>
>> I got an e-mail from "Hewlett Packard" telling me there's a security
>> breach in my printer's firmware and inviting me to dowload an update.
>> I doesnt look quite right.
>>
>> Anybody else?
>> "Zz Yzx" rhymes with "physics"; or " Isaacs" if you prefer.
>> http://www.abandonedbutnotforgotten.com/zzyzx_road.htm
>
>
> Yes and it is legitimate
> http://www.hp.com/hpinfo/newsroom/press/2011/111223xa.html
> Took about two minutes to do the update.
This must have been sent to anyone who ever contacted HP about a problem
as I got it also.
Problem is my HP-932 printer is so old the firmware is not upgradeable.
Just to be sure I did check with HP and found nothing for my printer so
assumed it was span.
Zz Yzx wrote:
> I got an e-mail from "Hewlett Packard" telling me there's a security
> breach in my printer's firmware and inviting me to dowload an update.
> I doesnt look quite right.
>
> Anybody else?
> "Zz Yzx" rhymes with "physics"; or " Isaacs" if you prefer.
> http://www.abandonedbutnotforgotten.com/zzyzx_road.htm
It's valid. It's being sent to anyone who registered an HP printer or
called their support.
The security exploit was written up several months ago in IT bulletins.
--
Reply in group, but if emailing add one more
zero, and remove the last word.
In article <[email protected]>,
Richard <[email protected]> wrote:
>
>I got it too.
>
>Googled the address and it does look valid.
>
>But I'm not going to do it.
I would never trust such an email.
But what I *would* do, is to type "hp.com" into my browser, and navigate
to the customer support page for my printer, and then see if there's a
firmware update I should be installing.
--
-Ed Falk, [email protected]
http://thespamdiaries.blogspot.com/
On 4/3/2012 8:11 PM, Steve Turner wrote:
> On 4/3/2012 7:42 PM, Zz Yzx wrote:
>> I got an e-mail from "Hewlett Packard" telling me there's a security
>> breach in my printer's firmware and inviting me to dowload an update.
>> I doesnt look quite right.
>>
>> Anybody else?
>
> No, but I would never click on such a thing. Hover (but don't click!)
> your mouse over the link and (assuming you have a relatively smart email
> client) you should see the URL of the actual address being displayed.
> Chances are it's not going to point to "http://www.hp.com/" or any other
> valid HP domain name. Delete the email, then manually go to the support
> section of www.hp.com and search for your printer to see if they have a
> firmware update. That would be the only place I'd ever download such an
> animal.
>
I got it too.
Googled the address and it does look valid.
But I'm not going to do it.