Technology

512 readers

346 users here now

Share interesting Technology news and links.

Rules:

No paywalled sites at all.
News articles has to be recent, not older than 2 weeks (14 days).
No external video links, only native(.mp4,...etc) links under 5 mins.
Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

Al Jazeera;
NBC;
CNBC;
Substack;
Tom's Hardware;
ZDNet;
TechSpot;
Ars Technica;
Vox Media outlets, with exception for Axios;
Engadget;
TechCrunch;
Gizmodo;
Futurism;
PCWorld;
ComputerWorld;
Mashable;
Hackaday;
WCCFTECH;
Neowin.

More sites will be added to the blacklist as needed.

Encouraged:

Archive links in the body of the post.
Linking to the direct source, instead of linking to an article talking about the source.

Misc:

Relevant Communities:

Beehaw Technology- Technology Related Discussions.
lemmy.zip Technology- Hard Tech news.

founded 3 months ago

MODERATORS

Pro@programming.dev

Some Brother printers have a remote code execution vulnerability, and they can’t fix it (www.rapid7.com)

submitted 2 months ago by Pro@programming.dev to c/Technology@programming.dev

7 comments fedilink hide all child comments

Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.

you are viewing a single comment's thread
view the rest of the comments

[–] i_am_not_a_robot@feddit.uk 15 points 2 months ago (1 children)

The most serious of the findings is the authentication bypass CVE-2024-51978. A remote unauthenticated attacker can leak the target device's serial number through one of several means, and in turn generate the target device's default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.

So the fix for this "can't be fixed" issue is to change the default password yourself, which you should be doing anyway.

[–] cecilkorik@lemmy.ca 3 points 2 months ago

They should have a separate severity rating for "is this actually likely to impact admins who aren't complete idiots".