Technology

209 readers

31 users here now

Share interesting Technology news and links.

Rules:

No paywalled sites at all.
News articles has to be recent, not older than 2 weeks (14 days).
No videos.
Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

Al Jazeera.
NBC.
CNBC.
NY Magazine.
Substack.
Tom's Hardware.
ZDNet.
TechSpot.
Ars Technica.
Vox Media outlets, with exception for Axios(Due to being ad free.)
Engadget.
TechCrunch.
Gizmodo.
Futurism.
PCWorld.
ComputerWorld.
Mashable.

More sites will be added to the blacklist as needed.

Encouraged:

Archive links in the body of the post.
Linking to the direct source, instead of linking to an article talking about the source.

founded 1 month ago

MODERATORS

Pro@programming.dev

Some Brother printers have a remote code execution vulnerability, and they can’t fix it (www.rapid7.com)

submitted 3 days ago by Pro@programming.dev to c/Technology@programming.dev

7 comments fedilink hide all child comments

Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.

top 7 comments

sorted by: hot top controversial new old

[–] i_am_not_a_robot@feddit.uk 15 points 3 days ago (1 children)

The most serious of the findings is the authentication bypass CVE-2024-51978. A remote unauthenticated attacker can leak the target device's serial number through one of several means, and in turn generate the target device's default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.

So the fix for this "can't be fixed" issue is to change the default password yourself, which you should be doing anyway.

[–] cecilkorik@lemmy.ca 3 points 3 days ago

They should have a separate severity rating for "is this actually likely to impact admins who aren't complete idiots".

[–] RickyRigatoni@retrolemmy.com 6 points 3 days ago (1 children)

They can't fix this but they can stop us from using third-party toner. I see their priorities 🙄

[–] BradleyUffner@lemmy.world 1 points 2 days ago

The toner thing was based entirely in a single 3 year old unverified Reddit post. There is zero evidence that Brother has ever blocked 3rd party toner, and plenty of evidence that 3rd party toner works just fine, even with the most recent firmware. These rumors need to stop.

[–] drspod@lemmy.ml 6 points 3 days ago

They're really lacking in imagination then. They could issue a firmware update that checks if the password has been changed from the default, and if not, prints a page informing the user that they must update the default password.

[–] BradleyUffner@lemmy.world 2 points 2 days ago

Don't leave your admin password at the default. It's at simple as that. Setting a non-default admin password completely mitigates this attack.

[–] BigMikeInAustin@lemmy.world 3 points 3 days ago

Et tu, Brother?