OT: Firmware Update from HP

I got an e-mail from "Hewlett Packard" telling me there's a security breach in my printer's firmware and inviting me to dowload an update. I doesnt look quite right.
Anybody else? "Zz Yzx" rhymes with "physics"; or " Isaacs" if you prefer. http://www.abandonedbutnotforgotten.com/zzyzx_road.htm
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/3/2012 7:42 PM, Zz Yzx wrote:

No, but I would never click on such a thing. Hover (but don't click!) your mouse over the link and (assuming you have a relatively smart email client) you should see the URL of the actual address being displayed. Chances are it's not going to point to "http://www.hp.com /" or any other valid HP domain name. Delete the email, then manually go to the support section of www.hp.com and search for your printer to see if they have a firmware update. That would be the only place I'd ever download such an animal.
--
Free bad advice available here.
To reply, eat the taco.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/3/2012 8:11 PM, Steve Turner wrote:

I got it too.
Googled the address and it does look valid.
But I'm not going to do it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Why would HP have your e-mail address? Did they promise to send you product updates? (These are retorical questions, no need to answer here.)
If it's suspicious, don't trust it. If you think your printer might be affected by the security "breach" (the usual word is vulnerability or issue), go directly to the manufacturer's site and look for the appropriate information/files.
You know... I'm not even sure if they call themselves "Hewlett-Packard" any longer... It might just be HP.
Puckdropper
--
Make it to fit, don't make it fit.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 04 Apr 2012 01:16:50 GMT, Puckdropper <puckdropper(at)yahoo(dot)com> wrote:

Since I registered a product on line, they have my email address. It is a legitimate update.
I have a network printer accessible over the wi-fi so I did take advantage of the update. Connected to a PC, I'm not sure how it would be a security risk.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Probability that's legitimate is approximately 0.000000000001%
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Zz Yzx wrote:

Really!
ZONK
Lew
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Yes and it is legitimate http://www.hp.com/hpinfo/newsroom/press/2011/111223xa.html Took about two minutes to do the update.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Zz Yzx wrote:

It's valid. It's being sent to anyone who registered an HP printer or called their support.
The security exploit was written up several months ago in IT bulletins.
--

Reply in group, but if emailing add one more
zero, and remove the last word.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Never trust a link in email. Go to the HP site and only download from there.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

There are recent security issues with HP printers. Some of them auto-update firmware, and this can be spoofed. And since they are a computer, and some have a web server built in, they can be used as a launching point to attack other computers on a LAN.
There's also was a talk where there were claims a printer could start a fire by overpowering the fuser element in a laser printer. In reality the researchers were able to singe a page, but no real flames.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.