Columbia University researchers report new security flaws in networked printers that could open up an entirely new array of security threats.

Are your printers a potential security threat?

Although most people tend to think of printers as dumb boxes sitting by your desk, a new study from Columbia University researchers has found that they may besurprisingly vulnerable to sophisticated hacking attacks.

Speaking to MSNBCs Red Tape recently, the researchers said that Internet-connected printers could be used to steal personal data, access supposedly secure networks, or even to cause a fire through deliberate overheating.

The researchers, who studied HPs networked LaserJet printers, told MSNBC that the devices Remote Firmware Update feature is acutely vulnerable to attack. That feature, which checks for software updates whenever a new printing job starts, could allow hackers to install customized firmware that would grant them full control of the printer. The printers studied by the Columbia team lack digital signatures and thus dont check the source of a firmware update–which makes it relatively easy for hackers to spoof the printer with malicious firmware.

The stakes are high. According to the researchers, there is no easy way to detect the breach, and since security software doesnt analyze printers, hackers could have near-complete freedom of action after seizing control of a printer. Making matters worse, removing the malicious firmware is nearly impossible.

As worrisome as that might be, printer security woes have been around for years.

In 2006 at the Black Hat security conference, security expert Brendan OConnor demonstrated how easy it is for hackers to gain access to a printer and cause trouble in the office. OConnor showed how hackers, within minutes, can perform all kinds of tasks, including mapping an organizations network and accessing previously printed documents.

Stop treating them as printers,OConnor warned IT managers during his presentation. Treat them as servers, as workstations.

That said, OConnors findings came at a time when networked printers were mostly found in the enterprise. Now, theyre everywhere. And the Columbia researchers say that due to the sheer number of networked printers in the wild, the flaw it discovered could affect millions of people around the globe.

But before you jump to turn off your printer, the flaw the researchers found is only an issue in older printer models. Since 2009, printers have included digital signature technology, which addresses the flaw. But that doesnt make the researchers feel any safer. As they pointed out to MSNBC, the number of printers suffering from the flaw could be much more than 100 mitrojan removal softwarellion.

Keith Moore, HPs chief technologist for the printer division, told MSNBC in an interview that although his company takes the flaw very seriously, hes suspect that it could be as widespread as the researchers say, adding that his initial studies reveal a low likelihood that hackers would exploit it.

This (vulnerability) is probably not as broad as what I had heard in their first announcement, Moore told MSNBC, citing his assertion that–contrary to what the researchers say–HP printers dont look for new firmware on typical print jobs. It sounds like we disagree on what the exposure might be.

In a follow-up statement to CNET, HP took a more direct stance against the researchers findings. The company told CNET that the researchers report is sensational and inaccurate, and so r, it hasnt received a single complaint from customers who have been exposed to the flaw.

While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access, the company told CNET in a statement. The specific vulnerability exists for some HP LaserJet devices if placed on a public Internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network.

In some Linux orMacenvironments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade, HP continued.

To address the issue, HP says that its currently working on a firmware upgrade to safeguard against the threat. The company didnt say when it would launch.

Updated at 11:16 a.m. PTto include more detailsand at 1:26 p.m. PTto include HPs statement.

Don ReisingerDon Reisinger is a technology columnist who has written about everything from HDTVs to computers to Flowbee Haircut Systems. Don is a member of the CNET Blog Network, posting atThe Digital Home. He is not an employee of CNET.Disclosure.

Thief urinates on transformer, gets burns, jailA copper thief is jailed for a year after he and an accomplice drain conductors at a sub-station of oil and he then urinates against the transformer, causing an explosion.

Technically Incorrect

China Telecom to begin selling iPhone 4S on March 9Deal with the countrys third largest carrier will end China Unicoms run as exclusive seller of the device in China.

Apple

Uber gives customers motorcade for Presidents DayAs a special Presidents Day treat, certain lucky Uber customers in Washington, D.C. receive a presidential-style motorcade, complete with limo and two Chevy Suburbans.

Technically Incorrect

Samsung shows sequels to Galaxy Ace and MiniNew smartphones continue to appear in advance of Mobile World Congress. Samsung is the player this time with the Galaxy Ace 2 and Galaxy Mini 2.

Mobile

Stitcher first with Facebook Timeline news radio integrationDozens of apps tie in seamlessly, but on the audio front, music has led the way. Now, radio news shows and podcasts are available by the thousands, and discovery is the goal.

Geek Gestalt

Clean-tech startup GreatPoint scales up in ChinaIn a $1.25 billion deal, GreatPoint Energys coal-to-natural gas technology will be built in China, the first large-scale plant for that technology in the world.

Cutting Edge

Android features that may elicit envy from iPhone owners (photos)Google made public a new swipe-to-unlock patent, something HTC actually already offers. CNET takes a look at some other features that vendors have contributed to Android–features that may someday end up in a patent battle.

Gallery

ZTE Mimosa X raises a glass to Ice Cream SandwichThe ZTE Mimosa X will burst forth with Ice Cream Sandwich…sometime in the second quarter.

Mobile

Apple touts N.C. solar array in environmental footprint reportCompany says array powering massive data center will be the largest end-user-owned operation in the country.

Apple

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

Don Reisingeris a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Dons work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.

Don writes product reviews for InformationWeek and is a regular contributor to Processor Magazine. You can visit his personal site atDonReisinger.comor if you would like to email Don with questions or comments, drop him a line atCNETDigitalHome@gmail.com. He is a member of the CNET Blog Network and is not an employee of CNET.Disclosure.

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

While software piracy may be enticing for some people, its drawbacks, besides theft, not only include running potentially unstable software, but also provide an avenue for malware to wreak havoc on your system and your personal information.

Many times when software packages are offered for free, they are done so by thieves as a lure to spread Trojans and other malware among the systems of unsuspecting people who are trying to get away without paying for software.

This practice is nothing new, and a couple of years ago a Trojan horse callediServiceswas found embedded in pirated copies of Apples iWork 09 suite, which, as with most Trojan horses, attempted to contact remote servers to send personal information and download malicious files to the infected systems.

In the past week, another similar Trojan (called DevilRobber or Miner-D)has been foundembedded in pirated copies of the image manipulation tool called Graphic Converter, which is a popular program that Apple even bundled withMacsystems for a while. The Graphic Converter program is legitimate software, but the malware developers are releasing compromised versions of it on file-sharing networks that contain their malware.

Bitcoins are managed on a peer-to-peer network instead of by a central authority.

)As with other Trojan horses, this new one also attempts to steal personal information and data; however, its main purpose is to use use infected computers to generate counterfeit copies of the Bitcoin online currency.

Bitcoins are a concept that uses a peer-based economy to generate and balance an online currency. Each bitcoin is similar to a certificate that is given an encrypted signature for an individual and is stored in a virtual wallet for that user. When you transfer a bitcoin to another individual, the signature encryption is passed to the new user and is store in that users wallet, offering in essence a similar value transfer as state-sponsored monetary systems like the Dollar or Euro.

In order to balance the system, the Bitcoin network has programs called miners that take into account the number of transactions being done with Bitcoins, and creates new ones at rates based on how they are being used. In essence the miners are similar to the Federal bank in that they keep track of the number of coins in circulation to prevent artificial inflation or deflation.

The Bitcoin currency is a clever idea that has promise, but as with counterfeiting any currency, there are attempts to counterfeit Bitcoins, especially since services already exist that exchange the coins for goods and can even convert them into dollars, Euros, or other conventional currency.

Since the Bitcoin mining operation requires the tracking of numerous transactions over time, the DevilRobber malware developers attempt to simulate this by distributing the malware to numerous computers and using infected systems CPUs and GPUs to run massive amounts of the parallel-processing tasks that are required for Bitcoin mining.

As a result, systems that are running the rogue Bitcoin miner programs will be bogged down as the CPU and GPU are used extensively.

In addition to generating Bitcoins, the DevilRobber searches an infected system for a users Bitcoin wallet and attempts to steal it. It also takes screenshots of the system, and sends them to remote servers along with other information it can round up, including the following:

Information from the Vidalia plug-in forFirefox, which is part of the Tor anonymous browsing project.

In addition to theft activities,analysis of the malware by Sophossuggests the malware also searches for underground and child ography cues.

This Trojan is a irly complex one, and while for now it has been found in compromised versions of Graphic Converter, the malware developers can easily use other packages; however, in order to pose a threat, all of these would have to be obtained from underground Web sites and illegitimate software distribution services.

Should you worry?

The description of this Trojan as stealing, counterfeiting, and dealing with child ography sounds scary and troubling, but ultimately it is nothing new to malware. Overall do not let it obscure the ct that this malware is being distributed only in pirated software.

If you purchase software legitimately and do not steal it, then you have nothing to worry about. The easiest way to protect yourself from Trojan horses like this one is to avoid software piracy and only download software directly from developers or from legitimate software download sites and services likeCNETs Download.com.

However, it is always a good idea to approach any software package with an air of caution. If you find a downloaded installer package on your system and are uncertain where it came from, then simply remove it and visit the developers Web site to redownload the package again. Even if it takes a while to redownload, its better to be safe than sorry.

In addition to observing safe browsing and computing practices, even though the malware situation on the Mac is still minimal in comparison to Windows, it is growing a little at a time. I recommend that people keep a good updated malware scanner on their systemtrojan removal softwares.

While it is not necessary to set scanners to frequently check the entire system or enable on-demand scanning for all files (which is primarily useful for worms, viruses, and other self-replicating malware), having a scanner periodically check any newly downloaded content will not hurt. Some recommended malware scanners include Sophos, VirusBarrier, and ClamXav, but there are plenty of other options available for you to choose from and try out.

Questions? Comments? Have a fix? Post them below ore-mail us!

Be sure to check us out onTwitterand theCNET Mac forums.

Topher KesslerTopher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and the best use of Macs and Apple hardware at home and in the workplace. Topher is a member of the CNET Blog Network and is not an employee of CBS Interactive.

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

MacFixIt is CNETs troubleshooting resource for all things Mac. The information here helps you navigate the ins-and-outs of Mac ownership with how-tos, troubleshooting information, news, reviews, and more.

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

Android malware is up 472 percent since July, according to a study that blames the lax review process on GooglesAndroid Market.

Android tops the charts in mobile malware, largely due to the ilure of Googles Android Market to properly review apps before they hit the marketplace, says a new report from Juniper Networks.

In a blog post yesterday, Juniper found that Android malware has soared 472 percent since this past July. In particular, October and November have seen the stest rise in Android malware since Google unveiled its mobile platform, according to Junipers Global Threat Center.

The number of Android malware samples collected in October rose 110 percent over September and 171 percent over those collected up to July. Further, Junipers Malicious Mobile Threats Report, released this past May, discovered a 400 percent increase in Android malware from 2009 to the summer of 2010.

And Juniper lays the blame at the foot of Google.

These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications, noted the blog. With no upfront review process, no one checking to see that your application does what it says, just the worlds largest majority of smartphone users skimming past your applications description page with whatever description of the application the developer chooses to include.

Of course, as Juniper points out, malicious apps are removed from Android Market after theyre discovered. But this often happens after many people have already downloaded them.

Over the past year, anumber of malicious apps have been discoveredmasquerading as supposedly legitimate software, tricking unsuspecting Android users into installing them. In March, Google was forced to yank almost two dozen apps from Android Market and users Android devices after learning that they wereinfected by a Trojan known as DroidDream.

Various security firms, includingSymantecandMcAfeehave also voiced concerns about the huge rise in Android malware.

Beyond increasing in volume, Android malware is getting more sophisticated, says Juniper. This past spring witnessed the birth of malicious apps capable of tapping into the root of a device, allowing them to install more software to gain even deeper access to key data and services. Today, almost all Android malware has this ability, one that attackers are eager to employ.

Most Android malware apps go after communications and GPS data, according to Juniper. Among the known malware samples, 55 percent act as spyware, collecting user information. Another 44 percent are considered SMS Trojans, which send SMS messages to premium-rate phone numbers, thereby costing the user money thats virtually unrecoverable.

Android has also proven a hot spot for malware thanks to the platforms increasing popularity. Many of the malware writers originally targeted Nokias Symbian and Microsofts older Windows Mobile systems but jumped ship to Android as it gained more market share, according to Juniper.

How does Android compare with Apples iOS in security? Juniper doesnt see one platform as necessarily more secure than the other. Its the review process that makes the difference.

The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores, the Juniper blog notes. Androids open applications store model, which lacks the code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught.

So, how do Android users protect themselves?

The Android Market offers a variety of virus scanners, both free and paid. A new study from AV-Test found a small number offree scanners unreliable, but gave decent grades to paid products such as F-Secures Mobile Security and Kaspersky Mobile Security. The study also iled to test some notable free products, includingAVG Antivirus Free,BitDefender Mobile Security,Lookout Mobile Security, andNorton Mobile Security.

Lance WhitneyLance Whitney wears a few different technology hats–journalist, Web developer, and software trainer. Hes a contributing editor for Microsoft TechNet Magazine and writes for other computer publications and Web sites. Lance is a member of the CNET Blog Network, and he is not an employee of CNET.

Thief urinates on transformer, gets burns, jailA copper thief is jailed for a year after he and an accomplice drain conductors at a sub-station of oil and he then urinates against the transformer, causing an explosion.

Technically Incorrect

China Telecom to begin selling iPhone 4S on March 9Deal with the countrys third largest carrier will end China Unicoms run as exclusive seller of the device in China.

Apple

Uber gives customers motorcade for Presidents DayAs a special Presidents Day treat, certain lucky Uber customers in Washington, D.C. receive a presidential-style motorcade, complete with limo and two Chevy Suburbans.

Technically Incorrect

Samsung shows sequels to Galaxy Ace and MiniNew smartphones continue to appear in advance of Mobile World Congress. Samsung is the player this time with the Galaxy Ace 2 and Galaxy Mini 2.

Mobile

Stitcher first with Facebook Timeline news radio integrationDozens of apps tie in seamlessly, but on the audio front, music has led the way. Now, radio news shows and podcasts are available by the thousands, and discovery is the goal.

Geek Gestalt

Clean-tech startup GreatPoint scales up in ChinaIn a $1.25 billion deal, GreatPoint Energys coal-to-natural gas technology will be built in China, the first large-scale plant for that technology in the world.

Cutting Edge

Android features that may elicit envy from iPhone owners (photos)Google made public a new swipe-to-unlock patent, something HTC actually already offers. CNET takes a look at some other features that vendors have contributed to Android–features that may someday end up in a patent battle.

Gallery

ZTE Mimosa X raises a glass to Ice Cream SandwichThe ZTE Mimosa X will burst forth with Ice Cream Sandwich…sometime in the second quarter.

Mobile

How to avoid and what to do to prevent us from being victim? Let’s discuss about it.

1. Be suspicious when receiving emails or requests from some web asking you to submit your personal information. Especially when the request is from some unknown websites. However, it doesn’t mean you can ignore emails from some big companies, for sometimes criminals can forge into some well-known companies. For instance: PayPal to PayPall. Have you notice the difference between them?

2. Change your password often, and do not set auto-memorizing of your account information on the web. It’s very dangerous once the browser memorized your login name and password for a spyware can detect what they want, and steal all your data easily. Memorize yourself, not the computer.

3. Use a good protection program: if you need to do transactions online, you need to make sure you do it in a secure place. The best choice is to install a security suite that can help you monitor and stop suspicious actions intending to invade your computer. You’d better install an anti-virus software as the first security layer and a malware killer as the second layer— Anvi Smart Defender is a good choice. It’s free and also delivers system optimization function.

4. Keep an eye on yourself even if you are at home. It’s no need for online thieves to break into your house to steal what they want. You should know it’s very easy for them to get what they want from you. They only need to planet a spyware on your computer system to monitor all your online activities.

5. Avoid questionable websites. Don’t submit your personal information to unknown websites, or fill forms contained within an email from unknown senders. If you found something unusual or suspicious, close it immediately. Remember, it’s dangerous.

6. Keep your windows and anti-malware software up to date for you need to make sure your virus database is the latest version. You’d better set auto update in case you forget to do so.

Hope you will enjoy virus-free online environment.

All people who use the computer should be aware of how to properly use the computer and protect it from malicious software.

No anti-malware software

It’s highly recommended you have some form of anti-virus and spyware protection on your computer to help protect you from malware and other infections. Because malware programs are growing rapidly, changing into more complicated and difficult to detect forms. You need a guard to defense your PC form these malicious program.

Why you need to install anti-malware software?

When downloading some software from the Internet, you may download some programs that contain viruses and other malware. So make sure you’re downloading the software from a reliable source and scan it with your anti-virus program before open and install it.  

Accepting without reading

According to a research, the most common ways a computer becomes infected is the user accepts what he or she sees on the screen without reading the prompt or understanding what it’s asking.

Some common examples:

Accept unknown plug-ins without reading. When browse the Internet, an Internet advertisement or window might appear to tell that your computer is infected and a unique plug-in is required. Without fully understanding what it is you’re getting, you accept the prompt.

A very often situation is that these plug-ins are malicious software that designed to monitor your usage of the program.

Opening e-mail attachments

Another very common way people become infected with viruses and other spyware is by opening e-mail attachments. Sometimes, these e-mails are sent by a co-worker, friend, or family member, so you treat it lightly. However, E-mail addresses can be easily faked, what’s worse, even if they are not faked, your acquaintance may unsuspectingly be forwarding you an infected file if they get infected by some viruses.

So be careful when receiving an e-mail with an attachment. Delete it right away if the e-mail was expected from someone you don’t know, and be cautious when opening the attachment if the e-mail is from someone you know.

Not running the latest updates

This is the most easily forgotten part. Many of the updates, especially those associated with Microsoft Windows and other operating systems and programs, are security updates. Running a program or operating system that is not up-to-date can be a big security risk and can be a way your computer becomes infected.

Pirating software, music, or movies

When you download copyrighted music, movies, software, etc. for free from some websites, you may easily get affected for many of the files can contain viruses, spyware or malicious software. So next time, be careful when download something.

As the spread of laptops, wireless security has become an essential part of this computer world. Embodied yourself with certain knowledge of this filed will ensure your wireless network not stolen by other people and less susceptible to hackers. Below are some suggestions which may help:

1. Type your router’s administration control panel address into Internet Explorer. If it doesn’t work, consult your router’s user manual.

2. Type in your user name and password for the administration control panel of your router, and click OK.

3 Click the “Wireless” tab within your router’s administration control panel. The same to all routers.

4 Click “Wireless Security.”

5 Select the “Security Mode.”

6 Select the shared key or password for your wireless security type.

7 Leave the “Group Key Renewal” setting as the default. Click “Save Settings” to complete the process.

Upon doing the above settings, any laptops and other devices that connect to your wireless network will need to enter the password you set in step six. You can put all your worries down then.

Following are some ways to stop certificate error notifications:

1. Click the “Start” button in the Windows desktop. Click the “Run” icon and type “regedit” into the text field box. Click the “OK” button to open the Microsoft Registry Editor.

2. Double-click the “HKEY_LOCAL_MACHINE” folder that on the left-side pane of the editor, then double-click the “SOFTWARE” folder, followed by double-clicking the “Microsoft,”Internet Explorer,”Main,” and “Feature Control” folders.

3. Highlight the “New” option in the edit menu and click “Key.”

4. Type the following into the new key box:

“FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312″

Press “Enter”.

5. Select and highlight the “New” option in the edit menu, then select “DWORD Value.”

6. Type the following into the value box:

“iexplore.exe”

Press “Enter.”

7. Select the “Modify” option in the edit menu.

Enter the value “1″ into the modification area and click “OK.”

Conclusion:

By following the above 7 steps you can easily get rid of certificate error notifications

I used to install Kaspersky Antivirus, which is well known for its fast performance and amazing security capabilities. It is described as no slowing down the computer at all, but in actual use, I found my computer ran a little bit slow after installing it. The protection I received from it for 13 months had kept my computer free of all invasions, and infections. I have to admit its good performance, and multiple functions, but I also hold a view that the price is a little expensive. So one year later, I tried BitDefender Antivirus.

The price of BitDefender Antivirus is quite affordable. It is said to be among top 10 antivirus list. You may hold the view: you get what you pay for. But to BitDefender Antivirus, the logic is totally wrong. BitDefender Antivirus is cheap, which does not mean it is less functional or worse performance. With its advanced technology algorithms and methods to identify security risks and blocks threats even before they try to harm your computer, BitDefender Antivirus offers advanced proactive protection to your computer. However, it’s still not that perfect, because BitDefender does not have a substitute, and it is generally incompatible with third-party Anti-Spyware, Anti-Trojan software.

Now I’m using ESET Smart Security 5. It performs a really good job, as evaluated by someone: ESET offers the world’s fastest and most effective proactive antivirus and antispyware protection for your computer. However, as nothing is perfect, the price of ESET is also a little expensive.

No matter what view you may hold, they are all good products. They have their own traits, what you need to do, is choosing the one you like best or trying one by one to seek for a more perfect one. Hope you will have a good working mode and never be interrupted by virus invasions.

Intruders (also named hackers or crackers) are motivated by a multitude of reasons, including profit, protest, or because of the challenge. You may not be their final target, but still intruded by them. One purpose of gaining control of your computer is to use it to launch attacks on other computer systems. Coz the control of your computer gives them the ability to hide their true location as they launch attacks. Once your computer is intruded by a hacker, all your actions and activities are under control of them, they may cause damage to your computer by reformatting your hard drive or changing your data.

The efficient way to solve this problem is to keep your OS and applications updated, install a network security and vulnerability scanner that allows auditing and monitoring network computers for possible vulnerabilities. For an average home user, there’s no better way.

The words “A problem has been detected and windows has been shut down to prevent damage to your computer” displayed on the screen, and the fail of Microsoft Windows almost drove me crazy.

What the hell is blue screen of death? So many reasons may lead to this system error. I think what people really concern is how to fix it, not the cause of it.

Here’s one simple tip:

Start your computer in safe mode, and possibly eliminate the virus file, driver, or device that is causing the system to lock up.

There is a video tutorial for this, which may be helpful if your PC is not start normally.

Here’s the link: http://www.youtube.com/watch?v=oITxnPGSHvM

Hope this simple guide on how to fix BSOD will put you in the right direction for putting a stop to this most annoying crash.