Daily Archives: August 9, 2022

Slack exposed hashed passwords for years

Posted on by

[…]

The issue occurred when a user created or revoked a shared invitation link for their workspace. The good news is that the password wasn’t plaintext, and it wasn’t visible in any Slack clients. The bad news is that it could be picked up by monitoring encrypted traffic from Slack’s servers, and it appears that all users who created or revoked those links between April 17, 2017, and July 17, 2022, are affected.

Slack said only 0.5 percent of users were affected, which doesn’t sound too terrible until you consider how many Slack users are out there. While getting a definitive user figure for any chat platform is tricky and varies depending on what measure the vendor is using, it is safe to assume Slack has 10 million or more daily active users, meaning that at least 50,000 could have been affected. We asked the company to confirm this, and will update if there is a response.

Slack lays claim to over 169,000 paid customers and says “millions of people around the world use Slack to connect their teams.”

The company was informed of the issue by an independent security researcher on July 17, and swiftly fixed the issue before assessing the scale of the impact. “We have no reason to believe that anyone was able to obtain plaintext passwords because of this issue,” it insisted, but has still reset the passwords of affected users regardless.

It also recommends the inevitable move to two-factor authentication and the use of unique passwords for every service in use.

[…]

Source: Slack exposed hashed passwords for years • The Register

Some Epson Printers Programmed to Eventually Self-Brick

Posted on by

[…] Haven recently took to Twitter to share a frustrating experience with their wife’s “very expensive @EpsonAmerica printer” which, seemingly out of the blue, displayed a warning message stating that “it had reached the end of its service life.” It then simply stopped working, requiring either a servicing to bring it back from the dead, or a full-on replacement.

So what was the issue with the printer? A dead motor? A faulty circuit board? Nope. The error message was related to porous pads inside the printer that collect and contain excess ink. These wear out over time, leading to potential risks of property damage from ink spills, or potentially even damage to the printer itself. Usually, other components in the printer wear out before these pads do, or consumers upgrade to a better model after a few years, but some high-volume users may end up receiving this error message while the rest of the printer seems perfectly fine and usable.

According to the Fight to Repair Substack, the self-bricking issue affects the Epson L130, L220, L310, L360, and L365 models, but could affect other models as well, and dates back at least five years. There’s already videos on YouTube showing other Epson users manually replacing these ink pads to bring their printers back to life. The company does provide a Windows-only Ink Pad reset utility that will extend the life of the printer for a short period of time, but it can only be used once, and afterwards, the hardware will either need to be officially serviced, or completely replaced.

A few years ago, Epson released its EcoTank line of printers, which were specifically designed to address the extremely high cost of replacing the ink cartridges for color inkjet printers. The printers featured large ink reservoirs which could be easily refilled with cheaper bottles of ink, and although Epson’s EcoTank printers were more expensive as a result, in the long run they would be cheaper to operate, especially for those printing a lot of color imagery. But that assumes they actually keep working for the long run. Videos of users manually replacing their Epson printers’ ink pads seem to indicate that the company could redesign the hardware to make this part easily user-serviceable, which would extend the life of the hardware considerably. But as it stands, the company’s solution runs the risk of contributing to an ever-growing e-waste problem and forcing consumers to shell out for new hardware long before they really need to.

[…]

As it stands now, there are undoubtedly many users getting an error message like this that simply replace their printers entirely, when they’d certainly be happy to instead pay for a $15 maintenance kit that quickly gets them running again, keeping more devices out of recycling facilities or garbage dumps.

Source: Some Epson Printers Programmed to Eventually Self-Brick