Fueled by manic demand during the early days of Covid, Peloton spent the next two years chasing a dream of fitness dominance. From a report: If Peloton's story thus far were a Peloton class, it would be a high-intensity one, perhaps even a Tabata ride. Everyone would pedal as fast as they could, recover for not long enough, then do it again, as a charismatic figure on the screen urged them on with promises of transformational personal growth and of the massiveness of the total addressable market of subscription fitness. Midway through, the instructor would announce that the 20-minute class would actually go for an hour. Here and there, riders would injure themselves. There would be technical issues with the machines. At the end, right after recommending a five-minute post-ride stretching class and intoning his mantra -- "We're not a stationary bike company, we're not a treadmill company, we are an innovation company that is at the nexus of fitness, technology, and media!" -- the instructor would announce his transition to a new role at the company. It would be exhilarating and entertaining, but perhaps not a ride you'd want to do every day.

[...] The bring-your-own-bike model holds evident appeal for Barry McCarthy (new CEO), who's less interested in the physical machines than in his company's content. "The magic happens in the tablet," he says. He muses that perhaps the Peloton screen should be an open platform where third-party programmers can place apps. Or maybe the company could try the inkjet printer business model, offering machines for cheap and making money through higher monthly subscription fees. At the moment, you can ride your bike even if you're not paying for classes. McCarthy plans to experiment with making those payments mandatory. (On March 10, the company announced such a test, saying it would create a monthly subscription that combines the price of its hardware and content and lacks an upfront hardware payment.) In all of this, McCarthy says he'll let the data be his instructor. It's a familiar narrative: Startup founder gives way to the bean counters and market researchers. Peloton, more than perhaps any other company, trades on charisma -- of its instructors, of its corporate leadership, of its hardcore users cheerfully touting the brand. But even cults need accountants.

An anonymous reader quotes a report from Ars Technica: Cryptographic keys generated with older software now owned by technology company Rambus are weak enough to be broken instantly using commodity hardware, a researcher reported on Monday. This revelation is part of an investigation that also uncovered a handful of weak keys in the wild. The software comes from a basic version of the SafeZone Crypto Libraries, which were developed by a company called Inside Secure and acquired by Rambus as part of its 2019 acquisition of Verimatrix, a Rambus representative said. That version was deprecated prior to the acquisition and is distinct from a FIPS-certified version that the company now sells under the Rambus FIPS Security Toolkit brand.

Researcher Hanno Bock said that the vulnerable SafeZone library doesn't sufficiently randomize the two prime numbers it used to generate RSA keys. (These keys can be used to secure Web traffic, shells, and other online connections.) Instead, after the SafeZone tool selects one prime number, it chooses a prime in close proximity as the second one needed to form the key. "The problem is that both primes are too similar," Bock said in an interview. "So the difference between the two primes is really small." The SafeZone vulnerability is tracked as CVE-2022-26320. Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat's factorization method. French mathematician Pierre de Fermat first described this method in 1643. Fermat's algorithm was based on the fact that any number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn't feasible when factors are truly random and hence far apart. The security of RSA keys depends on the difficulty of factoring a key's large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q). When P and Q are known publicly, the key they make up is broken, meaning anyone can decrypt data protected by the key or use the key to authenticate messages.

So far, Bock has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys belong to printers originally branded as Fuji Xerox and now belonging to Canon. Printer users can use the keys to generate a Certificate Signing Request. The creation date for the keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351. Bock also found four vulnerable PGP keys, typically used to encrypt email, on SKS PGP key servers. A user ID tied to the keys implied they were created for testing, so he doesn't believe they're in active use. Bock said he believes all the keys he found were generated using software or methods not connected to the SafeZone library. If true, other software that generates keys might be easily broken using the Fermat algorithm. It's plausible also that the keys were generated manually, "possibly by people aware of this attack creating test data." The researcher found the keys by searching through billions of public keys that he either had access to, were shared with him by other researchers, or that were available through certificate transparency programs. UPDATE: The headline incorrectly stated that a "600-Year-Old Algorithm" was used. It's been changed to "379-Year-Old-Algorithm" to reflect the updated headline on Ars.

David Boggs, an electrical engineer and computer scientist who helped create Ethernet, the computer networking technology that connects PCs to printers, other devices and the internet in offices and homes, died on Feb. 19 in Palo Alto, Calif. He was 71. From a report: His wife, Marcia Bush, said his death, at Stanford Hospital, was caused by heart failure. In the spring of 1973, just after enrolling as a graduate student at Stanford University, Mr. Boggs began an internship at Xerox PARC, a Silicon Valley research lab that was developing a new kind of personal computer. One afternoon, in the basement of the lab, he noticed another researcher tinkering with a long strand of cable.

The researcher, another new hire named Bob Metcalfe, was exploring ways of sending information to and from the lab's new computer, the Alto. Mr. Metcalfe was trying to send electrical pulses down the cable, and he was struggling to make it work. So Mr. Boggs offered to help. Over the next two years, they designed the first version of Ethernet. "He was the perfect partner for me," Mr. Metcalfe said in an interview. "I was more of a concept artist, and he was a build-the-hardware-in-the-back-room engineer." Many of the key technologies that would be developed over the next two decades as part of the Alto project would come to define the modern computer, including the mouse, the graphical user interface, the word processor and the laser printer, as well as Ethernet.

An anonymous reader quotes a report from Ars Technica: For years, printers have been encumbered with digital rights management systems that prevent users from buying third-party ink and toner cartridges. Printer companies have claimed that their chip-enabled cartridges can "enhance the quality and performance" of their equipment, provide the "best consumer experience," and "protect [the printers] from counterfeit and third-party ink cartridges." Left unsaid is the fact that requiring first-party cartridges also ensures a recurring revenue stream. It's an old business model -- Gillette sold its razor handles cheaply to sell more razors, for example -- and it's one that printer companies have enthusiastically embraced. Lexmark, HP, Canon, Brother, and others all effectively require users to purchase first-party ink and toner. To enforce the use of first-party cartridges, manufacturers typically embed chips inside the consumables for the printers to "authenticate." But when chips are in short supply, like today, manufacturers can find themselves in a bind. So Canon is now telling German customers how to defeat its printers' warnings about third-party cartridges.

"Due to the worldwide continuing shortage of semiconductor components, Canon is currently facing challenges in procuring certain electronic components that are used in our consumables for our multifunction printers (MFP)," a Canon support website says in German. "In order to ensure a continuous and reliable supply of consumables, we have decided to supply consumables without a semiconductor component until the normal supply takes place again." [...] The software on these printers comes with a relatively simple way to defeat the chip checks. Depending on the model, when an error message occurs after inserting toner, users can press either "I Agree," "Close," or "OK." When users press that button, the world does not end. Rather, Canon says users may find that their toner cartridge doesn't give them a low-toner warning before running empty. "Although there are no negative effects on print quality when consumables are used without electronic components, certain additional functions, such as the detection of the toner level, may be impaired," Canon's support site says.

An anonymous reader quotes a report from Ars Technica: Velcro is an ingenious hook-and-loop fastener inspired by nature -- specifically, cockleburs. Now scientists at the Italian Institute of Technology are returning the favor. They have created the first biodegradable Velcro -- inspired by climbing plants -- and used it to build small devices to help monitor the health of crop plants and deliver pesticides and medicines as needed, according to a November paper published in the journal Communications Materials. [...] Co-author Isabella Fiorello and her colleagues were interested in developing innovative new technologies for monitoring plants in situ to detect disease, as well as delivering various substances to plants. However, few such devices can be attached directly to plant leaves without damaging them. The best current options are sensors attached with chemical glues, or with clips. There are also micro-needle-based patches under development able to penetrate leaves for disease detection. Fiorello et al. found inspiration in the common catchweed plant (Galium aparine). It can form dense, tangled mats on the ground, and while the plants can grow up to six feet, they can't stand on their own and instead must use other plants for support. For this purpose, catchweed plants rely on a "unique parasitic ratchet-like anchoring mechanism to climb over host plants, using microscopic hooks for mechanical interlocking to leaves," the authors wrote.

The Italian team closely studied that micro-hook structure and then used a high-resolution 3D printer to create artificial versions, using various materials -- including photosensitive and biodegradable materials made from a sugar-like substance known as isomalt. Their artificial reproductions proved quite capable of attaching to many different plant species, just like their natural counterparts. As an initial application, the team designed a device that could penetrate a plant cuticle with minimal invasiveness, thereby enabling the plant to be monitored and treated, if necessary. The isomalt microhooks attach to the vascular system of leaves and then dissolve inside, because isomalt is soluble. Fiorello et al.'s experiments demonstrated that their artificial micro hooks can be used as a plaster for targeted, controlled release of pesticides, bactericides, or pharmaceuticals onto the leaves. This would greatly reduce the need for broad application of pesticides. And since the plaster dissolves once it's applied, there is no additional waste.

The team also printed hooks made out of a photosensitive resin and assembled them together with sensors for light, temperature, and humidity to make intelligent clips to enable wireless monitoring of the plant's heath. The clips attach to individual leaves, transmitting data wirelessly thanks to customized computer software. The prototype proved resistant to windy conditions and was capable of making real-time measurements for up to 50 days. The devices could be used for small-scale botanical applications, or they could be scaled up. For instance, farmers could distribute many such devices to better map and monitor wide cultivation areas, according to the authors. Finally, Fiorello et al. developed a micro-robotic system capable of moving over the surface of leaves using micro steps, copying the ratchet-like motion of the catchweed plant. Similar actuation mechanisms have previously been demonstrated in Stanford University's SpinyBot -- capable of scaling hard, flat surfaces thanks to arrays of miniature spines on its feet -- and the University of California, Berkeley's CLASH robots, which are capable of climbing up loose suspended cloth surfaces, like curtains.

One Virginia family received the keys to their new 3D-printed home in time for Christmas. The home is Habitat for Humanity's first 3D-printed home in the nation, according to a Habitat news release. CNN reports: Janet V. Green, CEO of Habitat for Humanity Peninsula and Greater Williamsburg, told CNN it partnered with Alquist, a 3D printing company, earlier this year to begin the process. Alquist's crew printed the house. Janet V. Green, CEO of Habitat for Humanity Peninsula and Greater Williamsburg, told CNN it partnered with Alquist, a 3D printing company, earlier this year to begin the process. Alquist's crew printed the house. The technology allowed the home to be built in just 12 hours, which saves about four weeks of construction time for a typical home. The concrete used in the house's 3D construction has many long-term benefits, such as the ability to retain temperature and withstand natural disasters, like tornadoes and hurricanes.

April Stringfield purchased the home through the Habitat Homebuyer Program. She will move in with her 13-year-old son just in time for the holidays. "My son and I are so thankful," Stringfield said in a live feed streamed on Habitat's Facebook page. "I always wanted to be a homeowner. It's like a dream come true." Stringfield's home also includes a personal 3D printer that will allow her to reprint anything she may need, "everything from electrical outlet to trim to cabinet knobs," Green told CNN.

The nonprofit Habitat for Humanity uses volunteer labor to build homes with affordable mortgages for families in need (who also invest hundreds of hours of their own labor) — or to renovate or repair/improve existing homes.

But this week saw them delivering something new: a 3D-printed home, built with giant 3D printers from a company called Alquist).

CNN reports: The 1,200-square-foot home has three bedrooms, two full baths and was built from concrete. The technology allowed the home to be built in just 12 hours, which saves about four weeks of construction time for a typical home....

The concrete used in the house's 3D construction has many long-term benefits, such as the ability to retain temperature [reducing heating and cooling costs] and withstand natural disasters, like tornadoes and hurricanes. [It also reduced building costs by an estimated 15% per square foot.] Stringfield's home also includes a personal 3D printer that will allow her to reprint anything she may need, "everything from electrical outlet to trim to cabinet knobs," Janet V. Green, CEO of Habitat for Humanity Peninsula and Greater Williamsburg, told CNN.

While this is the first 3D home for Habitat for Humanity in the U.S., it certainly won't be the last. Green told CNN it hopes to continue partnering and developing the technology used with the printing. "We would love to build more with this technology, especially because it's got that long-term savings for the homeowners," Green said.
The house will also have "smart building" applications that track data on the indoor environment through a proprietary Virginia Tech system that uses a Raspberry Pi, according to a statement from Habitat for Humanity.

And the house will be outfitted with solar panels, "for even more cost savings after the family moves in."

Supply is low, demand is high -- but that alone cannot explain the weird indignity of renting a vehicle. From a report: The present situation is "the most challenging in the history of car rental," says Chris Brown, the digital editor of the industry trade publication Auto Rental News. "Last year ... it was a disaster." Nobody could have planned for such a catastrophic revenue loss, he told me, and while the airline industry received a government bailout, the rental-car industry did not. "Hertz had 3,000 cars burned to the ground because someone lit a match, and they just burned in a field," he added. (Something like this did happen in Florida, though only around 1,000 of the 4,500 cars destroyed in the fire belonged to Hertz, and investigators blamed the episode on a hot exhaust pipe and dry grass.) Given the context, some negative customer experiences were to be expected, Brown argued. "But I think it's really impressive how car-rental [companies have] been able to pull themselves out of this very difficult time managing as well as they are."

Well, I'm not trying to be unfair to any companies, but many car-rental businesses did receive funds from the Paycheck Protection Program. And many of their negative customer experiences have nothing to do with a car shortage or a pandemic. Why is that car-rental employee typing for so long? We'll never know. Why are the printers so old and loud and broken? Who could say! Will you ever get a straight answer as to how much insurance to buy, or whether to prepay for gas, or why it's forbidden for you to drive this rental car out of the state of Florida? What does the pandemic have to do with Avis allegedly repossessing a rental car from someone's driveway in the middle of the night in Teaneck, New Jersey, and then allegedly claiming to know absolutely nothing about it, in one of the oddest stories I have ever read? And what does the pandemic have to do with the stream of complaints about rental-car companies on the Better Business Bureau website, a surprising number of which come from people who insist that they do not smoke yet they have been charged as much as $450 for allegedly smoking in a car?

I reached out with questions of this kind to the three largest rental-car companies, which control the large majority of the rental-car business in the United States. Enterprise Holdings did not respond. Avis Budget declined to comment about either the state of the industry or the alleged incident in Teaneck. A Hertz spokesperson said, in part, "Hertz is working closely with our automotive partners to add new vehicles to our fleet as quickly as possible amid the microchip shortage that continues to impact the car rental industry. We're also purchasing low-mileage, pre-owned vehicles, and moving vehicles to the areas with highest demand." The financial structure of these companies is as inscrutable as a contract printed on a dot-matrix printer and signed in a dim underground parking garage. Some of them have gone bankrupt; at least one has done so multiple times. Take Hertz for instance: Private-equity firms acquired the company from Ford in 2005, then made a profit of $1 billion with an IPO while the company itself remained deeply in debt. The company is also on its sixth CEO since 2014 and has been deemed a "Frankenstein of financial engineering" by Axios. Most of the cars that Hertz rents out are owned by "special-purpose" subsidiaries of Hertz, from which Hertz then leases them. When Hertz was sliding into bankruptcy in spring 2020, it was because the company had missed lease payments -- to put it crudely -- to itself. I can barely understand this, yet I will walk into a rental-car office and suffer for it.

An anonymous reader shares a report: Microsoft started shifting options from the Control Panel to the Settings app in Windows 8. The company has gradually moved settings away from the Control Panel since then. Quite a few options migrated over with the rollout of Windows 11, but a recent Insider build of Windows 11 moved a small handful of settings to the Settings app. Microsoft outlined the changes in the release notes of Windows 11 build 22509, which came out on December 1, 2021. The moves garnered attention from several outlets over the last week:

1. We have moved the advanced sharing settings (such as Network discovery, File and printer sharing, and public folder sharing) to a new page in Settings app under Advanced Network Settings.
2. We've made some updates to the device specific pages under Printers & Scanners in Settings to show more information about your printer or scanner directly in Settings when available.
3. Some of the entry points for network and devices settings in Control Panel will now redirect to the corresponding pages in Settings.

Dozens of printers across the internet are printing out a manifesto that encourages workers to discuss their pay with coworkers, and pressure their employers. Motherboard reports: "ARE YOU BEING UNDERPAID?" one of the manifestos read, according to several screenshots posted on Reddit and Twitter. "You have a protected LEGAL RIGHT to discuss your pay with your coworkers. [...] POVERTY WAGES only exist because people are 'willing' to work for them." On Tuesday, a Reddit user wrote in a post that the manifesto was getting randomly printed at his job. "Which one of you is doing this because it's hilarious," the user wrote. "Me and my co-workers need answers."

Some people on Reddit have suggested that the messages are fake (i.e. printed by people with access to a receipt printer and posted for Reddit clout) or as part of a conspiracy to make it seem like the r/antiwork subreddit is doing something illegal. But Andrew Morris, the founder of GreyNoise, a cybersecurity firm that monitors the internet, told Motherboard that his firm has seen actual network traffic going to insecure receipt printers, and that it seems someone or multiple people are sending these printing jobs all over the internet indiscriminately, as if spraying or blasting them all over. Morris has a history of catching hackers exploiting insecure printers. "Someone is using a similar technique as 'mass scanning' to massively blast raw TCP data directly to printer services across the internet," Morris told Motherboard in an online chat. "Basically to every single device that has port TCP 9100 open and print a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging."

Whoever is doing this, Morris said, is doing it "in an intelligent way." "The person or people behind this are distributing the mass-print from 25 separate servers so blocking one IP isn't enough," he said. "A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet and we've confirmed that it is printing successfully in some number of places the exact number would be difficult to confirm but Shodan suggests that thousands of printers are exposed," he added, referring to Shodan, a tool that scans the internet for insecure computers, servers, and other devices.

"The thought of combining a printer (the bane of office workers) with the bacterium E. coli (the scourge of romaine lettuce) may seem an odd, if not unpleasant, collaboration," writes the New York Times.

"But scientists have recently melded the virtues of the infuriating tool and of the toxic microbe to produce an ink that is alive, made entirely from microbes." The microbial ink flows like toothpaste under pressure and can be 3D-printed into various tiny shapes — a circle, a square and a cone — all of which hold their form and glisten like Jell-O. The researchers describe their recipe for their programmable, microbial ink in a study published on Tuesday in the journal Nature Communications.

The material is still being developed, but the authors suggest that the ink could be a crucial renewable building material, able to grow and heal itself and ideal for constructing sustainable homes on Earth and in space... [T]he new substance contains no additional polymers; it is produced entirely from genetically engineered E. coli bacteria. The researchers induce bacterial cultures to grow the ink, which is also made of living bacteria cells. When the ink is harvested from the liquid culture, it becomes firm like gelatin and can be plugged into 3D-printers and printed into living structures, which do not grow further and remain in their printed forms...

Bacteria may seem an unconventional building block. But microbes are a crucial component of products such as perfumes and vitamins, and scientists have already engineered microbes to produce biodegradable plastics. A material like a microbial ink has more grandiose ambitions, according to Neel Joshi, a synthetic biologist at Northeastern University and an author on the new paper. Such inks are an expanding focus of the field of engineered living materials. Unlike structures cast from concrete or plastic, living systems would be autonomous, adaptive to environmental cues and able to regenerate — at least, that is the aspirational goal, Dr. Joshi said. "Imagine creating buildings that heal themselves," said Sujit Datta, a chemical and biological engineer at Princeton University who was not involved with the research....

Dr. Manjula-Basavanna is shooting for the moon, Earth's satellite, where there are no forests to harvest for wood and no easy way to send bulk building materials. There, he said, the ink might be used as a self-regenerating substance to help build habitats on other planets, as well as places on Earth. "There is a lot of work to be done to make it scalable and economic," Dr. Datta conceded. But, he noted, just five years ago creating robust structures out of microbes was unimaginable; conceivably, self-healing buildings could be a reality in our lifetime.

The game formerly known as PlayerUnknown's Battlegrounds accounts for 97% of the revenue of its maker Krafton. Given that the Seoul-based company is valued at almost $20 billion, we have a rough estimate for how much this single game is worth, according to the stock market. A good chunk of that value is in the potential that title holds for expansion. From a report: Krafton has staked its future on making PUBG -- no longer an abbreviation but a brand for a wider intellectual property franchise -- into a big fantasy universe spanning different games and entertainment genres. The first big test of this strategy is PUBG: New State, the mobile sequel that moves the battle royale action to 2051 and adds more advanced weaponry, vehicles and graphics. It arrives on Nov. 11. I haven't played it to be able to tell you how good it will be, but I would be hugely surprised if it turns into anything other than another money printer for Krafton.

The reason for my confidence is simple: The company isn't straying too far from what made the original 2017 game a hit and is mostly changing the cosmetics atop the underlying physics and gameplay. This approach has proven highly successful in the mobile arena. The smartphone game is launching in more than 200 countries and in 17 different languages and has already had more than 50 million preregistrations. Another essential element for mobile success that Krafton taps into is making the game free to play. The vast majority of smartphone app store revenue comes from games, which seems counterintuitive considering that most of those games demand no upfront payment. The real money, however, is in enticing players to make microtransactions within the game, such as personalizing your character with "skins" or buying a pet or better weapons. This is such a big deal that Epic Games took Apple and Alphabet's Google to court over the split of who gets to profit from those addictive little in-game buys in PUBG rival Fortnite.

couchslug writes: Canon, best nown for manufacturing camera equipment and printers for business and home users, is being sued for not allowing customers to use the scan or fax functions in multi-function devices if the ink runs out on numerous printer models. David Leacraft filed a class action lawsuit against Canon USA, alleging the company engaged in deceptive marketing and unjust enrichment practices.

Tonight 71-year-old Apple co-founder Steve Wozniak tweeted ten words: "A Private space company is starting up, unlike the others."

The tweet also included the URL for a new video just uploaded tonight to YouTube about a company called Privateer.

"Together we'll go far," says the narrator, later offering these thoughts on the people of our planet. "We are explorers. We are dreamers, risk-takers, engineers, and star gazers. We are human. And it's up to us to work together to do what is right and what is good."

The video's tagline? "The sky is no longer the limit.

The same tagline appears at Privateer.com, followed by two short sentences. "We are in stealth mode. We'll see you at AMOS in September 2021 in Maui, Hawaii." (With AMOS apparently, being the Advanced Maui Optical and Space Surveillance Technologies Conference running from this Tuesday through Friday.)

There's very little information about the company — although last month a 3D printing site reported Wozniak's company appeared to be using a printer for high-strength titanium — and suggested the company might have something to do with cleaning up space junk.

An anonymous reader quotes a report from Popular Mechanics, written by Laura Rider: After four long years of planning, the world's first 3D-printed steel bridge debuted in Amsterdam last month. If it stands up to the elements, the bridge could be a blueprint for fixing our own structurally deficient infrastructure in the U.S. -- and we sorely need the help. Dutch Company MX3D built the almost 40-foot-long bridge for pedestrians and cyclists to cross the city's Oudezijds Achterburgwal canal. It relied on four robots, fit with welding torches, to 3D-print the structure. To do it, the machines laid out 10,000 pounds of steel, heated to 2,732 degrees Fahrenheit, in an intricate layering process. The result? An award-winning design, pushing the boundaries of what steel can do.

Designers first came up with the concept for the bridge in 2015, with the goal of making an exceptionally efficient structure. To do so, they had to emphasize two things: simplicity and safety. To monitor the efficiency of their design, scientists at Imperial College London engineered the bridge to be a "living laboratory." A team of structural engineers, computer scientists, and statisticians developed a system of over one dozen embedded sensors for the bridge, which send live data to the university for further analysis of the bridge's performance. They monitor the bridge's movement, vibration, temperature, strain (the change in shape and size of materials under applied forces), and displacement (the amount an object shifts in a specific direction) over time. From that data, scientists built a "digital twin" -- computer science parlance for an identical, virtual rendering -- of the bridge that gets more accurate over time. With machine learning, they can now look for trends that might suggest modifications are in order.

For this bridge, designers utilized two methods of 3D printing -- Direct Energy Deposit (DED) and Powder Bed Fusion (PBF). With DED, the printer feeds material (typically in powder or wire form) through a pen-like nozzle, and an intense heat source (typically a laser, but sometimes an electron beam) melts the metal on contact. PBF works similarly in that a laser or electron beam melts powder down to build each layer. The main advantage of PBF, though, is that it operates with much smaller (and more expensive) parts, resulting in a higher-resolution project than DED could accomplish on its own. This allows designers to take their visions a step further.

Microsoft has released today a security update that will change the default behavior of the "Point and Print" feature to mitigate a severe security issue disclosed last month. From a report: First added in Windows 2000, the Point and Print feature works by connecting to a print server to download and install necessary print drivers every time a user creates a connection to a remote printer without providing installation media. Earlier this year, Jacob Baines, a reverse engineer for Dark Wolf Solutions, found that threat actors inside a company's network could abuse the Point and Print feature to run a malicious print server and force Windows systems to download and install malicious drivers.

Since Point and Print ran with SYSTEM privileges, the feature effectively provided threat actors with an easy way to gain admin rights inside any large corporate or government network. Microsoft initially tried to patch the issue -- tracked as CVE-2021-34481 -- last month, but the patches were deemed incomplete. Today, the company took another approach. Since the vulnerability is exploiting a design flaw, Microsoft chose today to change the default behavior of the Point and Print feature.

Could a flexible processor stuck on your produce track the freshness of your cantaloupe? That's the idea behind the latest processor from UK computer chip designer Arm, which says such a device could be manufactured for pennies by printing circuits directly onto paper, cardboard or cloth. From a report: The technology could give trillions of everyday items such as clothes and food containers the ability to collect, process and transmit data across the internet -- something that could be as convenient for retailers as it is concerning for privacy advocates.

In recent decades, processors have reduced in size and price to the point that they are now commonly used in everything from televisions to washing machines and watches. But almost all chips manufactured today are rigid devices created on silicon wafers in highly specialised and costly factories where dozens of complex chemical and mechanical processes take up to eight weeks from start to finish. Now, Arm has developed a 32-bit processor called PlasticARM with circuits and components that are printed onto a plastic substrate, just as a printer deposits ink on paper. James Myers at Arm says the processor can run a variety of programs, although it currently uses read-only memory so is only able to execute the code it was built with. Future versions will use fully programmable and flexible memory.

An anonymous reader quotes a report from Threatpost: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights. The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.

According to researchers, the vulnerability exists in a function inside the driver that accepts data sent from User Mode via Input/Output Control (IOCTL); it does so without validating the size parameter. As the name suggests, IOCTL is a system call for device-specific input/output operations. "This function copies a string from the user input using 'strncpy' with a size parameter that is controlled by the user," according to SentinelOne's analysis, released on Tuesday. "Essentially, this allows attackers to overrun the buffer used by the driver." Thus, unprivileged users can elevate themselves into a SYSTEM account, allowing them to run code in kernel mode, since the vulnerable driver is locally available to anyone, according to the firm.

The printer-based attack vector is perfect for cybercriminals, according to SentinelOne, since printer drivers are essentially ubiquitous on Windows machines and are automatically loaded on every startup. "Thus, in effect, this driver gets installed and loaded without even asking or notifying the user," explained the researchers. "Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected." Affected models and associated patches can be found here and here.

"While HP is releasing a patch (a fixed driver), it should be noted that the certificate has not yet been revoked at the time of writing," according to SentinelOne. "This is not considered best practice since the vulnerable driver can still be used in bring-your-own-vulnerable-driver (BYOVD) attacks." Some Windows machines may already have the vulnerable driver without even running a dedicated installation file, since it comes with Microsoft Windows via Windows Update.

"In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank," reports the BBC, "and came within an inch of success — it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee...

"It all started with a malfunctioning printer..." It was located inside a highly secure room on the 10th floor of the bank's main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank. When staff found it wasn't working, at 08:45 on Friday 5 February 2016, "we assumed it was a common problem just like any other day," duty manager Zubair Bin Huda later told police. "Such glitches had happened before." In fact, this was the first indication that Bangladesh Bank was in a lot of trouble. Hackers had broken into its computer networks, and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.

To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.... When the bank's staff rebooted the printer, they got some very worrying news. Spilling out of it were urgent messages from the Federal Reserve Bank in New York — the "Fed" — where Bangladesh keeps a US-dollar account. The Fed had received instructions, apparently from Bangladesh Bank, to drain the entire account — close to a billion dollars. The Bangladeshis tried to contact the Fed for clarification, but thanks to the hackers' very careful timing, they couldn't get through... The bank's HQ in Dhaka was beginning two days off. And when the Bangladeshis began to uncover the theft on Saturday, it was already the weekend in New York... And the hackers had another trick up their sleeve to buy even more time. Once they had transferred the money out of the Fed, they needed to send it somewhere. So they wired it to accounts they'd set up in Manila, the capital of the Philippines. And in 2016, Monday 8 February was the first day of the Lunar New Year, a national holiday across Asia...

They had had plenty of time to plan all of this, because it turns out the Lazarus Group had been lurking inside Bangladesh Bank's computer systems for a year... Once inside the bank's systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained... But they still had one final hurdle to clear — the printer on the 10th floor. Bangladesh Bank had created a paper back-up system to record all transfers made from its accounts. This record of transactions risked exposing the hackers' work instantly. And so they hacked into the software controlling it and took it out of action.

With their tracks covered, at 20:36 on Thursday 4 February 2016, the hackers began making their transfers — 35 in all, totalling $951m, almost the entire contents of Bangladesh Bank's New York Fed account.
There's more to the story — it's a whole episode on a 10-episode BBC World Service podcast which they're calling an example of "the new front line in a global battleground: a murky nexus of crime, espionage and nation-state power-mongering. And it's growing fast."

The story has a surprise ending — but alongo the way, the BBC's article points out that the consequences for the bank's governor were almost instant. "He was asked to resign," says U.S.-based cyber-security expert Rakesh Asthana. "I never saw him again."

A new printer called Forust is using scrap wood to 3D print wooden objects that are as structurally sound as regular carved wood. Created by Andrew Jeffery and a team of researchers at Desktop Metal, the printer prints using fine sawdust that is formed into solid objects. Gizmodo reports: The printer works similarly to an inkjet printer and squirts a binding agent onto a layer of sawdust. Like most 3D printers, the object rises out of the bed of sawdust and then, when complete, can be sanded and finished like regular wood. Jeffrey sees the system as a way to save trees. "Two years ago we started looking into how we might be able to 3D print in new material," he said. "Wood waste was one of the materials we started with early on and realized it could be repurposed and upcycled with 3D printing technology. From there, we focused on building out the process using wood byproducts in order to create real wood-crafted results. We formed the company really to save forests."