My friend Michael Tomko, pointed this out to me:

Since 2007, The Luminary Center for the Arts has been bringing the city of St. Louis innovative art, music and cultural projects. Now they are taking to Kickstarter to help with the purchase of a new building on Cherokee Street that they hope will become a unique incubator for the arts in the city.

Here’s what they say on Kickstarter:

The Luminary is purchasing a 22,500 sq/ft building (a former variety store) on Cherokee Street. Not only will the space allow our award-winning concerts and exhibits to expand, but we will also have on-site housing and studios for international artists-in-residence, classroom and workshop space for more public programs and a host of other resources for the creative community. However, our real goal is to help build one of the most vibrant arts communities in the country. And, with your help, we think we will.

They need a lot of help, and are giving away some cool rewards for project backers. Please check it out at that Kickstarter link above.

Keep reading: The Luminary Moves to Cherokee Street

Cory Doctorow at Boing Boing brought deeper attention today to a story that has been making news for a few weeks, including here, about HP printers being vulnerable to hackers.

The story was sensationalized – with the common takeaway being that hackers could gain control of your printers and turn them into fireballs. However, that is actually not possible, and further, it is missing the point; and the point is actually much more frightening. Here’s what Doctorow says on Boing Boing:

One of the most mind-blowing presentations at this year’s Chaos Communications Congress (28C3) was Ang Cui’s Print Me If You Dare, in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers. Cui discovered that he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. As part of his presentation, he performed two demonstrations: in the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet; in the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall (I got shivers).

The video is long, and a bit technical, but it is presented in an entertaining fashion, and it is enlightening. If you are responsible for the security of a LAN, make some time.

Keep reading: Printer Malware: HP Printer hack explained in frightening detail

MSNBC issued a report warning of a flaw in HP’s printer firmware update procedures that could expose your company’s printers to hackers. The headline was clearly meant to scare: Exclusive: Millions of printers open to devastating hack attack, researchers say.

Scared yet?

No?

Maybe this will get you startled…

Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?

Could a hacker really burn down your office by gaining control of your printer?

Theoretically, according to InfoWorld, but…it would be unlikely:

So what exactly is the problem?

According to InfoWorld, the root of the problem comes from the way HP printers validate firmware updates prior to applying them. Or more accurately, the way HP printers don’t bother to validate firmware updates prior to applying them: HP doesn’t require authentication for firmware updates — no code signing, no validation, no password or manual supervisor intervention prior to a firmware patch being installed. Once the printer’s firmware has been altered, Internet-accessible printers could, in theory, contact a malicious website and receive instructions. It’s conceivable that a subverted printer could send copies of the documents being printed. One could even envision a botnet run on printers, not PCs

So, how to protect yourself and your printers?

Salvatore Solfo, a professor at Columbia, and Ang Cui, a doctoral student, have been looking at security holes with HP printer firmware. It’s entirely possible that similar vulnerabilities exist with other printers, so don’t take this flaw as an indictment of HP — yet.

They recommend that if you have any printers on your corporate firewall’s outbound whitelist, take them off. They shouldn’t be there. Cui and Voris have an outline with additional points: “Firewall off all printer ports from the internet (won’t stop users who can legitimately print) 9100, 3910, FTP, HTTP, etc” and “update CUPS filters to strip out jobs that contain firmware updates (won’t stop standard obfuscation techniques like HexAsciiEncode, etc).”

Also, don’t count on your antivirus software to protect you, as none can identify infected remote firmware update files, nor do their file scanners even look for printer firmware. HP is said to be aware of the problem, but has had no comment to date.

Keep reading: HP printers vulnerable to hackers – but here’s how to protect yourself