Mind-boggling presentation on HP Printer vulnerabilities

[Mercutio]

... and I just thought it was amusing to print out pages of solid color.

There's a white paper there, but the short version is that the author was able to make a network printer copy documents sent to print to a remote server, or to just a compromised printer to scan a LAN, find and break in to a PC and then set up a proxy host.

Scary.

 

[ddrueding]

Very. Not much I can do about that. Go to local printers only? Declare the entire LAN insecure and outsource as much as possible (payroll)?

 

[Mercutio]

I don't know how anyone could seriously consider going back to local-only printers, especially given the level of utility available in commercial document center-type copiers.

 

[ddrueding]

Quite so, but I can't imagine those are much safer.

 

[Mercutio]

I doubt that they're safer at all. The book I use to teach CompTIA Security+ even hand-waves the possibility of network level security for printers. Security is discussed, but generally in the context of document retention and disposal. There's actually a sentence to the effect that there aren't any reasons to compromise a LAN printer.

I suspect that, like Apple, major printer vendors will continue to have pass even in the minds of IT personnel for many years to come.

 

[snowhiker]

Same story...with Youtube link.

http://boingboing.net/2011/12/30/printer-malware-print-a-malic.html

 

[sechs]

How come this kind of crap never seems to happen on PS printers, only PCL?

 

[Mercutio]

Know how I know you didn't click any of the links?

 

[ddrueding]

I do like the bit about postscript being a turing-complete language and having the PS generate the exploit on the fly to bypass filters. That was awesome.

 

[sechs]

Know how I know you didn't click any of the links?

Do you know how I that you're wrong?

 

[sechs]

I do like the bit about postscript being a turing-complete language and having the PS generate the exploit on the fly to bypass filters. That was awesome.

Postscript printers should have been hacked six ways to Sunday by now, but it doesn't seem to be a problem.

I had an acquaintance in college who implemented an operating system in Postscript for a class. Unfortunately, all output had to be printed; troubleshooting was apparently a bitch.

 

[Clocker]

So, if my network is otherwise clean, is my HP inkjet All-in-one printer at risk of internet attack if it is behind/attached to my Tomato based router/firewall?

 

[Clocker]

That site says the vulnerability is patched but I could only find patches for LaserJet printers. Only Laserjets are affected? I have an HP OfficeJet Pro 8500 (inkjet)..... Thanks for any advice you guys can provide!

Clocker

 

[ddrueding]

To this exact exploit you are probably safe. But I would consider any device connected to a network that is not being actively monitored by up-to-date antivirus software as "vulnerable". Of course, there is nothing you can do, so just grin and carry on

 

[Mercutio]

To this exact exploit you are probably safe. But I would consider any device connected to a network that is not being actively monitored by up-to-date antivirus software as "vulnerable".

It's not utterly beyond the realm of possibility that a mid-level engineer at a multinational corporation could be targeted for some kind of industrial espionage, but honestly that's definitely on the paranoid side of things.

I do think we all know that antivirus software isn't terribly effective under the best circumstances, and further that properly speaking, AV software doesn't detect or protect from all threats.

Nope, the proper term for the thingie you want looking out for you is a Network Intrusion Prevention System (NIPS) or Intrusion Detection System (NIDS). If you really feel the need to do it, Snort is a free download, but you need a host that speaks *nix to run it on.

 

[Clocker]

I have an Asus RT-N16, pretty underutilized just running Tomato. I wonder if I could install something on that?

 

[Mercutio]

Snort runs on dd WRT and OpenWRT. It probably works on Tomato as well, but I'm really not familiar with that at all.