Mind-boggling presentation on HP Printer vulnerabilities

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
Very. Not much I can do about that. Go to local printers only? Declare the entire LAN insecure and outsource as much as possible (payroll)?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
I don't know how anyone could seriously consider going back to local-only printers, especially given the level of utility available in commercial document center-type copiers.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
I doubt that they're safer at all. The book I use to teach CompTIA Security+ even hand-waves the possibility of network level security for printers. Security is discussed, but generally in the context of document retention and disposal. There's actually a sentence to the effect that there aren't any reasons to compromise a LAN printer.

I suspect that, like Apple, major printer vendors will continue to have pass even in the minds of IT personnel for many years to come.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
How come this kind of crap never seems to happen on PS printers, only PCL?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
I do like the bit about postscript being a turing-complete language and having the PS generate the exploit on the fly to bypass filters. That was awesome.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
I do like the bit about postscript being a turing-complete language and having the PS generate the exploit on the fly to bypass filters. That was awesome.
Postscript printers should have been hacked six ways to Sunday by now, but it doesn't seem to be a problem.

I had an acquaintance in college who implemented an operating system in Postscript for a class. Unfortunately, all output had to be printed; troubleshooting was apparently a bitch.
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
So, if my network is otherwise clean, is my HP inkjet All-in-one printer at risk of internet attack if it is behind/attached to my Tomato based router/firewall?
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
That site says the vulnerability is patched but I could only find patches for LaserJet printers. Only Laserjets are affected? I have an HP OfficeJet Pro 8500 (inkjet)..... Thanks for any advice you guys can provide!

Clocker
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
To this exact exploit you are probably safe. But I would consider any device connected to a network that is not being actively monitored by up-to-date antivirus software as "vulnerable". Of course, there is nothing you can do, so just grin and carry on ;)
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
To this exact exploit you are probably safe. But I would consider any device connected to a network that is not being actively monitored by up-to-date antivirus software as "vulnerable".

It's not utterly beyond the realm of possibility that a mid-level engineer at a multinational corporation could be targeted for some kind of industrial espionage, but honestly that's definitely on the paranoid side of things.

I do think we all know that antivirus software isn't terribly effective under the best circumstances, and further that properly speaking, AV software doesn't detect or protect from all threats.

Nope, the proper term for the thingie you want looking out for you is a Network Intrusion Prevention System (NIPS) or Intrusion Detection System (NIDS). If you really feel the need to do it, Snort is a free download, but you need a host that speaks *nix to run it on.
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
I have an Asus RT-N16, pretty underutilized just running Tomato. I wonder if I could install something on that?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Snort runs on dd WRT and OpenWRT. It probably works on Tomato as well, but I'm really not familiar with that at all.
 
Top