On Tue, Nov 29, 2011 at 11:36 AM, Mike Sullivan <[email protected]> wrote: > This sounds like it could be a nightmare if all printer models are > affected.
The article is so short on real detail that any kind of technical analysis is impossible, but generally speaking, any network-connected device is a potential target. Their mention of firmware upgrade makes me suspect it's about an attacker replacing OEM firmware with something of their choosing. (Think SOHO routers and DD-WRT.) No reason that shouldn't be possible. Any firewall should prevent attacks direct from the Internet, so that's a bit much. But something that makes it past the perimeter would be a problem. Compromised machine plugs into your LAN, or browser exploit enabling secondary attacks, etc. I always set a management password on printers, even if it's something trivial. That will block most attacks right there. Now, unpatched bugs are another story. I expect this will be like most things, nobody cares until a big exploit hits, then eventually some management solutions evolve, after a lot of pain and loss. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
