Where are the Cylons when you need 'em, huh? On Tue, Nov 29, 2011 at 1:48 PM, Ziots, Edward <[email protected]> wrote:
> Honestly, **** > > ** ** > > I would possibly expect that any network device that takes unauthenticated > and unsolicited input could be vulnerable to these type of attacks. Also > give the “less than secure” web interfaces they wrap around these printers. > **** > > ** ** > > /Evil hacker hat on. **** > > ** ** > > Now basically think if the underlying os that the printer is using is Nix, > and the website is running under root process and you are able to XSS/SQLi > attack the interface ( fire up metasploit or W3af and have a ball trying, > or something more crafted with a web fuzz like the burp-suite) and gain > root, drop your rootkit which sets up a backdoor process that sends a copy > of each print job out to a remote site ( sure because a lot aren’t doing > egress filtering of traffic especially from hosts they feel are on the > “trust” network. **** > > ** ** > > Now think of all the push to electronic medical records and pdf’s of > sensitive items that is being pushed by the federal govt as part of > compliance and meaningful use mandates, and having a copy of this > information out on the hackers site, its an appetite for easy Identity > theft and a slew of other issues. **** > > ** ** > > /Evil Hacker hat off. **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > email:[email protected]**** > > phone:401-639-3505 **** > > [image: CISSP_logo]**** > > ** ** > > *From:* MMF [mailto:[email protected]] > *Sent:* Tuesday, November 29, 2011 12:22 PM > > *To:* NT System Admin Issues > *Subject:* Re: Millions of printers open to devastating hack attack, > researchers say**** > > ** ** > > It appears that this affects only Laser Printers according to the article. > Anyone heard anything further as to inkjet printers not being affected? > Also, the new E-Print HP printers have their own “email address”, so would > that have any impact, not to mention wireless printers?**** > > **** > > Mfree**** > > **** > > *From:* Mike Sullivan <[email protected]> **** > > *Sent:* Tuesday, November 29, 2011 10:36 AM**** > > *To:* NT System Admin Issues <[email protected]> **** > > *Subject:* Millions of printers open to devastating hack attack, > researchers say**** > > **** > > This sounds like it could be a nightmare if all printer models are > affected. **** > > **** > > > http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say > **** > > **** > > -- **** > > Thank you,**** > > Mike Sullivan > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image002.jpg>>
