This is the final information concerning the QMS2060 security hole, that I published here some time ago. Just to refresh your memory: If you establish a password file in the QMS2060 networked printer, everyone will be required to enter password to gain an access to the printer EXCEPT root. Anyone can log in as root with ANY password and consequently change or delete the password file altogether. After lengthy investigation with the QMS customer support it became apparent, that this it not a bug but a feature. In order to make root password protected one has to buy a "security key", which is a little DB-9 plug (sort of a dongle), which is plugged in the matching connector at the rear of the printer. One can then establish a root password. BTW the DB-9 dongle costs CDN$177.10 !!!!! <comment> It boggles the mind that the manufacturer would make a root password protection an option. I would have thought, that root password protection should be a default, with the password protection of user accounts an option. Needless to say that this has been the last QMS product this Department will ever buy. </comment> Frank Bures, Dept. of Chemistry, University of Toronto, M5S 3H6 fburesat_private http://frank.chem.utoronto.ca/electronics
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:17 PDT