May I refer to the document at http://freshmeat.net/articles/view/445/ which contains a very good analysis of printer security risks, which are usually totally ignored because "it's just a printer", when most modern printers are full network servers with full operating systems (VXworks, QNX, other.) underneath. Others have PostScript, which is an environment all to itself. On 12 Oct 2002, John Beuke wrote: > In-Reply-To: <gu97kpfevo7.fsfat_private> > > other parts of the enterprise? Some of the data I have read state that > attacking the printer mib using the community string for the printer will > only allow attackers to joy ride around the print server and printers. > Then other data state that the printers community string will allow > attackers to obtain the http passwords and other network access password. > 99% of those devices listed were just HP printers and did not state that > these printers had the ability to network scan, scan to email, or scan to -- Mark Tinberg <MTinbergat_private> Network Security Engineer, SecurePipe Inc. Remember: Wherever you go, there you are! Key fingerprint = AF6B 0294 EE33 D802 F7A1 38A4 CF52 5FE0 7470 E5F7 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 10:32:27 PDT