Support in other languages: 
Reply
Fanfold Paper
grsamf
Posts: 1
Registered: ‎11-28-2011
Location: Spokane, wa

A timely bit of security news

Just in time for the Malware & Security Event, MSNBC reports that researchers at Columbia University claim to have "discovered a new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies."  The flaw exists in HP printers, and perhaps others, and the researchers claim it could allow criminals to remotely control the printer with a list of horribles that could follow.

 

Original MSNBC article:  http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devasta...

 

Follow up on InfoWorld: http://www.infoworld.com/t/hacking/security-researchers-say-hp-printers-vulnerable-hackers-180253

==============================
Administrator, SpywareHammer.com
Mentor, SpywareHammer Academy
topmahof
Posts: 3,121
Topics: 36
Kudos: 337
Solutions: 227
Registered: ‎01-21-2010
Location: Etters, PA
0

Re: A timely bit of security news

Hi grsamf and welcome to the Community,

 

Wow, that opens up a whole new nest of worms!  

 

I was going to open a thread here about the security of print servers.  I guess I don't have to now.

I'm out and about doing service calls all day and I use a repeater to connect to unsecured networks to check parts orders or to order parts while I'm on the road and I see Print server networks and ad-hoc networks that are unsecured.

 

I always wondered how secure these networks were for their owners.  I suppose not very secure at all.

 

According to the article, the printer doesn't even have to be connected to the internet, if it is connected to my computer by usb and my computer is online, it's vulnerable.

 

I just unplugged all my printers.

 

Dave 

_______________________________________________________
T430u, x200T, 2-x61Ts, 2-x61s, 2-x60Ts, x32, x41T, x40, U160, ThinkPad Tablet 1838-22R, Z500 touch

Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
If someone helped you today, pay it forward. Help Someone Else!
Bugbatter
Posts: 669
Registered: ‎05-01-2010
Location: USA
0

Re: A timely bit of security news

Sophos has an update on this topic today:

http://nakedsecurity.sophos.com/2011/11/30/flaming-retort-putting-out-the-hp-printer-fires/


If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.

Microsoft MVP - Consumer Security

SpywareHammer

Microsoft MVP
Corrine
Posts: 66
Registered: ‎11-03-2011
Location: Upstate, NY

Re: A timely bit of security news

HP Press Release:  HP Refutes Inaccurate Claims; Clarifies on Printer Security

 

 

Microsoft MVP, Consumer Security
Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
Twitter: http://twitter.com/SecurityGarden
Security Information and Malware Removal @LandzDown Forum
topmahof
Posts: 3,121
Topics: 36
Kudos: 337
Solutions: 227
Registered: ‎01-21-2010
Location: Etters, PA
0

Re: A timely bit of security news

Okay,

 

I plugged ONE back in.

_______________________________________________________
T430u, x200T, 2-x61Ts, 2-x61s, 2-x60Ts, x32, x41T, x40, U160, ThinkPad Tablet 1838-22R, Z500 touch

Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
If someone helped you today, pay it forward. Help Someone Else!
goretsky
Posts: 1,895
Topics: 18
Kudos: 342
Solutions: 129
Registered: ‎12-01-2007
Location: California, USA
0

Re: A timely bit of security news

Hello,

 

I just read the MSNBC article and corresponding commentaries.

 

I find the concept of a printer being attacked from the public Internet to be rather strange.  Most organizations have firewalls, and private internal networks to ensure that their computers cannot be accessed from the public Internet. 

 

Why an organization would configure a printer so that it was Internet accessible is incomprehensible to met. 

 

I think it is very likely that the printers the researchers discovered on the public Internet, were, in fact, public network segments that just happened to contain printers, in addition to computers and other intelligent devices.  Although it is hard to conceive of computers having direct network connections these days in lieu of IPv4 scarcity, RFC-1918 and technologies like NAT, there may still be some agencies operating with publicly-routable connections on their "internal" networks.

 

I don't know how many of the 100,000,000 LaserJet printers Hewlett-Packard has sold are still operational and on the public Internet, the fact that the researchers claim to have identified 40,000 hosts means a potential damaged population of 0.0004%, I believe.

 

While I do not doubt that there is a workable attack here and that other networked devices may be affected, it seems premature to predict the potential for a pandemic based on the currently available information.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
S230u (3347-4HU)X220 (4286-CTO)W510 (4318-CTO)W530 (2441-4R3)X120e (0596-CTO)T61p (6459-CTO)T43p (2678-H7U)T42 (2378-R4U)T23 (2648-LU7)
de.gif  Deutsche Community es.gif  Comunidad en Español