Showing results for 
Search instead for 
Did you mean: 
Fanfold Paper
Posts: 1
Location: Spokane, wa
Views: 671
Message 1 of 6

A timely bit of security news

Just in time for the Malware & Security Event, MSNBC reports that researchers at Columbia University claim to have "discovered a new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies."  The flaw exists in HP printers, and perhaps others, and the researchers claim it could allow criminals to remotely control the printer with a list of horribles that could follow.


Original MSNBC article:


Follow up on InfoWorld:

Mentor, SpywareHammer Academy
Community SeniorMod
Community SeniorMod
Posts: 3,852
Location: US
Views: 649
Message 2 of 6

Re: A timely bit of security news

Hi grsamf and welcome to the Community,


Wow, that opens up a whole new nest of worms!  


I was going to open a thread here about the security of print servers.  I guess I don't have to now.

I'm out and about doing service calls all day and I use a repeater to connect to unsecured networks to check parts orders or to order parts while I'm on the road and I see Print server networks and ad-hoc networks that are unsecured.


I always wondered how secure these networks were for their owners.  I suppose not very secure at all.


According to the article, the printer doesn't even have to be connected to the internet, if it is connected to my computer by usb and my computer is online, it's vulnerable.


I just unplugged all my printers.



Community SeniorMod
Community SeniorMod
Posts: 1,863
Location: US
Views: 607
Message 3 of 6

Re: A timely bit of security news

Sophos has an update on this topic today:

Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.


Corrine Microsoft MVP
Microsoft MVP
Posts: 66
Location: Upstate, NY
Views: 570
Message 4 of 6

Re: A timely bit of security news

HP Press Release:  HP Refutes Inaccurate Claims; Clarifies on Printer Security



Microsoft MVP, Consumer Security
Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
Security Information and Malware Removal @LandzDown Forum
Community SeniorMod
Community SeniorMod
Posts: 3,852
Location: US
Views: 550
Message 5 of 6

Re: A timely bit of security news



I plugged ONE back in.

Community SeniorMod
Community SeniorMod
Posts: 3,067
Location: US
Views: 525
Message 6 of 6

Re: A timely bit of security news



I just read the MSNBC article and corresponding commentaries.


I find the concept of a printer being attacked from the public Internet to be rather strange.  Most organizations have firewalls, and private internal networks to ensure that their computers cannot be accessed from the public Internet. 


Why an organization would configure a printer so that it was Internet accessible is incomprehensible to met. 


I think it is very likely that the printers the researchers discovered on the public Internet, were, in fact, public network segments that just happened to contain printers, in addition to computers and other intelligent devices.  Although it is hard to conceive of computers having direct network connections these days in lieu of IPv4 scarcity, RFC-1918 and technologies like NAT, there may still be some agencies operating with publicly-routable connections on their "internal" networks.


I don't know how many of the 100,000,000 LaserJet printers Hewlett-Packard has sold are still operational and on the public Internet, the fact that the researchers claim to have identified 40,000 hosts means a potential damaged population of 0.0004%, I believe.


While I do not doubt that there is a workable attack here and that other networked devices may be affected, it seems premature to predict the potential for a pandemic based on the currently available information.




Aryeh Goretsky


I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

de.gif Deutsche Community es.gif Comunidad en Español ru.gif Русскоязычное Сообщество pt.gif Communidade Portugues
Top Kudoed Authors