Retraction:
In the initial post I had stated that I thought that a Laser Printer at Digital Defense was hacked into. This was not the correct information! There was no breach nor was any system hacked into at DDI. I have since changed the post to reflect the correct information.
Got this from Computer World by Gregg Keizer, and WOW this is pretty big, kinda reminds me of Battlestar Gallactica, they did away with all networks because they could never be kept 100% safe, and yes tonights episode was awesome!!!!
February 6, 2009 (Computerworld) Hewlett-Packard Co. has warned owners of some of its laser printers to update their devices' firmware or risk having remote attackers access previously printed documents.
In an advisory published Wednesday, HP said users of certain LaserJet, Color LaserJet and Digital Sender models are affected, and it urged them to immediately download and install firmware upgrades.
The devices include 10 LaserJet models, ranging from the 2410 to the 9050; two Color LaserJet models; and the 9200C Digital Sender, a sheet-fed document scanner.
According to San Antonio-based Digital Defense Inc., the security company that reported the problem to HP last October, attackers can exploit a bug in the printers' Web-based control interface to "read arbitrary system configuration files, cached documents, etc."
Exploiting the vulnerability, the Digital Defense researchers said, is "trivial" with common Web server "directory traversal" tactics. A directory transversal attack is an HTTP-based exploit that lets attackers access restricted directories and execute commands outside of the server's root directory.
Adrien de Beaupre, an analyst at the SANS Institute's Internet Storm Center (ISC), also called for patching the printers. "The impact might not seem severe, as in the attacker can view the printer configuration; however, viewing cached versions of printed documents can be," said de Beaupre in an alert on the ISC site today.
Other than patching, the only other defense measure available is to disable access to the printers' online control interface, de Beaupre added.
HP listed the affected printers in a security bulletin, which also included instructions on how to download the firmware update.
With over 3,500 worldwide followers that support copiers, multifunctional devices and printers, the information that comes across our message boards is enormous. The latest selling techniques, strategies, future products from the manufacturers and rumors are daily posts on the message boards. www.p4photel.com
Saturday, February 7, 2009
HP Warns LaserJet users to patch printers
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment