print4pay Hotel's "MFP Solutions Blog": HP Warns LaserJet users to patch printers

Saturday, February 7, 2009

HP Warns LaserJet users to patch printers

Retraction:

In the initial post I had stated that I thought that a Laser Printer at Digital Defense was hacked into. This was not the correct information! There was no breach nor was any system hacked into at DDI. I have since changed the post to reflect the correct information.

Got this from Computer World by Gregg Keizer, and WOW this is pretty big, kinda reminds me of Battlestar Gallactica, they did away with all networks because they could never be kept 100% safe, and yes tonights episode was awesome!!!!

February 6, 2009 (Computerworld) Hewlett-Packard Co. has warned owners of some of its laser printers to update their devices' firmware or risk having remote attackers access previously printed documents.

In an advisory published Wednesday, HP said users of certain LaserJet, Color LaserJet and Digital Sender models are affected, and it urged them to immediately download and install firmware upgrades.

The devices include 10 LaserJet models, ranging from the 2410 to the 9050; two Color LaserJet models; and the 9200C Digital Sender, a sheet-fed document scanner.

According to San Antonio-based Digital Defense Inc., the security company that reported the problem to HP last October, attackers can exploit a bug in the printers' Web-based control interface to "read arbitrary system configuration files, cached documents, etc."

Exploiting the vulnerability, the Digital Defense researchers said, is "trivial" with common Web server "directory traversal" tactics. A directory transversal attack is an HTTP-based exploit that lets attackers access restricted directories and execute commands outside of the server's root directory.

Adrien de Beaupre, an analyst at the SANS Institute's Internet Storm Center (ISC), also called for patching the printers. "The impact might not seem severe, as in the attacker can view the printer configuration; however, viewing cached versions of printed documents can be," said de Beaupre in an alert on the ISC site today.

Other than patching, the only other defense measure available is to disable access to the printers' online control interface, de Beaupre added.

HP listed the affected printers in a security bulletin, which also included instructions on how to download the firmware update.

No comments:

What Our Members Say

Dealer in Kenner, LA
I just wanted to thank you for your website!

Your maintenance figures on the 8830 were right on the money!

Dealer is Des Moines, Iowa
The past 3 years have been very educational thanks to you and the community you created!

BBC in Australia
I know you are a very busy man and I need to get all of my people nationally to join and be involved in the best site in the world.

Dealer in Texas
I think there is quite a bit of valuable information on the site. I'm impressed at the work put into the site, and the collaboration you have among members to provide all the information. It was worth my initial investment, so when it expires I'll probably just sign up for the year membership. Glad I stumbled across your site!

Dealer in California
Art, could not agree more. Have a great Thanksgiving and thank you for all the information you post.

Dealer in NY
Thanks Art for all that you do.

Dealer in Arizona
Thanks also for the time you spend making this site as good as it is!

Dealer in Florida
Happy Thanksgiving to all members of the P4P Hotel. Art, your work ethic is amazing. Thank you for everything you do to help us all.

Dealer in South Africa
Well done!

Dealer in Delaware
best site ever. and it keeps gettng better as it seems that no one snobs anyone so its the right place to communicate news and ask for help when needeed as well as aid anyway one can

Dealer in Texas
This is awesome and exactly the kind of information this site needs to make accessible.

Dealer in PA
I wouldn't have been able to do this with out the support and knowledge that everyone shares on this site.

Dealer in Washington
Dear P4P Hotel Administrators - Just wanted to drop you a line and let you know I have changed positions and have left the office equipment technologies industry. I have taken on a new role in the teleconferencing and web conferencing industry as of June of this year. The service you have and are providing is INVALUABLE. Any RFG consultant/rep worth their salt should be utilizing your site. I would highly recommend you charge a reasonable fee for these services, as the information you provide from around the world cannot be packaged adequately by the manufacturers. Other associations from other industries charge for memberships; this is a very small investment that provides tremendous "down-in-the-trenches" resources to the members.

Dealer in California
I really like your site……a lot of good info and we are all in sales regardless if we are technically selling daily.

Dealer in Wisconsin
I came to know Art many years ago when he had the vision and creativity to develop the P4P Hotel website where people around the world could blog, post questions, get answers and find knowledge they needed to better perform in their jobs. Personally, I have greatly benefitted from his site in helping me to get the information I needed to help current customer or win deals in my role as a product specialist. I don't know the numbers, but there I would estimate there are thousands of users around the world that use the site. On occasion, I have talked to Art personally to discuss a few things and he was very helpful and the conversations assisted me in securing business. He is very knowledgeable in what he does but also has the interest and desire to help others in the industry. I know of no other site such as the one that Art developed and it has been a huge success. Sometimes companies will put together a site where employees can interact and get information but the site Art created has brought people together from around the world and with diverse backgrounds. Art is a person who has vision & creativity, dedication to take the time to put together and manage the site in addition to performing other roles he has. He is a person that believes in himself and his capabilities and puts them to good use going above and beyond what is expected. I would highly recommend Art to anyone looking for a go-getter and needs someone with vision and dedication

Dealer in NJ
I've been a big fan of Art's for many years. He is arguably the go to guy in the industry for market insight and product knowledge. The P4P website is a labor of love, and it's appreciated by fellow sales professionals looking to improve their game. I would recommend Art without hesitation.

Dealer in Mass
I have known Art Post for several years. I got to know him first by reading the P4PayHotel. Which is a great resource for anyone who is in the industry. Art has established great relationships with many of the movers and shakers both with the Dealer community and the direct community. Art truly knows the "copier" industry. He is a real sales professional, with toner in his blood. I highly recommend him to you!

Dealer in Canada
Art is one of the most knowledgeable and thoughtful document reps I have ever known. He puts untold hours into helping our industry understand current and future trends. Somehow he continues to support and service a strong group of clients for the dealership where he works as well. Art is the ultimate in professional print solutions sales.

Dealer in PA
Art Post, a seasoned member of the Office Equipment business has been instrumental in providing industry related content, opinion and opportunity to the rest of us via the P4P Hotel collection of sites, blogs and forums. Originally dedicated to Ricoh related information, the P4P Hotel has over the years, evolved into a brand agnostic source for everything from equipment RFPs to the latest in content management applications to guest contributors evangelizing on their latest project successes. I have had the pleasure of knowing Art for the better part of the last 10 years. First through the P4P Hotel and later more directly, when we both worked for the same Mid-Atlantic dealership. Art’s professional dedication to his sales responsibilities coupled with his unwavering commitment to supporting the thousands of visitors to the P4P Hotel are important inspirations to the industry and all of its members.

Senior Analyst
Art is one of the most driven, knowledgeable, and connected people I have worked with in the industry. In addition to his decades of experience on the sales side of the office machine business, Art's P4P Hotel has brought together thousands of sales professionals and serves as one of the best platforms for sharing information and advice in the industry. I am a better analyst because of Art and the P4P Hotel.

Dealer in NY
Art is great to work with. He was very creative in finding ways to help my business grow. As a result, I was able to generate several leads and gain greater acceptance of my products in the industry.

Dealer in Indiana
Art: your P4P Hotel site as been a mainstay for the copier industry. Thanks for a great tool and education device for all office equipment sales people.

Dealer in Georgia
Art is tremendously well rounded at the skill of docusultancy. He also is able to bring thousands of like minded professionals together to discuss strategies for success. I highly recommend him as a true sales professional and an innovative fellow entrepreneur.

Dealer in NJ
In an industry that is mature and saturated, Art is, indeed, a rare breed. He is truly entrepreneurial in his business approach, he is thoroughly knowledgeable about the digital imaging business and his P4P Hotel is an honest and credible necessity.

Welcome to the MFP Solutions Blog

We are connected! With over 2,300 worldwide members, the information that comes across the message boards is enormous. The latest selling techniques, strategies, future products from the manufacturers and rumors are daily posts on the message boards. Plain and simple we're connected with right people!

P4PHotel was envisioned as a means to satisfy our “Need for Knowledge” for the Copier Industry. We have developed this site for the Digital Imaging Specialist to share information and to find answers quickly! P4PHotel is a place to store our knowledge, share and make searchable our knowledge, while sharing inspirations, ideas and our passion for our industry.

The P4P currently has over 2,200 members from 135 countries and has grown to include message boards for Ricoh Family Group, Canon, Konica Minolta, Kyocera, Sharp,OCE, Panasonic, Muratec, Toshiba, HP, Oki, Lexmark, InfoPrint and Xerox. Whether you are in Sales, Service or Customer Support with either a Dealer or a Manufacturer there is a place for you to call home at the P4PHotel!

Pages

Saturday, February 7, 2009

HP Warns LaserJet users to patch printers

No comments: