ahgaber_rehan_at_yahoo.com wrote:
> I wonder if there is a tool that can enable a person to dump the print jobs , or data sent to Network Printers?
>
> Another question
>
> what would be the greatest risk if network admin leave Network printers without password protected.
>
> i can telnet to the printer, gain access to the configuration file, which can enable me to stop the printer function, changing network configuration.
> But istill see the greatest risk is getting the printed data. any one can advice on this ??
>
You would be surprised what an nmap of most printers will find. For non-HP low-end
to mid-range printers, you will find they are often running NetBSD. And this is
usually an ancient, unpatched version with known exploitable vulnerabilities.
If the printer is a high-end printer, it is probably running some unpatched version
of Windows or Solaris. Again, O/Ses with well known exploitable vulnerabilities.
You would be amazed how easy it is to take over a printer. Once you do, then it
becomes trivial to send a copy of all print jobs to some ftp server somewhere.
And try to get a printer manufacturer to get even 1/10000th a clue.
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
m: 843-224-2494
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on May 07 2008
Intro
