Main Area and Open Discussion > Living Room
A Gift for the Hackers - Documentary
40hz:
I'm glad to see that as I have had a long running battle with some fellow network techs over web-enabled devices. I was accused of being an encryption and VPN fanboy when I went ballistic over ePrint the first time I saw it. I'm constantly warning clients about this sort of thing and the risk it presents. Ditto for poorly secured webcams put in server or hub rooms and other high security areas.
Thx for the links to this. And thanks to KRO and the European agencies and businesses who discussed this issue with them in a rational and non-defensive manner. Had this investigation been conducted in the USA, a flurry of threats, lawsuits and possibly arrest warrants would have ensued - likely with the result this video would never have seen the light of day.
P.S. Somebody please tell this dweeb (who works for HP Netherlands) that his was one of the lamest comments ever made by anybody speaking on behalf of HP. (And that's saying something.) :-\
Stoic Joker:
I went ballistic over ePrint the first time I saw it. I'm constantly warning clients about this sort of thing and the risk it presents.-40hz (January 09, 2013, 01:47 PM)
--- End quote ---
I grilled the HP rep (at one of their tech shows) for an hour about that when it first came out. It works via passive polling, so the printer just checks its own Email address via the HP cloud server (which is where your print jobs are actually sent (eek!)). so over all it (ePrint) isn't really that bad.
Now the (personal cloud) WebScan feature the video was picking at - Holy crap! - Who's dumbassed idea was this feature?? Why would anyone need to remotely scan anything?? The document would need to be manually loaded by someone who could just as easily have email the %&$^ thing to you instead of pull-scanning it across town with some silly gadget. That's just daft!
It most likely requires/leverages UPnP which is another insanely dangerous idea that I immediately disable on sight.
P.S. Somebody please tell this dweeb (who works for HP Netherlands) that his was one of the lamest comments ever made by anybody speaking on behalf of HP.-40hz (January 09, 2013, 01:47 PM)
--- End quote ---
That's just freakin' shameful ain't it? His car analogy was equally stupid if you really think about it as well.
40hz:
I went ballistic over ePrint the first time I saw it. I'm constantly warning clients about this sort of thing and the risk it presents.-40hz (January 09, 2013, 01:47 PM)
--- End quote ---
I grilled the HP rep (at one of their tech shows) for an hour about that when it first came out. It works via passive polling, so the printer just checks its own Email address via the HP cloud server (which is where your print jobs are actually sent (eek!)). so over all it (ePrint) isn't really that bad.
-Stoic Joker (January 09, 2013, 02:09 PM)
--- End quote ---
Yeah, it was "explained" that way to me too, and I wasn't all that concerned at that point. Just annoyed. What I really took issue with was what it represented since I figured it was just the tip of the iceberg if it went over well on the consumer level. The concerns with Ricoh over their big networked scanners were a lot more serious since about half my clients use those. I still have to argue with clients about why they really needed to put up with the "hassle" of using passwords on those. Especially when the big boss's assistant keeps bitching about having to enter a 4-dgit PIN ("It's soooo hard to remember those things!") to scan or make a copy - which is much the same thing on these devices. Even worse is fighting with them about why they really do want to require a PIN in order to directly e-mail something from one of these puppies.
8)
It most likely requires/leverages UPnP which is another insanely dangerous idea that I immediately disable on sight.
-Stoic Joker (January 09, 2013, 02:09 PM)
--- End quote ---
+1. Don't even get me going on that bit of software engineering brilliance. ;D
Renegade:
@Renegade - Any idea where this video originated/how one could find some of the research details for this project?
-Stoic Joker (January 09, 2013, 12:22 PM)
--- End quote ---
I think it's originally from a Dutch TV station. I'm not sure if they'd put out their research details as they're rather dangerous and open to abuse. You could probably find some by searching on "hp printer remote exploit". ;D
Had this investigation been conducted in the USA, a flurry of threats, lawsuits and possibly arrest warrants would have ensued - likely with the result this video would never have seen the light of day.
-40hz (January 09, 2013, 01:47 PM)
--- End quote ---
Thing there is, with IOmega (EMC), the European offices stonewalled them, but the US office actually responded. That was just one case in there though. A lot of companies stonewalled them. HP was much more forthcoming than some others.
But yeah, these kinds of things tend to get tanked fairly regularly.
Stoic Joker:
The concerns with Ricoh over their big networked scanners were a lot more serious since about half my clients use those.-40hz (January 09, 2013, 02:29 PM)
--- End quote ---
Yeah, that one had me a bit puzzled actually. What is Ricoh doing...running IPP via DMZ?? Why are these things even on the public surface of the network in the first place? They don't need to be for any reason I can think of. None of the (currently business sheik...) Digital Sending Services require this kind of exposure...so why are they getting it?
Seriously - I seldom deal with Ricoh much (HP/Xerox/Toshiba/Lexmark, yes constantly) - I'm hoping you've actually seen one of these insanity rigs and can tell me how badly they're exposing what.
On a side note: It seems that from what I've seen, about 90% of the companies that have one of those huge assed comercial copiers don't really need anything nearly that big. Does that track with your area also...or do companies tend to run large(r/ish) in your part of the country?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version