Main Area and Open Discussion > Living Room

A Gift for the Hackers - Documentary

<< < (5/8) > >>

Stoic Joker:
Allowing for Kerboros authentication along with the "dead data" auto-overwrite and HD encryption eliminated most of my concerns. But it does have a full doc server, web interface, and allows FTP so I'm sure you could do something stupid to leave holes open. There's plenty of resources available for a hacker to work with. Plus it has a scan to direct email feature I'm still not happy about. Way too easy to slip a confidential document out of an office with few being any the wiser unless they're religious about checking logs. Just slip it in between a a few regular copy or scan jobs and put it back in the files when you're done. A fax transmission is fairly easy to trace. But dumping something in a temporary email account makes it available for pickup anywhere on the globe.-40hz (January 09, 2013, 08:19 PM)
--- End quote ---

Sure all of the Multi Function Printers these days have a Swiss Army Knife load of protocols and possibilities for connecting to internal systems. But why would anyone in they're right mind expose any of these on the external surface of the network (internet - for those not familiar with the other term)? That's just completely insane! And by the sound of the video, the was something they were effecting with/by a default install ... I just can't get my head around it.

40hz:
^It's the way it gets marketed. It's presented as all "feature" with no risk or responsibility attached. It also hearkens back to a more naive mindset. Much like Microsoft being so blissfully unwilling to acknowledge WAN when they designed their early network software. I think they really only considered physical wires running in secure buildings with everybody connected to a totally isolated Windows network under a domain controller.

That "problem" actually permeates our entire network topology. It was designed in a  more innocent time. Security has since been mostly bolted and slathered on rather than integrated into the core design with most systems. As a result we have layers and layers of abstraction all passing datagrams back and forth. It's ultimately a house of cards. And all that complexity leaves plenty of back corners for people to get in and do their funny business.

Unfortunately, there's also the practical issues of "ease of accessibility" vs "secure computing." The two don't have to be mutually exclusive. But most people can't be bothered, so one or the other usually becomes the rule - with the preference almost universally choosing whats "easy" over whats secure.

What's really needed is for us to...ahhh screw it!...never mind. We can only work with what we're given and try to do the best we can. :-\

40hz:
Man, you guys sure know a lot about this stuff.  Now I feel inadequate  :(.
-superboyac (January 10, 2013, 08:47 AM)
--- End quote ---


Don't be. Nobody is an 'expert' on system security these days unless it's their full-time job. There's just too much going on and far too much to know to do it part-time any more. I'm sure I'd be much happier, and sleep better most nights, if I didn't know what relatively little I do know about this topic.
 ;D 8)

Stoic Joker:
^It's the way it gets marketed. It's presented as all "feature" with no risk or responsibility attached. It also hearkens back to a more naive mindset. Much like Microsoft being so blissfully unwilling to acknowledge WAN when they designed their early network software ...-40hz (January 10, 2013, 12:54 PM)
--- End quote ---

Wow! a NetBEUI crack?  :D (Last seen in the XP install CD's Tools folder) ...That's kind of Dark (ages) Humor isn't it?

I get the state of the industry stuff ... I was more looking for what service(s) were the Ricoh's most likely to be exposing to the web. Because in a larger - actually needs a device that size - network there should be an IT staff that had to also be guilty of conjuring up this dangerous configuration.

...and yes I am looking for ideas on where to go poking around at some of the live web carnage ... as it is actually part of my job. (e.g. I made the brass watch the video ... and now they want me to (um...) explore it in depth.)

Stoic Joker:
Man, you guys sure know a lot about this stuff.  Now I feel inadequate  :(.
-superboyac (January 10, 2013, 08:47 AM)
--- End quote ---


Don't be. Nobody is an 'expert' on system security these days unless it's their full-time job. There's just too much going on and far too much to know to do it part-time any more. I'm sure I'd be much happier, and sleep better most nights, if I didn't know what relatively little I do know about this topic.-40hz (January 10, 2013, 12:59 PM)
--- End quote ---

+1 - I too occasionally yearn for blissful ignorance. ;)

Navigation

[0] Message Index

[#] Next page

[*] Previous page