On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software by researcher Sebastin Guerrero (English translation is available here). I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment. Even in highly developed enterprise security groups the printer firmware is often overlooked because of the low risk typically associated with these types of devices.. Many of these devices are ignored in vulnerability scans, monitoring devices, and log collection, which is perfect for avoiding detection.
Bad guys know this.
So where is the danger? Anybody remember in the late 90s when printers became rooted file servers sharing music right beneath the noses of administrators everywhere? The BLUF is that the HP printers today offer network connectivity, computing power and storage, and as such can be targets for exploit. And once a machine which you own is compromised, then the real work (losses) begin.
Whats the word in your world? What say you?
tony d0t carothers --gmail
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.