lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200401241958.i0OJwooc010517@bofh.cns.ualberta.ca>
Date: Sat, 24 Jan 2004 12:58:50 -0700
From: Bob Beck <beck@...h.cns.ualberta.ca>
To: bugtraq@...urityfocus.com
Subject: Re: vulnerabilities of postscript printers



>>> My god, people attach printers to networks! Postscript is Turing Complete!
>> Blah blah - you can't open files...
> Sure you can, RTFM...

   Who cares? if it's a network attached printer there's some sort of
IP stack in there speaking lpr, and some semblance of an operating
system.  It's a computer. It has network interfaces, the software is
certainly full of bugs and sucks, like most other software. It's
probably exploitable. Why would you treat this device any differently
than any other network attachable device on your secured network?

    Either you allow devices to have connections to both secured and
unsecured networks or you don't. If you think a printer, refrigerator,
jet-direct device, set-top-box, 802.11? stuff, coffee machine, coke
machine, Cell phone, PDA, etc. etc. could never be exploited to talk to
whatever it's talking to, please call me, I have a great opportunity
with a moose milking ranch to get you in on early.

  -Bob


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ