[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200401241958.i0OJwooc010517@bofh.cns.ualberta.ca>
Date: Sat, 24 Jan 2004 12:58:50 -0700
From: Bob Beck <beck@...h.cns.ualberta.ca>
To: bugtraq@...urityfocus.com
Subject: Re: vulnerabilities of postscript printers
>>> My god, people attach printers to networks! Postscript is Turing Complete!
>> Blah blah - you can't open files...
> Sure you can, RTFM...
Who cares? if it's a network attached printer there's some sort of
IP stack in there speaking lpr, and some semblance of an operating
system. It's a computer. It has network interfaces, the software is
certainly full of bugs and sucks, like most other software. It's
probably exploitable. Why would you treat this device any differently
than any other network attachable device on your secured network?
Either you allow devices to have connections to both secured and
unsecured networks or you don't. If you think a printer, refrigerator,
jet-direct device, set-top-box, 802.11? stuff, coffee machine, coke
machine, Cell phone, PDA, etc. etc. could never be exploited to talk to
whatever it's talking to, please call me, I have a great opportunity
with a moose milking ranch to get you in on early.
-Bob
Powered by blists - more mailing lists