lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1f8b6780712280800i42b48b90m68636010040dfa7e@mail.gmail.com>
Date: Fri, 28 Dec 2007 11:00:12 -0500
From: "Mo.Ron Hubbard" <securentology@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: HP Photosmart vulnerabilities

It is actually scary that someone would not know that a disposable consumer
product has some issues.  Spoon feed much?

I guess on your planet perfection is expected at a very low price tag.  I am
pretty sure that most if not all network devices default with these same
silly plug "N" play regardless of its price tag: public , private, tomato,
tomatoe woo hoo, I have to rtfm again.

The development folks on my world are always leaving the defaults for the
users to change why because its cheaper to mass produce and test.

Mo.Ron Hubbard
Chief Inquisitor Securentology


On 12/28/07, uncleron@...hmail.com <uncleron@...hmail.com> wrote:
>
> HP Photosmart C6280 (and probably other) network printers ship with
> insecure default settings.  The printer ships with SNMP enabled
> using the default community strings for both public and private.
> HP does not document the use of SNMP, or provide a way for users to
> change the default community strings.  The printer also includes a
> web based admin tool which runs over http, without even an option
> for ssl.
>
> Several attempts to contact HP have proven futile.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ