Thousands of Publicly Accessible Printers Searchable On Google 192
Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."
Re:Imagine... (Score:3, Informative)
Re:First rule of embedded web servers (Score:5, Informative)
But at least it keeps the major search engines from indexing your web-accessible device, which is where script kiddies and the malevolently ignorant will go to find strange machines to play with.
Re:This will stop quickly (Score:4, Informative)
.....or 4chan.
I'm wait for the LULZ.
Not thousands, more like 73 (Score:4, Informative)
Just because google says *about* 86,500 results, doesn't mean that it's going to *actually* have that. You'd think someone who can search google that well would know this. If you go to the end of the search query, it's 73 results.
Re:Not thousands, more like 73 (Score:4, Informative)
Just because google says *about* 86,500 results, doesn't mean that it's going to *actually* have that. You'd think someone who can search google that well would know this. If you go to the end of the search query, it's 73 results.
actually it is abut 86,500 - the 73 results are considered unique, but when you "repeat the search with the omitted results included" at the end, it includes many, many more nodes.
I work in the photocopy industry... (Score:2, Informative)
And I use these open web interfaces all the time to help guide dumb ass engineers how to fix things over the phone.
The first time I spotted an MFP on the internet I did send a print job letting them know that they should probably fix it (I did check the machine was in a English speaking country first!) But I no longer bother any more.
HP Printers don't run Oracle's (Sun) JVM (Score:4, Informative)
The article leads the reader to believe that the VM running on HP LaserJet printer is an old version of Sun's -- now Oracle -- JVM. That's no true. HP Printers run ChaiVM, a clean-room implementation written based on the published specification. Moreover HP has historically recommended their customers to NOT expose printers to the public Internet. The embedded web server is an administration tool, not a fully-fledged HTTP server, and was not designed to be used that way.
Disclaimer: Even though I work for HP and had access to the LJ firmware internals in the recent past, I'm NOT speaking on behalf of HP.
Re:First rule of embedded web servers (Score:4, Informative)
There is a way to upload new printer firmware - usually protected with default administrator credentials. First, set the printers TCP settings to point to YOUR own DNS host.... :-)
Re:Imagine... (Score:4, Informative)
Yes, unauthorized access of pretty much anything is illegal, WTF makes you think it wouldn't be anyway?
However, specifically, unauthorized access of a computer or telecommunications equipment is most certainly covered under several federal laws.
Unauthorized access means 'doing anything they didn't want you to do, specifically stated in advance or otherwise.', so pretty much anytime you touch any computer without permission in any way, its covered.
That doesn't consider any pornography or offensive content standards and a crapton of other laws.
I'm just curious as to why you wouldn't instinctively know this is covered in about a billion different ways. Are you 12? Do you still think some silly little 'well they didn't say THAT' kind of thing is a legal loophole?