Forgot your password?
typodupeerror
Google HP Printer Security Technology

Thousands of Publicly Accessible Printers Searchable On Google 192

Posted by Soulskill
from the message-in-a-bottle-on-the-digital-ocean dept.
Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."
This discussion has been archived. No new comments can be posted.

Thousands of Publicly Accessible Printers Searchable On Google

Comments Filter:
  • Re:Imagine... (Score:3, Informative)

    by t3hfr3ak (2429946) on Friday January 25, 2013 @05:12PM (#42695451)
    Well, some states persecute for sharing offensive material over the internet. I'm sure the courts will say this falls into the category.
  • by SJHillman (1966756) on Friday January 25, 2013 @05:16PM (#42695511)

    But at least it keeps the major search engines from indexing your web-accessible device, which is where script kiddies and the malevolently ignorant will go to find strange machines to play with.

  • by hduff (570443) <hoytduff AT gmail DOT com> on Friday January 25, 2013 @05:19PM (#42695555) Homepage Journal

    .....or 4chan.

    I'm wait for the LULZ.

  • by Mr. McGibby (41471) on Friday January 25, 2013 @05:38PM (#42695773) Homepage Journal

    Just because google says *about* 86,500 results, doesn't mean that it's going to *actually* have that. You'd think someone who can search google that well would know this. If you go to the end of the search query, it's 73 results.

  • by Anonymous Coward on Friday January 25, 2013 @06:13PM (#42696141)

    Just because google says *about* 86,500 results, doesn't mean that it's going to *actually* have that. You'd think someone who can search google that well would know this. If you go to the end of the search query, it's 73 results.

    actually it is abut 86,500 - the 73 results are considered unique, but when you "repeat the search with the omitted results included" at the end, it includes many, many more nodes.

  • by Anonymous Coward on Friday January 25, 2013 @06:57PM (#42696559)

    And I use these open web interfaces all the time to help guide dumb ass engineers how to fix things over the phone.

    The first time I spotted an MFP on the internet I did send a print job letting them know that they should probably fix it (I did check the machine was in a English speaking country first!) But I no longer bother any more.

  • by MythicalMan (261975) on Friday January 25, 2013 @08:58PM (#42697583)

    The article leads the reader to believe that the VM running on HP LaserJet printer is an old version of Sun's -- now Oracle -- JVM. That's no true. HP Printers run ChaiVM, a clean-room implementation written based on the published specification. Moreover HP has historically recommended their customers to NOT expose printers to the public Internet. The embedded web server is an administration tool, not a fully-fledged HTTP server, and was not designed to be used that way.

    Disclaimer: Even though I work for HP and had access to the LJ firmware internals in the recent past, I'm NOT speaking on behalf of HP.

  • by Jeremiah Cornelius (137) on Friday January 25, 2013 @10:45PM (#42698165) Homepage Journal

    There is a way to upload new printer firmware - usually protected with default administrator credentials. First, set the printers TCP settings to point to YOUR own DNS host.... :-)

  • Re:Imagine... (Score:4, Informative)

    by BitZtream (692029) on Saturday January 26, 2013 @03:25AM (#42699073)

    Yes, unauthorized access of pretty much anything is illegal, WTF makes you think it wouldn't be anyway?

    However, specifically, unauthorized access of a computer or telecommunications equipment is most certainly covered under several federal laws.

    Unauthorized access means 'doing anything they didn't want you to do, specifically stated in advance or otherwise.', so pretty much anytime you touch any computer without permission in any way, its covered.

    That doesn't consider any pornography or offensive content standards and a crapton of other laws.

    I'm just curious as to why you wouldn't instinctively know this is covered in about a billion different ways. Are you 12? Do you still think some silly little 'well they didn't say THAT' kind of thing is a legal loophole?

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.

Working...