Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] HP Photosmart vulnerabilities

from [Mo.Ron Hubbard] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] HP Photosmart vulnerabilities
Date: Fri, 28 Dec 2007 11:00:12 -0500 
It is actually scary that someone would not know that a disposable consumer
product has some issues.  Spoon feed much?

I guess on your planet perfection is expected at a very low price tag.  I am
pretty sure that most if not all network devices default with these same
silly plug "N" play regardless of its price tag: public , private, tomato,
tomatoe woo hoo, I have to rtfm again.

The development folks on my world are always leaving the defaults for the
users to change why because its cheaper to mass produce and test.

Mo.Ron Hubbard
Chief Inquisitor Securentology


On 12/28/07, uncleron@hushmail.com <uncleron@hushmail.com> wrote:


HP Photosmart C6280 (and probably other) network printers ship with
insecure default settings.  The printer ships with SNMP enabled
using the default community strings for both public and private.
HP does not document the use of SNMP, or provide a way for users to
change the default community strings.  The printer also includes a
web based admin tool which runs over http, without even an option
for ssl.

Several attempts to contact HP have proven futile.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [SECURITY] [DSA 1440-1] New inotify-tools packages fix arbitrary code execution, Moritz Muehlenhoff
Next by Date:  Re: [Full-disclosure] HP Photosmart vulnerabilities, uncleron
Previous by Thread:  Re: [Full-disclosure] HP Photosmart vulnerabilities, Joshua Levitsky
Next by Thread:  Re: [Full-disclosure] HP Photosmart vulnerabilities, uncleron
Indexes:  [Date] [Thread] [Top] [All Lists]