OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: HP LaserJet 4 Series Jet Direct (and others)
From: Blue Boar (BlueBoarTHIEVCO.COM)
Date: Sun Jun 18 2000 - 23:31:19 CDT

Joel Michael wrote:
>
> I would consider this a DOS, because, as you said, it can easily run out
> of toner/paper. Another potential problem is if someone pushes
> something offensive down to the printer, and just leaves it for the next
> person to pick up.
>

OK, I didn't mean to imply with my smart-ass answer that this isn't a
problem... just that it's not the problem originally stated in the first
post. (i.e. the problem, as stated by Joel, is that people can
get to your printer AT ALL. It doesn't matter if they get there via
netcat or Windows printer sharing.)

I like the printing offensive things... that's a cute one.

Along the lines of stuff I am curious about.... Postscript.. as it lives
in printers... One attack I thught up years ago and did nothing with:
Postscript printers (at least the Laser Writers) had a password feature.
If no password was set, anyone could set one. Then the printer wouldn't
accept any jobs without the password. You then couldn't take the password
off without the password (or openeing the printer case...)

I've seen lots of cool Postscript programming examples by that secret
money-making tinaja quest... Don Lancaster? Anwyay, I'd been curious, and
never followed up on whether or not the Postscript interpreter had access
to the network stack.

Would it be possible to write a Postscript worm that went looking for
printers, propagated itself, and set passwords?

As to other printer fun. Joel mentioned FTP built into the Kyocera
printers. Who wants to be that it would be vulnerable to the FTP
bounce attack?

                                        BB