Re: vulnerabilities of postscript printers
From: Bob Beck (beck_at_bofh.cns.ualberta.ca)
Date: 01/24/04
- Previous message: Jonathan A. Zdziarski: "Re: [work] Re: Major hack attack on the U.S. Senate"
- Maybe in reply to: Bob Kryger: "vulnerabilities of postscript printers"
- Next in thread: Theo de Raadt: "Re: vulnerabilities of postscript printers"
- Reply: Theo de Raadt: "Re: vulnerabilities of postscript printers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Sat, 24 Jan 2004 12:58:50 -0700
>>> My god, people attach printers to networks! Postscript is Turing Complete!
>> Blah blah - you can't open files...
> Sure you can, RTFM...
Who cares? if it's a network attached printer there's some sort of
IP stack in there speaking lpr, and some semblance of an operating
system. It's a computer. It has network interfaces, the software is
certainly full of bugs and sucks, like most other software. It's
probably exploitable. Why would you treat this device any differently
than any other network attachable device on your secured network?
Either you allow devices to have connections to both secured and
unsecured networks or you don't. If you think a printer, refrigerator,
jet-direct device, set-top-box, 802.11? stuff, coffee machine, coke
machine, Cell phone, PDA, etc. etc. could never be exploited to talk to
whatever it's talking to, please call me, I have a great opportunity
with a moose milking ranch to get you in on early.
-Bob
- Previous message: Jonathan A. Zdziarski: "Re: [work] Re: Major hack attack on the U.S. Senate"
- Maybe in reply to: Bob Kryger: "vulnerabilities of postscript printers"
- Next in thread: Theo de Raadt: "Re: vulnerabilities of postscript printers"
- Reply: Theo de Raadt: "Re: vulnerabilities of postscript printers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
