Penetration Testing mailing list archives
Multifunction devices
From: "Edwards, David (JTS)" <Edwards.Dave () saugov sa gov au>
Date: Fri, 3 May 2002 11:01:30 +0930
Hi, I've been asked to look at the security of multifunction devices such as the new RICOH and HP models that combine printer/fax/scanner/copier etc.. They seem to be moving from the SOHO environment onto the corporate networks and there obviously a risk to assess. So far I've been unable to find any incidents regarding these devices. They seem to include a complete tcp/ip stack, many have internal hard disks, and they often offer many network services such as ftp, telnet, snmp, http and even e-mail, which probably only pay lip service to security given their focus on functionality. Has anyone got any war stories about these types of machines or information about the source of the embedded systems? ciao dave --- Dave Edwards Justice Technology Services Ph: +61 8 82265426 || 0408 808355 mailto: edwards.dave () saugov sa gov au Snail : Justice Technology Division GPO Box 2048, Adelaide 5001 --- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Multifunction devices Edwards, David (JTS) (May 05)