Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Multifunction devices

From: "Edwards, David (JTS)" <Edwards.Dave () saugov sa gov au>
Date: Fri, 3 May 2002 11:01:30 +0930 
Hi,

I've been asked to look at the security of multifunction devices such as the
new RICOH and HP models that combine printer/fax/scanner/copier etc.. They
seem to be moving from the SOHO environment onto the corporate networks and
there obviously a risk to assess.

So far I've been unable to find any incidents regarding these devices.  They
seem to include a complete tcp/ip stack, many have internal hard disks, and
they often offer many network services such as ftp, telnet, snmp, http and
even e-mail, which probably only pay lip service to security given their
focus on functionality.

Has anyone got any war stories about these types of machines or information
about the source of the embedded systems?

ciao
dave
---
Dave Edwards 
Justice Technology Services
Ph: +61 8 82265426 || 0408 808355 
mailto: edwards.dave () saugov sa gov au
Snail : Justice Technology Division 
        GPO Box 2048, Adelaide 5001
---

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: