Tag Archive for Xerox

| October 11, 2019
Comments Off on How Secure are Your Printers?

How Secure are Your Printers?

How Secure are Your Printers?Printers are under the security microscope again. Printers are IoT devices that sit on the network and never get updated. I have covered some of the problems that printers cause a number of times on the Bach Seat. And now more vulnerabilities have been identified by UK-based security consultancy NCC Group in six popular enterprise printers.

Vulnerabilities in printers

NCC Group logoThe research team was made up of Daniel Romero, managing security consultant and research lead, and Mario Rivas, security consultant at NCC Group. They identified several classes of vulnerabilities in printers including:

  • Denial of service attacks that could crash printers;
  • The ability to add back-doors into printers to maintain attacker persistence on a network.
  • The ability to spy on every print job sent to vulnerable printers.
  • The ability to forward print jobs to an external internet-based attacker.

Matt Lewis, research director at NCC Group told  ComputerWeekly,

Because printers have been around for decades, they’re not typically regarded as enterprise IoT [internet of things devices], yet they are embedded devices that connect to sensitive corporate networks and therefore demonstrate the potential risks and security vulnerability posed by enterprise IoT.

Who to blame

There is plenty of blame to share for most of these latest vulnerabilities. Mr. Lewis says the manufacturers are causing these problems by neglecting to build security into their products.

Finger point for printer vulnerabilitesBuilding security into the development life-cycle would mitigate most, if not all, of these vulnerabilities and so it’s therefore important that manufacturers continue to invest in and improve cybersecurity, including secure development training and carrying out thorough security assessments of all devices.

End-users have to take some of the blame as well according to NCC Group

Corporate IT teams can also make small changes to safeguard their organization from IoT-related vulnerabilities, such as changing default settings, developing and enforcing secure printer configuration guides, and regularly updating firmware.

Impacted printer models

The printers tested by the researchers were from HP, Ricoh, Xerox, Brother, Lexmark, and Kyocera.

The NCC Group found vulnerabilities in HP (HPQ) printers. The Color LaserJet Pro MFP M281fdw printers have buffer overflows, cross-site scripting (XSS) vulnerabilities, and cross-site forgery countermeasures bypass.

HP has posted firmware updates to address potential vulnerabilities to some of its Color LaserJet series. “HP encourages customers to keep their systems updated to protect against vulnerabilities,” the company said in a statement.

Lexmark logoThe vulnerabilities in Lexmark CX310DN printers NCC Group found include denial of service vulnerability, information disclosure vulnerabilities, lack of cross-site request forgery countermeasures, and lack of account lockout.

The NCC Group found Vulnerabilities in Kyocera (KYO) Ecosys M5526cdw printers. The security holes include buffer overflows, broken access controls, cross-site scripting vulnerabilities, and lack of cross-site request forgery countermeasures.

NCC Group identified stack buffer overflows, heap overflows and information disclosure vulnerabilities in Brother (6448) HL-L8360CDW printers.

The vulnerabilities reported in Ricoh (RICOY) SP C250DN printers include buffer overflows, lack of account lockout, information disclosure vulnerabilities, denial of service vulnerabilities, lack of cross-site request forgery countermeasures, and hard-coded credentials.

https://www.xerox.comNCC Group claims the Xerox (XRX) Phaser 3320 printer vulnerabilities include buffer overflows, cross-site scripting vulnerabilities, lack of cross-site request forgery countermeasures, and lack of account lockout.

All of the vulnerabilities discovered during this research have either been patched or are in the process of being patched by the relevant manufacturers. NCC Group recommends that system administrators update any affected printers to the latest firmware available, and monitor for any further updates.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| November 10, 2016
Comments Off on Bad Passwords Crippled the Web

Bad Passwords Crippled the Web

Bad Passwords Crippled the WebFollowers of the Bach Seat know that passwords suck and now default passwords really suck. In fact, default passwords seem to be a key part of the massive DDOS attack that disabled large parts of the Internet on October 21, 2016. The cyberattack targeted Internet traffic company DYN. DYN provides DNS services for many high-profile sites. Some of the sites affected by the attack on Dyn included; Amazon (AMZN), Business Insider, New York Times, Reddit, and Twitter (TWTR).

Security researcher Brian Krebs, whose site, krebsonsecurity.com, was one of the first sites hit by a massive 620 GB/s DDoS attack, has reported the Mirai botnet was at the center of the attack on his site. CIO.com reports  ‘Mirai’ can break into a wide range of Internet of Things (IoT) devices from CCTV cameras to DVRs to home networking equipment turning them into ‘bots. CIO reports a single Chinese vendor, Hangzhou Xiongmai Technology made many of the devices used in the Mirai attacks.

Level 3 Communications says there are nearly half a million Mirai-powered bots worldwide. To amass an IoT botnet, a Mirai bot herder scans a broad range of IP addresses, trying to login to devices using a list of default usernames and passwords that are baked into Mirai code, according to US-CERT. The Mirai zombie devices are largely security cameras, DVRs, and home routers. Mr. Krebs identified some of the specific devices.

Mirai Passwords

UsernamePasswordFunction
admin123456
root123456ACTi IP camera
adminpassword
admin1password
rootpassword
admin12345
root12345
guest12345
admin1234
root1234
administrator1234
888888888888
666666666666Dahua IP camera
admin(none)
admin1111Xerox printers, etc.
admin1111111Samsung IP camera
admin54321
admin7ujMko0adminDahua IP camera
adminadmin
adminadmin1234
adminmeinsmMobotix network camera
adminpass
adminsmcadminSMC router
Administratoradmin
guestguest
motherfucker
root(none)Viviotek IP camera
root00000000Panasonic printers
root1111
root54321Packet8 VoIP phone
root666666Dahua DVR
root7ujMko0adminDahua IP camera
root7ujMko0vizxvDahua IP camera
root888888Dahua DVR
rootadminIPX-DDK network camera
rootankoAnko Products DVR
rootdefault
rootdreamboxDreambox TV receiver
roothi3518HiSilicon IP Camera
rootikwbToshiba network camera
rootjuantechGuangzhou Juan Optical
rootjvbzdHiSilicon IP Camera
rootklv123HiSilicon IP Camera
rootklv1234HiSilicon IP Camera
rootpass
rootrealtekRealtek router
rootroot
rootsystemIQinVision camera, etc.
rootuser
rootvizxvDahua camera
rootxc3511H.264 - Chinese DVR
rootxmhdipcSenzhen Anran security camera
rootzlxx.EV ZLX two way speaker
rootZte521ZTE router
serviceservice
supervisorsupervisorVideoIQ
supportsupport
techtech
ubntubntUbiquiti AirOS Router
useruser

US-CERT says the purported author of Mirai claims to have 380,000 IoT devices are under its control. Some estimate the botnet has generated greater than 1Tbps DDoS attacks.

DDOS attackWhen Mirai botnets are called upon to carry out DDoS attacks, they can draw on a range of tools including ACK, DNS, GRE, SYN, UDP and Simple Text Oriented Message Protocol (STOMP) floods, says Josh Shaul, vice president of web security for Akamai.

rb-

Followers of Bach Seat already know that many of the default passwords used by Mirai are among the worst and should have been changed already. They include:

  • Password
  • 123456
  • 12345
  • 1234

While reports say, Chinese vendor, XiongMai Technologies equipment was widely exploited, other notable tech firms are included. The Mirai zombie army includes equipment from Xerox (XRX), Toshiba (TOSBF), Samsung (005930), Panasonic (6752), and ZTE (763).

I wrote about security cameras being compromised as part of botnets back in July here.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
| January 10, 2013
Comments Off on Patent Trolls Going After Users

Patent Trolls Going After Users

Patent Trolls Going After UsersPatent trolls have changed their tactics by going after users according to TechEye. Patent trolls have realized that taking on big companies with large legal teams is a risky prospect so they have started looking for softer targets. Ars Technica is reporting the case of Steven Vicinanza and BlueWave, who received a letter ordering him to pay $1,000 per employee for a license for some “distributed computer architecture” patents.

demanding money with legal menacesThe blog says the troll in question, “Project Paperless LLC.” claims to have a patent covering the ability to scan documents to e-mail and was demanding money with legal menaces. If BlueWave paid, the troll would have collected $130,000. BlueWave was not the only company the troll went after. Lots of other small and medium companies were being hit.

Steven Hill, a partner at Hill, Kertscher & Wharton, an Atlanta law firm represented Project Paperless. The attorney told Mr. Vicinanza that if you hook up a scanner and e-mail a PDF document the company’s patent covers that process. In other words, any company that used office equipment would have to pay up.

fight and beat the troll in courtIn this case, Mr. Vicinanza decided to fight and beat the troll in court. Despite the victory, TechEye says Project Paperless patents claims are continuing to appear. The troll claims were passed to a network of shell companies. Ars found that the patent threats are going out under at least ten differently named LLCs.

These outfits are sending out hundreds of copies of the same demand letter to small businesses from New Hampshire to Minnesota. The article says the troll’s royalty demands range from $900 to $1,200 per employee.

Ars Technica reports that Project Paperless has four patents and one patent application it asserts, all linked to an inventor named Laurence C. Klein. “It was a lot of what I’d call gobbledygook,” said BlueWave’s Vicinanza. “Just jargon and terms strung together—it’s really literally nonsensical.

t was a lot of what I’d call gobbledygookArs provides links to the asserted patents, numbers 6,185,590, 6,771,381, 7,477,410 and 7,986,426. AdzPro also notes it has an additional patent application filed in July 2011 that hasn’t yet resulted in a patent. Ars states that the patents may have been useless from a technologist’s perspective, but fighting them off in court would be no small matter. The problem is that it often costs more in legal costs for small businesses to fight the trolls than it does to pay up and make them go away.

Mr. Vicinanza spent $5,000 on a prior art search and sent the results to the Project Paperless lawyers. He filed a third-party complaint against four of the companies that actually made the scanners, Xerox (XRX) Canon (CAJ), HP (HPQ), and Brother (6448). That could have compelled the manufacturers to get involved in the case.

In the end, Hill dropped its lawsuit against BlueWave and went away and the case never came to court. However, Ars points out a detailed website called “Stop Project Paperless,” with information about the patents and links to the Hill, Kertscher, and Wharton law firm.

case never came to courtTechEye concludes that if a firm wants to make a lot of money from a dubious patent, it is better to sue users than the companies which make products that use it. If Apple wanted to kill off Samsung’s business all it would have to do is sue every Android user. Most of them would never go to court and pay whatever Apple demands. That particular scenario is unlikely, but it does show where the antics of patent trolls are headed.

rb-

The politicians tried to work on the problem with the SHIELD Act which I covered here, but that apparently went nowhere. After all, they are too busy driving us all off the fiscal cliff.

Maybe it was top troll Apple that stopped the law from getting a full House vote, Apple is now the biggest patent troll of them all.

So more proof that Patent Trolls Cost the US $29 Billion which I covered earlier.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| November 27, 2012
Comments Off on Protecting Print Devices from Malware

Protecting Print Devices from Malware

Protecting Print Devices from MalwarePrinter/copier firm Xerox and anti-malware firm McAfee revealed new protection against malware and viruses with the first networked multifunction printer to use McAfee Embedded Control software, a filtering method that allows only approved programs to get through to protect print devices from malware.

Xerox, McAfee Protecting Print Devices from MalwareTom Moore, vice president, Embedded Security, McAfee told Help Net Security in a recent article,When a multifunction device receives data and processes it for printing, copying, scanning or faxing, it becomes susceptible to malware attacks a susceptibility that often is overlooked.

The Xerox and McAfee security solution simplifies processes for IT administrators with software embedded into a multifunction device’s controller to give an immediate alert and audit trail to track and investigate the time and origin of security threats – and take action. The blog says this eliminates the need for IT administrators to constantly stay on top of malware threats and proactively block them.

networked printers and multifunction devicesSurvey data from Xerox (XRX) and McAfee underscores the need for embedded security in networked printers and multifunction devices. In a poll of office workers taken earlier this year: 33% say they either don’t always follow their company’s IT security policies; 21% aren’t aware of the company’s IT security policies.

The survey also showed 39% of employees who copy, scan or print confidential information at work say they wonder whether information like customer credit card numbers, financial reports, human resources, and tax documents will remain secure on networked a device.

IT administrators Self protecting networkdon’t always consider printers as a threat – and with the Embedded Control software, we’ve put up even more defenses in our products so they don’t have to,” said Rick Dastin, president, Xerox Office, and Solutions Business Group.

Xerox devices protected and managed by McAfee Embedded Control and McAfee Embedded Management software will become available beginning in 2013, with products in the Xerox WorkCentre and ColorQube product lines.

rb-

Finally, some tangible results from Intel‘s (INTC) acquisition of McAfee. We use McAfee where I manage shared technical services, and just we just rolled out version 8.8 which says Intel on it.

I have covered the risks of putting multifunction devices on your network here, here, and here. This is not what I expected, maybe this is the first evolution before Intel builds McAfee anti-virus into a chip that goes on the mainboard or even right into the processor as a way to protect print devices from malware.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| May 6, 2011
Comments Off on Obituary for a Former Network Force Novell

Obituary for a Former Network Force Novell

Obituary for a Former Network ForceNetworking pioneer Novell ceased trading on NASDAQ 04-27-11 and will be delisted, which is a sad ending for an outfit that was once one of the big names in networking. Novell completed its previously announced merger, whereby Attachmate bought it for $6.10 per share in cash and the sale of certain identified issued patents and patent applications to CPTN Holdings for $450 million in cash. Attachmate, which started as a terminal emulation company (I spent a lot of time configuring the green screen emulator as a newbie network guy) in 1982, is privately held. ZDNet says the primary owners are the private equity firms Francisco Partners, Golden Gate Capital, and Thoma Bravo. The Attachmate side of the company still works in X Window and terminal emulation.

Novell logoWhen the company started up in Utah in 1979, it was a hardware company making CP/M based gear and had to be rescued from bankruptcy by a last-minute fund-raising effort. In January 1983, Ray Noorda headed the firm and introduced the multi-platform network operating system (NOS), Novell NetWare.  Originally NetWare ran on a Motorola 6800 CPU supporting 6 MUX ports per board for a maximum of 4 boards per server using a star topology with twisted-pair cabling.  Novell based its network protocol on Xerox Network Systems (XNS), and developed what it called the internetwork packet exchange (IPX) and sequenced packet exchange (SPX).

By 1990, Novell was the only choice for any company which wanted to run a network. In 1993, the company bought Unix System Laboratories from AT&T (T), with the idea of challenging Microsoft. The next year it bought WordPerfect, as well as Quattro Pro from Borland to give it an Office package. Taking on Microsoft (MSFT) did not work out so Novell sold off WordPerfect and Borland off by 1996.

Novell tries to buy its way into new markets

Attachmate logoIn 1996 it pushed into internet-enabled products and a TCP/IP stack. The result was the excellent NetWare v5.0 (Which I installed over 30 of), released in October 1998. But by 1999 Novell had lost its dominant market position, and was continually being out-marketed by Microsoft. Novell focused on net services and platform interoperability, but products like DirXML, failed to set the world alight. Between 2002 and 2003, Novell tried to buy its way into new fields, particularly Linux in November 2003, Novell acquired SuSE.

Although Novell did not stop releasing products, it did not do as well as it hoped. Its Linux business grew slowly but not enough to make up for the lack of revenue from Netware. It then scored its own goal by signing a deal with Microsoft to cover patents on Linux. This angered the Open Source community, which had seen itself at war with Microsoft. In November 2010 Novell agreed to be acquired by Attachmate for $2.2 billion. Attachmate said it will split Novell into two units, one being SUSE.

Less than a week after completing its acquisition of Novell, Attachmate has laid off as many as 700 to 800 of Novell’s employees. According to Utah’s Daily Herald, many of the jobs that are being lost will be in the human resources, finance, accounting, and legal departments, as well as under-performing departments.

rb-

In the interests of full disclosure, I do did hold Certified Novell Engineer certifications CNE3, CNE4, and CNE5 certs. Now that the deals are done, we’ll have to see if Attachmate lives up to its promises to keep supporting NetWare and Linux.

What do you think?

Does Novell even matter anymore?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »