Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thousands of Publicly Accessible Printers Searchable On Google

Posted by Soulskill on from the message-in-a-bottle-on-the-digital-ocean dept.

Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."

10 of 192 comments (clear)

  1. First rule of embedded web servers by WaffleMonster · · Score: 4, Insightful

    User-agent: *
    Disallow: /

    1. Re:First rule of embedded web servers by countach · · Score: 3, Insightful

      I think the point is, at least it wouldn't be advertised on Google.

  2. This will stop quickly by Arancaytar · · Score: 3, Insightful

    As soon as a spammer figures out how to abuse it.

    1. Re:This will stop quickly by Anonymous Coward · · Score: 2, Insightful

      This may fall under the junk fax laws, USCC 18 paragraph 2701. Unlike that nightmare of deliberately overriding state law with federal law that planted "SPAM ME" on the backside of every email user in the US, the old junk fax law actually had teeth in it because it was costing every fax-owning *business* money and time as their fax machines were run out of paper and toner constantly with all the junk fax. So it's a fairly robust law which might include this as electronic communicaitons to a fax/printer/copier machine in most offices.

  3. Imagine... by inode_buddha · · Score: 4, Insightful

    A little bit of scripting and you can goatse thousands all around the world...

    --
    C|N>K
    1. Re:Imagine... by tripleevenfall · · Score: 2, Insightful

      You'd be in heap big trouble if a child picked up the printout, I think.

  4. Re:How did this happen? by QuadEddie · · Score: 2, Insightful

    The number of small companies dwarf big companies. While a big company could potentially have a few of these in the open, they're much more likely to have the resources to have someone competent running the network. A typical small business (under 20 employees) will not have the resources to secure their network and will likely be oblivious to the exposure.

  5. Re:How did this happen? by black3d · · Score: 3, Insightful

    Worse, the "cheap" guys frequently intentionally disable router-based firewalls and DMZ the entire internal network so they can "troubleshoot" remotely having to use only RDP, because they have no experience or knowledge of appropriate secure methods of remote troubleshooting.

    --
    "The true measure of a person is how they act when they know they won't get caught." - DSRilk
  6. Did anyone bother to click through? by jabberwock · · Score: 1, Insightful

    Yes, the search page say 86,700 results, or whatever. But you only get 13 results, and then the:

    "In order to show you the most relevant results, we have omitted some entries very similar to the 13 already displayed. If you like, you can repeat the search with the omitted results included."

    Asking for omitted results gives you a grand total of 73 results, no matter WHAT the top of the results page says ...

    So ... nothing to see here, at all. Bullsh*t.

  7. Re:How did this happen? by profplump · · Score: 3, Insightful

    My DHCP is configured to hand out "public" addresses. Even over WiFi. Is there some reason it shouldn't be?

    The idea that NAT is the way things should work is ridiculous -- it makes networking harder in about 25 different ways, makes the Internet a provider-consumer system instead of a peer-to-peer system, and it provides no "protection" beyond what you'd get from any other stateful firewall.