Exposed HP LaserJet Printers Offer Anonymous FTP To the Public

itwbennett writes: In a blog post on Monday, security researcher Chris Vickery outlined the risks associated with networked HP LaserJet printers, which have been made available to the public by the organizations hosting them. 'There are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100. After uploading to a printer, the file can be accessed by ... any web browser... It doesn't take much creativity to realize that even highly illegal materials could be stored this way,' Vickery wrote. CSO's Steve Ragan picked up the thread: A quick search on Shodan to confirm Vickery's findings returned thousands of results.

IoT

[Torodung]

(*sarcasm*) No. Everything must be internet enabled! We are in the age of the Internet of Things. You probably don't even use "apps," do you? I bet you compile your own code, too. You are a Luddite. Get off my lawn! (*sarcasm*)

Re:NAT, firewall

[gstoddart]

Honestly, never underestimate just how terrible security is or can be ... between vendors which leave stuff vulnerable for years, or mis-configurations, things which have never been patched, or things which seemed like a good idea at the time ... the internet is a hideous mess of things which are appalling but nonetheless happen every day.

Either because nobody cares, or nobody has the money to care, or management comes down on the side of "easy" instead of "correct".

I think most of us would be shocked/depressed/angry to realize just how much stuff is hanging outside of any firewall or NAT whatsoever.

The people are likely to be secure are paranoid, diligent, a little crazed, and likely have others telling them to "relax, it's not a big deal". Never underestimate how often someone says "dear god, we can't do this" only to be overruled by someone who doesn't see it as a threat ... it happens all the damned time.

The people who get overruled just need to cover their asses so if it happens they can say "told you so". This has been true for years.

I'm betting tons of people around here can give you horror stories about loudly warning about this kind of stuff only to be told to shut up and do it.