Linked by Howard Fosdick on Sat 31st Dec 2011 07:57 UTC
Bugs & Viruses Columbia University researchers claim millions of HP printers could be open to remote attack via unsecured Remote Firmware Updates. Cybercriminals could steal personal information or attack otherwise secure networks. HP agrees there is a theoretical security problem but says no customer has ever reported unauthorized printer access. The company denies some of the claims and is still investigating others.
Permalink for comment 501779
To read all comments associated with this story, please click here.
RE: Surprised ?
by ssokolow on Sat 31st Dec 2011 15:37 UTC in reply to "Surprised ?"
ssokolow
Member since:
2010-01-21

A website on the Internet could include an image with a URL pointing at your router or printer which tries to change settings on that device. It is very common.

Many routers on sale right now have already fixed their problems. It will take years before printers will get fixed.</span>


This is why I always help people to install NoScript, even if I put the Javascript whitelisting in "globally allow" mode.

It's got another component named ABE (Application Boundaries Enforcer) which includes a default ruleset to prevent just that sort of thing. (Disallowing access to LAN URLs from a WAN document)

(You can also choose to have the XSS filters, clickjacking protection, and securely-implemented Flash/Java/etc. click-to-play active with "globally allow" chosen)

Reply Parent Score: 3