From: H D Moore (sflist@digitaloffense.net)
Date: Mon Dec 12 2005 - 14:45:53 EST
If the printer runs a real operating system (linux, windows, solaris),
treat it just like any other server with regards to risk. Xerox is famous
for deploying huge printers that run exploitable services (Solaris 2.6,
Linux-based, etc). If the printer is running Microsoft SQL Server with a
blank password for the 'sa' account, you should be able to do the same
things to it that could with a server - monitor all transactions, install
sniffers, insert a backdoor, etc.
-HD
On Friday 09 December 2005 13:50, Jason Rusch wrote:
> curious whats peoples opinion on the risk level etc concerning empty
> SA passwords on network printers?
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:15 EDT