SELAMAT DATANG DI TEMPATKU.

Semoga anda puas dan betah di tempatku. Walau pun semua serba sederhana serta ke kurangan. Maklum aja, aku baru belajar...! Karena itu aku sangat mengharapkan sekali Petunjuk serta Bimbingan dari anda yang datang ke tempat ini. Demi kemajuah dan perbaikan Blog yang masih sembraut tak karuan. dan serba asal - asalan.

Wasalamm...!

New Printers Vulnerable To Old Languages

When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.

35 year old bugs features

The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
  • Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
  • Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
  • List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
  • Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
  • Launch denial of Service attacks of various kinds:

Now exploitable from the web

All attacks can be carried out by anyone who can print, which includes:
Note that the product was tested in the default configuration. To be fair, one has to say that the HP PageWide Color Flow MFP 586 allows strong, Kerberos based user authentication. The permission to print, and therefore to attack the device, can be be limited to certain employees, if configured correctly. The attacks can be easily reproduced using our PRET software. We informed HP's Software Security Response Team (SSRT) in February.

Conclusion: Christian Slater is right

PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…

Continue reading


  1. Hack Tool Apk No Root
  2. Android Hack Tools Github
  3. Pentest Tools Review
  4. Hack Tool Apk No Root
  5. Hacker Tools For Pc
  6. Pentest Tools Alternative
  7. Hack Tools For Ubuntu
  8. Hacker Tools For Windows
  9. Pentest Tools Online
  10. Hacking Tools And Software
  11. Hacker Tools List
  12. Hacker Security Tools
  13. Pentest Tools Free
  14. Hacker Tools Apk Download
  15. Hacker Tools 2019
  16. What Are Hacking Tools
  17. Pentest Tools Alternative
  18. Github Hacking Tools
  19. How To Hack
  20. Blackhat Hacker Tools
  21. Pentest Automation Tools
  22. Pentest Tools Review
  23. Pentest Reporting Tools
  24. Hacks And Tools
  25. Hack Tools Pc
  26. Free Pentest Tools For Windows
  27. Pentest Tools Online
  28. Hack Tools 2019
  29. Pentest Tools Tcp Port Scanner
  30. Easy Hack Tools
  31. Android Hack Tools Github
  32. How To Hack
  33. Hacking Tools For Windows Free Download
  34. Hacking Tools For Kali Linux
  35. Best Pentesting Tools 2018
  36. Pentest Tools Apk
  37. Hack Tools For Pc
  38. Hack Apps
  39. Nsa Hack Tools Download
  40. Best Hacking Tools 2019
  41. Best Pentesting Tools 2018
  42. Game Hacking
  43. Pentest Tools For Windows
  44. Nsa Hack Tools
  45. Free Pentest Tools For Windows
  46. Underground Hacker Sites
  47. Hack Tools
  48. Hacking Tools 2019
  49. Pentest Tools Download
  50. Physical Pentest Tools
  51. Hack Tools Pc
  52. Hacker Tools Linux
  53. Hacking Tools Usb
  54. Hacking Tools For Mac
  55. Hacking Tools Usb
  56. Pentest Tools Free
  57. Hack Rom Tools
  58. What Is Hacking Tools
  59. Pentest Box Tools Download
  60. Hacker Tools List
  61. Pentest Tools List
  62. Hacker Tools Free
  63. Pentest Box Tools Download
  64. Pentest Tools Free
  65. Hack Apps
  66. Kik Hack Tools
  67. Pentest Tools For Ubuntu
  68. Hacking Tools Pc
  69. Best Pentesting Tools 2018
  70. Hacking Tools For Pc
  71. Hacking Tools Usb
  72. Tools 4 Hack
  73. Pentest Automation Tools
  74. Hacks And Tools
  75. Nsa Hacker Tools
  76. Hacking Tools 2020
  77. Hacker Tools For Pc
  78. Hack Tools Download
  79. Hack And Tools
  80. Hacker Tools Apk
  81. Hacking Tools Kit
  82. Hacking Tools For Mac
  83. Hacking Tools For Mac
  84. Hacking Tools For Windows
  85. Hack App
  86. Hacking Tools For Kali Linux
  87. Pentest Tools For Windows
  88. Hacks And Tools
  89. Pentest Tools Framework
  90. Pentest Tools Review
  91. Hack App
  92. Hack Tool Apk
  93. Hacking Tools For Windows 7
  94. Hack Tools Pc
  95. Pentest Tools Apk
  96. Pentest Tools Alternative
  97. Hacking Apps
  98. Hacking Tools For Windows 7
  99. Hacking Tools 2019
  100. Hack App
  101. Hak5 Tools
  102. Pentest Tools For Windows
  103. Hack Tool Apk No Root
  104. Hacking Tools Windows 10
  105. Pentest Tools Alternative
  106. Hack Tools For Ubuntu
  107. Kik Hack Tools
  108. Hack Tools Download
  109. Hackers Toolbox
  110. Hacking Tools 2019
  111. Hacker Search Tools
  112. Hacking Tools Name
  113. Hacking Tools 2019
  114. Github Hacking Tools
  115. Hacking App
  116. Hacker Tools 2019
  117. World No 1 Hacker Software
  118. Pentest Tools Nmap
  119. Hacker Tools Github
  120. Pentest Tools For Mac
  121. Hack Tool Apk
  122. Hacking Apps
  123. Hacker Techniques Tools And Incident Handling
  124. Tools 4 Hack
  125. Hack Tools Mac
  126. Hack Tools Mac
  127. Hacking Tools Kit
  128. What Are Hacking Tools
  129. Best Hacking Tools 2019
  130. Best Hacking Tools 2020
  131. How To Make Hacking Tools
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)