*NEWS*FLAWS PUTS XEROX PRINTERS @ RISK

  • 2toner1-2
  • mse-big-banner-new-03-17-2016-416716a-tonernews-web-banner-mse-212
  • futor_902x177v7-tonernew
  • 161213_banner_futorag_902x177px
  • ink-direct-banner-902-x-177-v-1-2-big-banner-03-23-2017
  • Print
  • cartridgewebsite-com-big-banner-02-09-07-2016
  • 4toner4
  • banner-01-26-17b
  • clover-depot-intl-us-ca-email-signature-05-10-2017-902x1772
  • 05 02 2016 429716a-cig-clearchoice-banner-902x177
Share

*NEWS*FLAWS PUTS XEROX PRINTERS @ RISK

 user 2006-08-04 at 12:54:00 pm Views: 93
  • #16125

    Serious flaw puts Xerox printers at risk
    August
    , 2006  LAS VEGAS – Xerox Corp. is scrambling to update a security
    patch following the disclosure of a major security flaw in its
    WorkCenter multifunction printers.By taking advantage of a
    configuration error in the printers’ Web interface, security researcher
    Brendan O’Connor was able to run unauthorized software on the printers,
    compromise network traffic and access sensitive information being
    printed on the machines. He shared details of how to compromise the
    printers during a presentation at the Black Hat USA conference in Las
    Vegas yesterday.”Think of all the sensitive data that’s going through
    these,” he said. “Everybody prints, and there’s an inherent trust in
    these types of devices.”O’Connor said he was not trying to “pick on
    Xerox,” but rather using his hack as a case study to draw attention to
    the security threat posed by increasingly powerful embedded devices.”I
    don’t think they’re getting the level of scrutiny that they require,”
    said O’Connor, who identified himself only as a security engineer who
    works at a U.S. financial services company.”This is a Linux server
    wrapped in a copier box. These things are all over the enterprise,” he
    said.Xerox issued a patch for the vulnerability in February. It affects
    WorkCenter and WorkCenter Pro Series 200 devices sold between October
    2005 and June of this year, said Armon Rahgozar, a manager at Xerox’s
    Solutions and Partnership Technology Office.However, that Xerox patch
    does not fully address the vulnerabilities, O’Connor said. “My company
    is still vulnerable to these things,” he said.Rahgozar said Xerox is
    working to address the situation and will issue an updated
    patchCustomers can either download the patch from the Xerox Web site or
    wait for service technicians to apply the patches at their next
    scheduled servicing.Xerox is also developing an automatic update system
    for its products, similar to Microsoft Corp.’s, Rahgozar said. “We
    probably want to follow the model that Microsoft has learned the hard
    way,” he said. “You provide the push mechanism, but it’s controlled by
    administrators at the site.”When Rahgozar showed up for O’Connor’s
    Black Hat talk, the researcher said he was worried that Xerox might be
    considering legal action against him in the same way that Cisco Systems
    Inc. sued security researcher Michael Lynn at last year’s conference.
    “When the guy said, ‘I’m from Xerox,’ I thought Mike Lynn,” O’Connor
    said in an interview after his presentation.Those concerns were
    unfounded, however. After the talk, Rahgozar thanked the researcher,
    saying he was doing the industry a service.”So how much do you hate
    me?” O’Connor asked Rahgozar.”Not at all,” the Xerox manager said.