Prevent paper-waste

I have noticed that a few people have been careless enough to leave their HP LaserJet (maybe others are also relevant) HTTP interface open to the Internet. Even though most of the functionality is disabled, you can still screw around with it by asking it to print the font list, which isn’t a total waste :) of paper unless you do this repeativily until the printer runs out of paper.

I would recommend NOT allowing your printers to be visible from the Internet.

(BTW: I found 20 such devices open, but I guess a better Google query could find more)

Share
  • http://www.BeyondSecurity.com Aviram

    I believe eEye once found a remotely exploitable buffer overflow in one of the HP laserjet services. These things are basically fully-capable TCP/IP devices and can be use to hop into the network and on the other hand are difficult to patch and harden. So yes, I think the right advise is “don’t allow them to be visible from the Internet”.