[11581] in bugtraq
Re: OCE' 9400 plotters
daemon@ATHENA.MIT.EDU (Larry W. Cashdollar)
Sun Aug 29 05:12:57 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Md5: +b9riaaBL+THTl0Scrsg5Q==
Message-Id: <199908261128.HAA03827@uniden.Biw.COM>
Date: Thu, 26 Aug 1999 07:28:06 -0400
Reply-To: "Larry W. Cashdollar" <lwcashd@BIW.COM>
From: "Larry W. Cashdollar" <lwcashd@BIW.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM, seamus@INSOMNIA.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
>
> There is, however, quite a bit of documentation in the hub's manual about
> setting a root password, and the importance of doing so.. don't know who
> decided to use this same firmware in plotters/printers or what their
> documentation is like, however it seems to come down to the general rule
> of never leave a peripheral unpassworded on your network if you want to
> avoid these sorts of problems (telnet proxy, etc..)
My point was that by default the plotter can be used as a gateway, most people
dont associate "security" with a plotter. I would guess that for people who
dont know once the plotter is functional why read the rest of the manual.
What vendors should do is force a password to be set upon installation.
-- Larry
