A security flaw in software that ships with two of Hewlett-Packard Color LaserJet printers could open a door for cybersnoops, HP has warned.
The vulnerability lies in the Toolbox software that comes with HP's Color LaserJet 2500 and 4600 printers, the company said. The flaw could allow a remote, unauthorized malicious user to retrieve arbitrary files from a Windows computer when the software is running in the default configuration, HP said in a security alert published Sunday.
The Toolbox is software that installs on a PC along with the drivers. It uses a simple Web browser interface for access to printer status information, troubleshooting tips and demos, and an alerts feature.
HP has made HP Color LaserJet 2500/4600 Software Update version 3.1 available to resolve the security issue, it said. Security monitoring company Secunia rates the issue "less critical." The flaw is caused by an input validation error in the Web server that's part of the software, according to a Secunia alert, published Wednesday.
Discovery of the flaw is credited by HP and Secunia to Richard Horsman of Sec-1.com.
....are WEB SERVER. Doe's anybody know what a WEB SERVER does. Well a SERVER is meant to SERVE files to someone or something. In the case of HP there use of a WEB SERVER allows them to create a WEB INTERFACE for there printers. Thats all fine and dandy but HP, you should warn your clients of the security risks of running ANY SERVER on a local machine. Oh, wait, you found ONE flaw, there's many more, I know this for a fact!
....are WEB SERVER. Doe's anybody know what a WEB SERVER does. Well a SERVER is meant to SERVE files to someone or something. In the case of HP there use of a WEB SERVER allows them to create a WEB INTERFACE for there printers. Thats all fine and dandy but HP, you should warn your clients of the security risks of running ANY SERVER on a local machine. Oh, wait, you found ONE flaw, there's many more, I know this for a fact!
Why is this security hole not surprising? Has anyone noticed the unpleasant software bloat that HP printers seem to have acquired? If you install any of their latest Inkjets, you wind up with somewhere between 300 and 600 MB of software on your PC, and that's in addition to the silly web serve on the printer. What is HP thinking? I'm sure some people would find the software useful (if it was relatively bug free, which it actually isn't) but the risk from a security point of view is large just based on the number of lines of code and the fact that HP's applications are definitely network enabled.
Bring back a simple set of printer drivers please!
Why is this security hole not surprising? Has anyone noticed the unpleasant software bloat that HP printers seem to have acquired? If you install any of their latest Inkjets, you wind up with somewhere between 300 and 600 MB of software on your PC, and that's in addition to the silly web serve on the printer. What is HP thinking? I'm sure some people would find the software useful (if it was relatively bug free, which it actually isn't) but the risk from a security point of view is large just based on the number of lines of code and the fact that HP's applications are definitely network enabled.
Bring back a simple set of printer drivers please!
I love my HP officejet 5510 but when I bought it as a standalone the software that came with it caused endless antivirus alerts and booting problems for my winxp home os on a non-HP pc. Who do these guys think they are to thrust themselves onto the desktop this way? Do they not care what compatibility issues do on the user end? When I bought an HP pc and migrated the printer to it those issues quieted down, but the whole "HP resource center" thing they put on their pc still irritates the antivirus and anti-adware systems; and they insanely made a limited-trial version of buggy Roxio software a key dedicated component of their Windows os package. Whoever runs their software division needs to be taken out to the woodshed...
I love my HP officejet 5510 but when I bought it as a standalone the software that came with it caused endless antivirus alerts and booting problems for my winxp home os on a non-HP pc. Who do these guys think they are to thrust themselves onto the desktop this way? Do they not care what compatibility issues do on the user end? When I bought an HP pc and migrated the printer to it those issues quieted down, but the whole "HP resource center" thing they put on their pc still irritates the antivirus and anti-adware systems; and they insanely made a limited-trial version of buggy Roxio software a key dedicated component of their Windows os package. Whoever runs their software division needs to be taken out to the woodshed...
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
George Lucas has just released his version of "Star Wars" in 3D, but c'mon--the guy believes Greedo shot first. Why not make your own Star Wars world? In the first installment of a Crave series, a crack team of crafters fight the power and turn paper bags into the Rebel Alliance's Admiral Ackbar. It's a sack!
Well a SERVER is meant to SERVE files to someone or something. In
the case of HP there use of a WEB SERVER allows them to create a
WEB INTERFACE for there printers. Thats all fine and dandy but HP,
you should warn your clients of the security risks of running ANY
SERVER on a local machine. Oh, wait, you found ONE flaw, there's
many more, I know this for a fact!
~Justing
Well a SERVER is meant to SERVE files to someone or something. In
the case of HP there use of a WEB SERVER allows them to create a
WEB INTERFACE for there printers. Thats all fine and dandy but HP,
you should warn your clients of the security risks of running ANY
SERVER on a local machine. Oh, wait, you found ONE flaw, there's
many more, I know this for a fact!
~Justing
Bring back a simple set of printer drivers please!
Bring back a simple set of printer drivers please!