Originally Posted by
techsxge
1. Usually, it will be full Names or positions that are associated with email addresses or PC Names. So yes, it can be used for pishing attacks.
2. Doesnt reveal anything really critical
3. The password would be the only interesting thing here.
4. See 1.
Quickly is relative. Depends a lot on the algorithm used to store the passwords, which i assume to be SHA256 but i am not too sure. I know that there are printers that used to store passwords in plain text.
If your printer is the entry point of a hacker into your network, you have already fcked up. Some Bosses might have called this "saving money" before. It happens when the Printer has direct access to the internet and is not protected by being put in a vlan with no internet access and filtered network communication.
The problem for dealers depends on the case and contracts.
You just delivered it and only supply consumables? Not your issue as long as it came with the newest firmware avaiable.
You have a contract to maintain the machine on a regular base and failed to offer antivirus solutions, update the firmware regularly? Might get you in some sort trouble if they have a good lawyer.
You are also the companies IT Manager? Damn you have fcked up. Unless you offered and informed the Boss of that company of all the stuff that needs to be done and he declined. You would need that as a hardcopy though.
Bookmarks