White Privilege, clear cut.

**bsm2** · 07-08-2021, 11:22 PM

Re: White Privilege, clear cut.

The Answer is STILL the same NO smb1

Security Bulletin MS17-010 | Why MSPs Need To Turn Off SMB1

**bsm2** · 07-17-2021, 10:28 AM

Re: White Privilege, clear cut.

Yep the real terrorists

**emujo2** · 07-19-2021, 09:41 PM

Re: White Privilege, clear cut.

Like it or not, security threats afforded by lax/indifferent dealers are a good way to get the crap sued out of you..We have Bizhub Secure here at KM..If a customer purchase this option and we don't set it up, or make a 1/2 ass attempt, once the hole has been found to be the copier or our software you better hide. Just like every other make of connected devices there are exploits than can be used as a back door to do any level of bad stuff..Take this stuff seriously..SMB, Email, Webdav..every one of these protocol has updated security features. Bypassing these could get you in a whole lot of trouble..For Bizhub Secure, we generate a 20 char random password (or have customer create one them selves). The code is not used anywhere else, and Km techs do not make a note of it..We turn on HDD lock, encryption and overwite modes..there are a ton of other settings including authenticaiton, changing the admin password, closing unused ports, enabling audit logs, ect..You better have a signed sheet saying "my company does not want this" on file..1st time HIPPA laws are broken and it can be traced back to the copier you must be able to say "hey, this is on you, we told you to turn on authentication"..E

**Crowfeather** · 07-20-2021, 10:08 PM

Re: White Privilege, clear cut.

Originally posted by emujo2

Like it or not, security threats afforded by lax/indifferent dealers are a good way to get the crap sued out of you..We have Bizhub Secure here at KM..If a customer purchase this option and we don't set it up, or make a 1/2 ass attempt, once the hole has been found to be the copier or our software you better hide. Just like every other make of connected devices there are exploits than can be used as a back door to do any level of bad stuff..Take this stuff seriously..SMB, Email, Webdav..every one of these protocol has updated security features. Bypassing these could get you in a whole lot of trouble..For Bizhub Secure, we generate a 20 char random password (or have customer create one them selves). The code is not used anywhere else, and Km techs do not make a note of it..We turn on HDD lock, encryption and overwite modes..there are a ton of other settings including authenticaiton, changing the admin password, closing unused ports, enabling audit logs, ect..You better have a signed sheet saying "my company does not want this" on file..1st time HIPPA laws are broken and it can be traced back to the copier you must be able to say "hey, this is on you, we told you to turn on authentication"..E

If you are doing that, and requested to do this, then this is a customer that obviously values high level security for a particular reason (E.G Medical company). Obviously, if you are not doing what you're paid to do then you are going to get done for non-performance and also negligence since you assumed a duty of care to the customer.

If you want to avoid liability just ask the customer if you can enable SMB1 for the purposes of scanning to server or shared folder, and indicate that (if in the case the printer is not capable without this being enabled), that not enabling this will mean they cannot make use of this function.

At the end of the day, the customer's security is not your responsibility. Their IT is not your responsbility. So don't make it your responsibility.

Also as a note the responsibility of a manufacturer is different to that of a Dealer or service provider.

**bsm2** · 07-20-2021, 11:02 PM

Re: White Privilege, clear cut.

Originally posted by Crowfeather

If you are doing that, and requested to do this, then this is a customer that obviously values high level security for a particular reason (E.G Medical company). Obviously, if you are not doing what you're paid to do then you are going to get done for non-performance and also negligence since you assumed a duty of care to the customer.

If you want to avoid liability just ask the customer if you can enable SMB1 for the purposes of scanning to server or shared folder, and indicate that (if in the case the printer is not capable without this being enabled), that not enabling this will mean they cannot make use of this function.

At the end of the day, the customer's security is not your responsibility. Their IT is not your responsbility. So don't make it your responsibility.

Also as a note the responsibility of a manufacturer is different to that of a Dealer or service provider.

At the end of the day, the customer's security is not your responsibility. Their IT is not your responsbility. So don't make it your responsibility.

That's exactly how your company gets suied.
Good luck with that in court.

Smb1 OFF Period.
Upgrade your copier with firmware if available or buy a new box.

**BillyCarpenter** · 07-20-2021, 11:10 PM

Re: White Privilege, clear cut.

A lot of folks on here mention a copier company being sued for this or that, but I've never actually heard of one being sued for network security. If I google it, nothing comes up. Common sense tells me that it's not nearly as simple as some make it out to be to hold a copier company liable.

If HP (or pick a company) releases software that is vulnerable, can I sue them? I doubt it.

**bsm2** · 07-20-2021, 11:19 PM

Re: White Privilege, clear cut.

Originally posted by BillyCarpenter

A lot of folks on here mention a copier company being sued for this or that, but I've never actually heard of one being sued for network security. If I google it, nothing comes up. Common sense tells me that it's not nearly as simple as some make it out to be to hold a copier company liable.

If HP (or pick a company) releases software that is vulnerable, can I sue them? I doubt it.

If you actually had ANY IT training you would know.

Case Closed

Understanding IT Compliance | Smartsheet

How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796) | Guardicore

**BillyCarpenter** · 07-20-2021, 11:35 PM

Re: White Privilege, clear cut.

Originally posted by bsm2

If you actually had ANY IT training you would know.

Case Closed

Understanding IT Compliance | Smartsheet

How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796) | Guardicore

Show me one single case where a copier company was sued for turning SMB on?

Do it if you can. You can't.

**bsm2** · 07-20-2021, 11:37 PM

Re: White Privilege, clear cut.

Originally posted by bsm2

At the end of the day, the customer's security is not your responsibility. Their IT is not your responsbility. So don't make it your responsibility.

That's exactly how your company gets suied.
Good luck with that in court.

Smb1 OFF Period.
Upgrade your copier with firmware if available or buy a new box.

Originally posted by BillyCarpenter

Show me one single case where a copier company was sued for turning SMB on?

Do it if you can. You can't.

Billy feel free to turn on smb1 on every account to go too.
You can tell your lawyer I said so.

**BillyCarpenter** · 07-20-2021, 11:38 PM

Re: White Privilege, clear cut.

Originally posted by bsm2

Billy feel free to turn on smb1 on every account to go too.
You can tell you later I said so.

Keep turning that screwdriver and stop playing an attorney on this site. Man, you can't even spell simple words much less offer legal advice. Just stop it.

**bsm2** · 07-20-2021, 11:40 PM

Re: White Privilege, clear cut.

Originally posted by BillyCarpenter

Keep turning that screwdriver and stop playing an attorney on this site. Man, you can't even spell simple words much less offer legal advice. Just stop it.

Free feel to put your head in a bucket a water

Homerun Billy

Ask your lawyer Billy if you even have one

You can also ask about setup companies servers with no certifications and if you have any liability. Go ahead ask.

Trained via youtube is no defense

**BillyCarpenter** · 07-20-2021, 11:46 PM

Re: White Privilege, clear cut.

Originally posted by bsm2

Free feel to put your head in a bucket a water

Homerun Billy

Ask your lawyer Billy if you even have one

Riddle me this Batidiot. If Kyocera releases a new MFP and it comes with software that is later determined to be the cause of a security breach, can I be sued for installing it on their network?

Why am I engaging you in this conversation? I need to have my head examined.

**bsm2** · 07-20-2021, 11:49 PM

Re: White Privilege, clear cut.

How Tossing Electronics Can Turn into a Professional Liability Lawsuit | Insureon

**bsm2** · 07-20-2021, 11:51 PM

Re: White Privilege, clear cut.

Originally posted by BillyCarpenter

Riddle me this Batidiot. If Kyocera releases a new MFP and it comes with software that is later determined to be the cause of a security breach, can I be sued for installing it on their network?

Why am I engaging you in this conversation? I need to have my head examined.

Call 1800 get Mita and ask

But you dont have a tech ID do U
Game OVER

**BillyCarpenter** · 07-20-2021, 11:52 PM

Re: White Privilege, clear cut.

Originally posted by bsm2

How Tossing Electronics Can Turn into a Professional Liability Lawsuit | Insureon

You're getting desperate. You're down to posting links about improperly disposing of hard drives that contain personal medical records.

White Privilege, clear cut.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment