shock horror secrets discovered on old copiers!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • banginbishop
    grumpy old git

    500+ Posts
    • Oct 2007
    • 894

    shock horror secrets discovered on old copiers!

    Yep its been reported in america, now we have breaking news in the UK - not!

    Office photo-copiers containing sensitive information are being sold to potential fraudsters | News Of The World

    The post by trevor nelson is spot on with his comment!
    Incontinentia Buttocks
  • msaeger
    Trusted Tech

    250+ Posts
    • Sep 2008
    • 333

    #2
    I am betting a copier sales person sent in a tip for this whole deal. We have just gotten more sales because of this.

    Comment

    • ApeosMan
      Trusted Tech

      Site Contributor
      100+ Posts
      • Nov 2009
      • 183

      #3
      Multifunction devices and printers are a goldmine of valuable information if you know what your doing, all brands have their security flaws IMHO. Sadly a lot of I.T. people are not aware of the vulnerabilities.

      Comment

      • fixthecopier
        ALIEN OVERLORD

        2,500+ Posts
        • Apr 2008
        • 4714

        #4
        With all the news about HDD's, everyone thinks they have one. One of my customers has signs posted all over their machines stating that they own the HDD, problem is , none of them have HDDs.
        The greatest enemy of knowledge isn't ignorance, it is the illusion of knowledge. Stephen Hawking

        Comment

        • Stirton.M
          All things Konica Minolta

          1,000+ Posts
          • Oct 2009
          • 1804

          #5
          Originally posted by fixthecopier
          With all the news about HDD's, everyone thinks they have one. One of my customers has signs posted all over their machines stating that they own the HDD, problem is , none of them have HDDs.
          We had a customer who was trading up from an old EP3050 and was insistent that we wipe the hard disk before taking the machine. It took 20 minutes to convince her that her POS analog had no drive.
          "Many years ago I chased a woman for almost two years, only to discover that her tastes were exactly like mine: we both were crazy about girls."
          ---Groucho Marx


          Please do not PM me for questions related to Konica Minolta hardware.
          I will not answer requests or questions there.
          Please ask in the KM forum for the benefit of others to see the question and give their input.

          Comment

          • jonhiker
            Senior Tech

            500+ Posts
            • Apr 2010
            • 661

            #6
            Here we go again!

            We've been doing a lot of DOSS(Data Overwrite Security Software) installs and wiping hard drives because of this. Another way to make a few bucks.

            Comment

            • banginbishop
              grumpy old git

              500+ Posts
              • Oct 2007
              • 894

              #7
              personally i think its down to the lease company as they own the m/c or the company who had the m/c to implement it into the sales/hire contract that they retain the hdd. Lets face it most companies when they upgrade their IT equipment, they remove all Hdd from the equipment before its disposed of- the sooner companies realise this the better.
              Incontinentia Buttocks

              Comment

              • Herrmann
                Senior Tech

                Site Contributor
                500+ Posts
                • Jan 2006
                • 792

                #8
                You dont even need to get physical access to the mashine, all it needs is a stupid it admin.
                For the example of Ricoh, try this:

                open Google com (if it redirects to your contry, enter www.google.com/ncr ;ncr stands for *no country redirect* ) , then enter in the search mask:
                (inurl:webArch/mainFrame.cgi) | (intitle:"web image monitor"-htm -solutions)

                have fun

                Note: if there are documents in the Document Server, you can read the first side without problems.
                Note2: even if the mashine has the standard setup and password, dont fiddle around with it, thats not nice
                If sometimes you feel a little useless, offended and depressed always remember that you were once the fastest and most victorious sperm of hundreds of millions!

                Comment

                • zed255
                  How'd ya manage that?

                  1,000+ Posts
                  • Dec 2009
                  • 1025

                  #9
                  Originally posted by herrmann
                  You dont even need to get physical access to the mashine, all it needs is a stupid it admin.
                  For the example of Ricoh, try this:

                  open Google com (if it redirects to your contry, enter www.google.com/ncr ;ncr stands for *no country redirect* ) , then enter in the search mask:
                  (inurl:webArch/mainFrame.cgi) | (intitle:"web image monitor"-htm -solutions)

                  have fun

                  Note: if there are documents in the Document Server, you can read the first side without problems.
                  Note2: even if the mashine has the standard setup and password, dont fiddle around with it, thats not nice
                  That's nuts! I was able to get a scan of a friggin' passport in under five minutes! Nay, it was actually three in one PDF! Crazy.

                  Comment

                  • Stirton.M
                    All things Konica Minolta

                    1,000+ Posts
                    • Oct 2009
                    • 1804

                    #10
                    holy crap with this kind of information an unscrupulous hacker now has access to any of those networks and purely wreak havoc outside of the needs of the copier.

                    I agree stupid IT admin.

                    To my knowledge, Konica Minolta machines do not have this capability. If Ricoh is aware of this and they're not informing their customers they are culpable in losses that these companies might face due to any hacking activity that could arise from this. I think I'll make this information available to our sales reps so then we have a leg up on the competition out there.
                    Last edited by Stirton.M; 07-27-2010, 06:41 AM.
                    "Many years ago I chased a woman for almost two years, only to discover that her tastes were exactly like mine: we both were crazy about girls."
                    ---Groucho Marx


                    Please do not PM me for questions related to Konica Minolta hardware.
                    I will not answer requests or questions there.
                    Please ask in the KM forum for the benefit of others to see the question and give their input.

                    Comment

                    • Herrmann
                      Senior Tech

                      Site Contributor
                      500+ Posts
                      • Jan 2006
                      • 792

                      #11
                      No hacking here necessary in any way, all i need is a little knowledge about boolean algebra and how to feed a search engine. I am pretty sure, that this works with canon, km and whatsoever, if the IT Admin does not make its work correctly.
                      In the most cases it is enough to set a gateway adress, where it is not necessary and *BAM*, the box "phone home"
                      If sometimes you feel a little useless, offended and depressed always remember that you were once the fastest and most victorious sperm of hundreds of millions!

                      Comment

                      • Vulkor
                        Senior Tech

                        500+ Posts
                        • Jun 2009
                        • 942

                        #12
                        Hmm So anyway to block this from happening? Sure changing the Default Admin and Pass is a start, but can still see Documents in Document Server without logging in I know the documents can be password protected, but most of my customers won't go to that trouble. A Gateway and DNS is necessary for the MFP to scan to email.

                        Comment

                        • klurejr

                          #13
                          Originally posted by Stirton.M
                          holy crap with this kind of information an unscrupulous hacker now has access to any of those networks and purely wreak havoc outside of the needs of the copier.

                          I agree stupid IT admin.

                          To my knowledge, Konica Minolta machines do not have this capability. If Ricoh is aware of this and they're not informing their customers they are culpable in losses that these companies might face due to any hacking activity that could arise from this. I think I'll make this information available to our sales reps so then we have a leg up on the competition out there.

                          Any MFP with a built in web server can be exposed like this if the organization gives it a public IP and sets it up outside a firewall.

                          When networked MFP's first started becoming common place I remember working with many customers who had purchased a block of 5-10 IP addresses from the ISP and had all their computers and MFP's sitting on the internet using a public address.

                          I once tested this by saving the IP address they gave me from the block they had and logging into it from home.

                          The MFP's you can find via google are sitting on the wrong side of a firewall, or the network they are on has no firewall, and is instead using public IP's. I had thought this practice had gone away years ago, but obviously some people still do business this way.

                          I don't see how the manufacturer can be to blame when they disclose that the device has an embedded web server, in fact most manufacturers tout the web server as a feature benefit.

                          Really if a dealer is installing a new machine and the customer gives you a public IP it would be to your benefit to explain the dangers of using public IP's not just for the MFP, but for all ones PC's as well.

                          Many of you might remember Windows OS before they had firewalls built in, the entire reason Microsoft gave the desktop a firewall, personal PC's on DSL and Cable, users were just plugging the PC directly into the modem and using the public IP from the ISP.

                          Comment

                          • Ducttape n Glue
                            Trusted Tech

                            100+ Posts
                            • Apr 2010
                            • 195

                            #14
                            Just bought a lease end wide format mfp unit. You should see the prints on this thing!! Needless to say, somebody dropped the ball, and let out an awful lot of highly confidential, proprietary and classified prints. From circuit diagrams, to building floor plans, to components blueprints. We are shredding all prints and deleting all files. Irony is one of the prints is from the Security and Data Information Department!! This was in a very important location.
                            Signing off,
                            Dr. Evil

                            Comment

                            • klurejr

                              #15
                              Originally posted by Vulkor
                              Hmm So anyway to block this from happening? Sure changing the Default Admin and Pass is a start, but can still see Documents in Document Server without logging in I know the documents can be password protected, but most of my customers won't go to that trouble. A Gateway and DNS is necessary for the MFP to scan to email.
                              The fix is to not give an MFP a public IP Address, simply put it behind a firewall, which as I stated above is common practice these days. If an MFP is behind the firewall no amount of google magic is going to get an outsider to its webpage.

                              Comment

                              Working...