In an interesting piece of research, Michael Sutton details the vulnerability opened up by leaving HP’s Webscan service enabled on your network attached scanner/printer devices.
This really does highlight the fact that, when thinking about security, it is never good to assume anything. Any device attached to your network should be thoroughly examined, and the benefits considered.
Of course, it also is a big failure on the part of HP not to ensure such services are secured by default (or at least must be specifically enabled). Hopefully they’ll fix this, but for now, if you own an HP scanner/printer/fax device, then it’s worth checking you’re not exposing sensitive documents to the wrong people.
AVIEN CEO / CTO K7 Computing