IPP Corrections to Article
> IPP also allows an attacker to reconfigure the printer using a proxy server, which can
> allow attackers to perform man-in-the-middle attacks by creating their own proxy
> servers and reconfiguring printers to use them.
After talking with Ira McDonald and the IETF IPP-WG, I realized the article was poorly worded when it came to using the IPP protocol to allow a proxy server to reconfigure an IPP Printer. This was not the intended translation of what I meant, and I admit this paragraph was poorly written. I didn't know that a proxy server could reconfigure a printer, and have not had any experience to suggest this is possible.
The intended meaning of this paragraph was that the implementation of the IPP protocol along with the availability of the unauthenticated back-door to reconfigure the proxy server settings means that an attacker could specify a poisoned proxy server which could then be used to "spy" on the user.
As stated to the IPP IETF, the paragraph should have been (and will be in future versions of this whitepaper:) "I was able to manage to get several printers configured to use a proxy server to access the internet. The effect was that the printer used the proxy server to access webservers on the internet. While this *IS NOT* a vulnerability in and by itself, having the ability to access this configuration information via a back-door or other configuration access point meant that an attacker could submit their own proxy server to push requests through, essentially creating an easy way for an attacker to "spy" on the printer, and keep records of what URI's were requested to be printed, as well as potentially capturing the traffic (proxy servers run by an attacker can capture data.) It isn't the IPP protocol itself which allows this access (I admit, this *IS* badly worded in the article, and will be changed,) but the access to the proxy server configuration makes the implementation of IPP potentially dangerous."
Thanks to Ira McDonald, Carl-Uno Manros, and the IETF IPP-WG for pointing out the poorly written paragraph.
Re: SNMP *can* be secure
> Thanks for a good thorough article on an
> important topic.
> I would like to point out that SNMPv3
> adds authentication and privacy methods
> considerably stronger than the pathetic
> community-based access control that is
> all you get with v1. Yeah, I know, you
> won't find it implemented in any
> printers today, but I can dream, can't
Thanks for the info. I'll change the SNMP sections to refer to SNMP v1, in future versions of this article. It appears that both HP and IBM are beginning to add SNMP v3 into newer printer servers and printers...a welcome improvement. So maybe your dream is closer to coming true than it was in previous years.