22

My local library still hasn't noticed the change of name. They need to stop using a default password for the printer! Imagine how users would feel knowing private documents they scanned can be seen elsewhere? Making good passwords either needs to be incentivised, or factory passwords should be generated. Or I guess one day, people and maybe companies too will have such trash IoT security everywhere else too that you get the smart home hack from Mr Robot.

Seriously, it's dumb.

Comments
  • 9
    If you changed it to "anyone can read what you print", it would probably get noticed fast.
  • 3
    I watched a security conference talk the other day that covered IP security cameras. Apparently most of them have some form of default remote credentials hard-coded into their firmware (or worse, the configuration) as well as remote code execution vulnerabilities. The price doesn't matter, they're all bad. (It was a couple years old, so the most recent ones *might* be better, but I doubt it.)

    Most people just want their stuff to work, and if they even consider security at all they don't really comprehend the implications of leaving things they way they are. Passwords are secure, it has a password, what's the problem? That sort of thing. Combined with common technological illiteracy (beyond the basic everyday stuff), it's not surprising things like this happen frequently.

    I don't know where this is, but if it's a smaller library they often can't afford proper IT staff and whoever handles things might not know any better. They might even be open to volunteer help if it was offered.
  • 2
    Doesn't matter much what password they use.
    https://youtu.be/DwKzSO4yA_s
  • 3
    It's great that you know how to check systems for those kind of vulnerabilities but you should really follow proper disclosure best practices and be careful of any computer misuse laws in your country. Changing a printer name would definitely breach that law in the UK - doesnt matter if its to point it out or be malicious
  • 3
    Since it's a library you should volunteer to fix it for them. They likely have very few dollars to spend so IT is a last thought until something terrible happens. I'm sure you could find an hour or two once or twice a month to go in and fix small things little by little.
  • 1
    Just use it to print pron and they will quicky realise.
  • 1
  • 2
    @electrineer good idea!

    @powerfulparadox very valid point. People seem to care less as long as things work. And as for the library, it's council run so that might affect IT staffing.

    @Parzi that's spooky, and only proves that manufacturers need to step up their game.

    @cmarshall10450 thanks! And you're right, I'm in the UK and could have gotten in trouble. Not sure about 'proper disclosure best practices' though. Is that another way of saying 'get consent from the owners'?
Add Comment