The hack to make the HP printers burn was interesting, but lets face it, a printer today is aÂ special purpose computer and a computer almost always has a flaw which can be exploited.
In his book on UI design “The Inmates are Running the Asylum”, Alan Cooper makes the point that just about everything these days, cameras, cars, phones, hearing aids, pacemakers, aircraft, traffic lights … have computersÂ running them and so what we interface with is the computer not the natural mechanics of the device any more.
Applying this observation makes this a very scary world. More like Skynet in the Terminator movies now that cars have Navi*Star and that in some countries the SmartStreets traffic systems have the traffic lights telling each other about their traffic flow. Cameras already have wifi so they can upload to the ‘Net-of-a-Thousand-Lies.
Some printers have many more functions; some being fax, repro, and scanning as well as printing a document.Â Â And look at firewalls. Look at all the additional functions being
poured into them because of the “excess computing facility” – DNS, Squid-like caching, authentication …
I recently bought a LinkSys for VoIP, and got the simplest one I could find. I saw models that were also wifi routers, printer servers and more all bundled onto the “gateway” with the “firewall” function. And the firewall was a lot less capable than in my old SMC Barricade-9 home router.
I’m dreading what the home market will have come IP6
I recall the Chinese curse: yes we live in “interesting security issue” times!
But in the long run of things the HP Printer Hack isn’t that serious.Â Â After all, how many printers are exposed to the Internet.Â Â Â We have to ask “how likely is that?”.
Too many places (and people) put undue emphasis on Risk Analysis and ask “show me the numbers” questions. As if everyone who has been hacked (a) even knows abut it and (b) is willing to admit to the details.
No, I agree with Donn Parker; there are many things we can do that are in the realm of “common sense” once you get to stop and think about it. Many protective controls are “umbrellas”, that its about how you configure your already paid-for-and-installed (you did install it, didn’t you, its not sitting in the box in the wiring closet) firewall; by spending the money you would have spent anyway for the model that has better control/protection — you do this with your car: air-bags, ABS and so on so why not with IT equipment? The “Baseline” is more often about proper decisions and proper configuration than “throwing money at it” the way governments and government agencies do.