On Mon, Mar 24, 2014 at 10:15:27AM +1100, Mark Andrews wrote:
In message <532F60DD.3030302@foobar.org>, Nick Hilliard writes:
On 23/03/2014 21:02, Mark Andrews wrote:
Actually all you have stated in that printer vendors need to clean up their act and not that one shouldn't expect to be able to expose a printer to the world. It isn't hard to do this correctly.
perish the thought - and I look forward to the day that vendors write secure software which is impregnable to all vulnerabilities past and present. When that happens, I'll cast away my default deny configurations and advise other people to do the same.
And there you go putting stricter requirements on printers that you don't put on laptop, servers. None of us would put any machines on the net if they had to meet your printer's requirements.
To be fair, laptops and servers today tend to have better baseline security than printers today, and laptops and servers tend to have a better patch release and patch management support than printers. That isn't to say that printers (and other similar devices *cough*Residential CPE*cough*) couldn't be made to be at least as secure, out-of-the-box and ongoing, as today's laptops and servers, but that isn't the case today, and I'm not aware of anything on the horizon that would encourage a swift change in the current trajectory for those devices. On a completely unrelated topic, anyone else looking forward to XPocalypse next month? - Matt (A pragmatic proponent of the end-to-end principle) -- School never taught ME anything at all, except that there are even more morons out there than I would have dreamed, and many of them like to beat up people smaller than they are. -- SeaWasp in RASFW