Sysadmin finds insecure printer, remotely prints 'Fix Me!' notice

Once you're through the web interface the email-to-printer address is easy to find

108 Reg comments Got Tips?

ON-CALL Well what do you know? The working week is all-but over, which means it is time to share a story from a reader's working life in our weekly On-Call column.

This week, meet “Doug” a techie who tells us he has “a client in central Dublin and find myself in their offices every other week or so to deal with the usual stuff, new laptops and the like.”

On one visit Doug couldn't help but notice a multifunction laser printer that had been hooked up to a neighbouring network, but left wide open to the world.

The device was not, however, one that Doug was paid to fix. So he figured its owner would eventually figure out the risk and get it sorted.

Which was very optimistic thinking, because every time Doug returned to the site the printer was still there and still waiting for mischief to be wrought.

So one day Doug dug into the printer's web interface and figured out how enough about the network to which it was connected to learn the name of the company that owned it

A spot of Googling later and a glance at LinkedIn later and Doug had enough information to concoct a personalised message to the owner. And because he knew enough about the company to also send a document to the printer by email, he decided to send “a few pearls of wisdom about hiring competent IT support and not letting the office intern set up your new printer.”

Doug's message included “A nice juicy screenshot of their address book plus a suitably attention-grabbing banner .”

Doug signed off as “your friendly neighbourhood Sysadmin”, fired off a few copies … and waited.

A few days later, Doug visited the site and – surprise! - the printer was no longer visible.

But a few days later when Doug visited his doctor, he noticed the very same machine sitting there in the waiting room.

So he left us with his final thought: “Those little printers are far more popular than I thought ...”

What have you done to insecure devices? Write to share your story and you might end up on this page next week! ®


Biting the hand that feeds IT © 1998–2020