AMERICA

AMERICA
ONE NATION UNDER GOD!

Friday, January 7, 2011

PRINTERS E-MAIL iTunes -n- PASSWORDS

HOW WELL DO YOU TRUST YOUR PRINTER?
If you use a modern laser printer, you should be aware that every page printed by the printer contains coded information about you. Specific details about you, your printer and its location are encoded on every page printed by the printer. This information has been known about since 2004, when it was declared via the freedom of information act, that printer manufacturers placed that encoding mechanism in their printers at the request of the United States Government, in an effort to stem the tide of counterfeiting US currency.

But, did you know that your HP printer, that harmless looking device sitting next to your computer, may actually provide hackers the ability to remotely execute programs on your computer?



SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01623905

Version: 6
HPSBPI02398 SSRT080166 rev.6 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-02-04

Last Updated: 2010-10-13

Potential Security Impact: Remote unauthorized access to files

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files.




STATES IN PART:

 
References: CVE-2008-4419
SUPPORTED SOFTWARE VERSIONS*: 
ONLY impacted versions are listed.

HP LaserJet 2410 with firmware prior to 08.113.0
HP LaserJet 2420 with firmware prior to 08.113.0
HP LaserJet 2430 with firmware prior to 08.113.0
HP LaserJet P3005 with firmware prior to 02.043.1
HP LaserJet P3015 with firmware prior to 06.043.2
HP LaserJet P4015 with firmware prior to 04.049.0
HP Color LaserJet CP4025 with firmware prior to 07.20.7
HP Color LaserJet CP4525 with firmware prior to 07.20.7
HP LaserJet 4250 with firmware prior to 08.160.4
HP LaserJet 4350 with firmware prior to 08.160.4
HP LaserJet 5200 with firmware prior to 08.062.0
HP Color LaserJet 5550 with firmware prior to 7.014.0
HP LaserJet 9040 with firmware prior to 08.112.0
HP LaserJet 9050 with firmware prior to 08.112.0
HP LaserJet 4345mfp with firmware prior to 09.120.9
HP Color LaserJet 4730mfp with firmware prior to 46.200.9
HP LaserJet 9040mfp with firmware prior to 08.110.9
HP LaserJet 9050mfp with firmware prior to 08.110.9
HP 9200C Digital Sender with firmware prior to 09.120.9
HP 9250 Digital Sender with firmware prior to 48.091.3
HP Color LaserJet 9500mfp with firmware prior to 08.110.9

 
BACKGROUNDFor a PGP signed version of this security bulletin please write to: security-alert@hp.com
___________________________________________________

E-MAIL HACKS:

A comprehensive HOW TO, manual. presented here in the spirit of

FULL DISCLOSURE

Remember what I taught you before about listing your email address in open?
If you must post it, do it like this:

krippledwarrior[at]gmail[dot]com
It prevents bots from recognizing it as an address and may help keep you off some pretty nasty spam lists.
_____________________________________________________

iTunes
//////////><\\\\\\\\\\
50,000 iTunes ACCOUNTS HACKED AND FOR SALE IN CHINA


If you're an iTunes customer, you may want to pay very close attention to your account activity, especially if you have your payment account information conveniently integrated into your iTunes account to enable seamless purchases.
Some 50,000 iTunes accounts are on sale on TaoBao, the Chinese equivalent of eBay. Listings offer access to iTunes accounts priced from 15 cents to $30. One of the accounts could be yours.
An intrepid reporter for the Chinese Global Times, named Zou Le, broke the story. Le paid $5 for an iTunes username and password, and got access to credit card details and the address of an American iTunes customer.
_____________________________________________
PASSWORDS

THE ROOT OF ALL EVIL in cyberspace is your password. Or more accurately the strength of your password. Under absolutely no circumstances should your password and your login name be the same. That happens to be the very first step in every algorithm used to crack passwords.
The sequences of common letters and numbers is usually next, such as:
qwerty
123abc
abc123
asdfghjkl;
and of course:
password

I highly recommend you do away with passwords completely and use a PASSPHRASE instead. Rather than a single word, use and easy to remember sentence or phrase. Most security conscious places will require the use of passphrase of at least eight characters, with at least one of them being a numerical value and one uppercase letter. 
However, an in-depth knowledge of passwords and how they're parsed will teach you that a minimum length of 14 characters is your safest bet. Maybe teach you how to build an unbreakable, uninhabitable, unforgettable passphrase. Please do not use the passphrase I'm using here as an example. The whole freaking Internet is watching.
somethingslearned
is the passphrase were going to work with.to make this standard compliant we need to change a little;
Somethingslearned
note the S, moves us closer to compliance. Only the numerical value is missing so let's change some of the letters for numbers that resemble the letters.
S0m3thingslearned
note 0 and the 3 in place of the o and that e.

. This to the extreme yields:
S0m3thingsl3arn3d
another trick would be to transpose a consonant, in this example, the letter s is nicely replaced by the number 5.
50m3thing5l3arn3d
but we lost our capital letter, so let's change it to:
50m3thing5l3arn3D
and if you're feeling extremely paranoid you can substitute ASCII characters.
For example:
° is created by holding down the 
key 
and typing 248 
on the numeric key pad.
using that symbol to replace the "o"yields:
S°methingslearned

IF YOU DON'T KEEP YOUR INFORMATION SECURE. 
IT ISN'T YOUR INFORMATION.


10 comments:

Heidi said...

Sometimes I wonder if the whole internet and being connected in so many ways- facebook, blogs, e-mail, stored info from purchasing online products etc. will be our undoing as an entire nation and possibly even world. Your advice is good advice. Even if a bit overwhelming to think of how many passwords I have to change to make each more secure.

Karen thisoldhouse2.com said...

Great advice, Kurt. I think mine are pretty hard to come up with, but I might rethink it again.

Anonymous said...

DUDE!!! I told you not to tell anybody, lol!

Senorita said...

Well, good thing I don't own a printer !

UBERMOUTH said...

I have read a great deal of the book so far and it's SCARY! RRRS feeds can be taken of your Gmails? Wow!

Poetry of the Day said...

how are you going to tell this secret -,-

i always thought this was common knowledge, but for people that didnt grow up with the internet i guess it wouldnt be. back in the day didnt they call this l337 speak or some shit? wh3r3 17 w45 c00l 2 7yp3 l1k3 7h1s

Anonymous said...

Thanks...My printer randomly turns on...Weird...

Anonymous said...

Another great way to formulate a password is to think of something random such as "I'm really looking forward to my mother in law leaving next week" and then using the 1st letter of the word only eg
irlftmmillnw
other techniques as mentioned above can then also be applied eg
1rlftmm1llnw etc

It's astounding how many people use their names, kids names, pets names etc....

Marnie said...

Great info as always. I will be reading that book. Thanks!

Spiky Zora Jones said...

warrior man: all of this is pretty scary. luckily I do some of those trick already...but maybe I should dig deeper into this stuff.

thanks for the heads up honey. xxx