Me: Xerox printers can be vulnerable to certain exploits, their web servers can be vulnerable and often they are installed without security protocols set up on intranets
Xerox Security Guy: Actually, Xerox tests all their systems and our systems are not vulnerable to any attacks like this, no one can install any malware on them or use them as a launch point. Nor can you get images or files off of our MFD systems. So really, you need not worry about such things.
Me: Uhh how about when Brendan O’Conner did his presentation of exploit injection at Black Hat?
Xerox Security Guy: That was four years ago, its old news!
Me: It’s proof of concept and YOU should never claim that your systems are impervious to hacking.
This exchange happened today and it REALLY burned my ass. I got rather heated over this becasuse this guy really tried to just downplay the vulnerabilities and potential for vulnerabilities on printers (especially Xerox) and in reality, Printers are the new vogue item on the APT’s list of “easy targets”
Such low hanging fruit not too often provides such rich bounty as a printer who’s cache you can plunder boyz… God I hate sales wankers…