Jonathan Fabrizio

All Posts

[+] HP LaserJet 1020 connection over network

Jonathan Fabrizio - 09/03/13

I tried to connect my HP LaserJet 1020 over a USB printer server and it does not work. Many people over Internet complain about this difficulty but I found no solution on Internet. After few tests, I found how to make it works. I am very happy (and a bit proud). I want to share my solution to help other people to connect this printer (and I think this solution can work for other printers).

J'ai voulu connecter mon imprimante HP laserJet 1020 à l'aide d'un serveur d'impression USB (plus exactement ma Freebox) et ça n'a pas fonctionné. Après recherches sur internet, j'ai vu que beaucoup de personnes ont essayé mais sans succès. Après quelques tests, j'ai fini par trouver une solution. Je suis vraiment content d'avoir trouvé (fier ?). Je vais essayer de décrire et problème et partager ma solution – si ça peut aider d'autres personnes... Je pense que cette solution est applicable à d'autres modèles similaires.

Viewed 2744 times

[+] Hijack sudo

Jonathan Fabrizio - 22/06/12

To finish a small serie on sudo vulnerabilities, I show in this post that, with a simple trick, it is possible to hook sudo by taking advantages of bash negligence. It is not really serious - I found this funny and I do not think that it can be a serious threat...

Viewed 2824 times

[+] sudo vulnerability (2/2)

Jonathan Fabrizio - 27/02/12

In a previous post, I showed how a trojan horse can become root by the use of sudo. According to it's configuration, sudo may ask password only once and does not ask password again for a predefined period of time. Malicious software can became root silently.
To exploit this vulnerability, I wrote a program that invokes silently sudo until sudo does not ask password. To succeed, this program must be launched in the correct terminal before the correct user invokes sudo (or right after). This means, the threat is rather low. I complete here the previous post with (too) simple tricks to increase chance to become root (simply to show that even the threat is low, it must not be neglected). To finish, I give simple advice to prevent you from being attacked by such program...

Viewed 2349 times

[+] sudo vulnerability (1/2)

Jonathan Fabrizio - 08/01/12

Allowing sudo to avoid asking password for executing admin operation disrupts me a bit. I think it is a vulnerability and I will try to prove it in this post. This is not a big threat as this implies the system has already be corrupted but this should not be neglected: I think a simple program can easily become root with this mechanism. Most of this post has been written after an old long discussion on french ubuntu forum but I hesitated long time to publish it.

Viewed 1633 times