Xerox

 I stare at the sheet of paper before me my feet proped up as i lay in my lime green Hammock ive inheareted. The few belongings ive acumulated hanging from the bars. The warn bags, eco friendly as they say on the side. The canvas warn but still holding up after months of searching threw them. Others going about there day. Making calls on the remaining smuggled phones the police failed to find during the raid. Some prepairing dinner on the doubble burrner stove in our makeshift kitchen. a stove on a sink. 

I hang suspended above out of the way, left to my own device. I ponder my life as the epic memories sustain my beeing. Moments of my past remembered wih a twitch of my brow as I question how I made it this far for this long. Avoiding death over and over again. Making life changing decisions repeatedly in favor of aventure and Rial. My moral compass spinning out of controle as I realize I dont much have one. As my current situation can atest to. My home for the past two years, Enviado prision. Another moment in time I cant undo. so many of my decissions holding perminant consiquens to my fly by the seat of my pants decisions along the way. I rairly show restraint to the voice in my head. Sugestions of intrege taking presidence to irational thought. I live on this crazy ass world the same as everyone else, just trying to survive. One similar moment of irational thought struck a few years back. As I reclined on my leather sofa in my boxers nursing a glass of whiskey while I watch the all time clasics Simpsons. My mind festering on an unusual delima of sorts. Having just recently returned from a programing conference in Rodchester New York a few days earlier. A very cold excursion in mid january for a Southern California boy.

A conference on the development of new aplications for Xerox. Xerox releasing there new app store consisting of numerious usefull applications able to be added to any modern Xerox device threwout America and Europ. Millions upon millions of meningless copiers, printers AND production presses. Devices held in every business or office.

The Xerox device being one of the most popular of choices. A staple in the industry. A device rairly thought of outside the window of use. Networked into secure invironments with little thought as the cable moving documents hear and there goes unoticed pluged into the black. On average the default pin left unchanged, providing access to the system managing those michines. Xerox having just conducted a contest to stimulate new development of there Conect key software. Application based programa displayed on the cell phone size screen. Little icons providing unlimited use for these actualy complicated devices. Billable upon design. A profitable new tool for compeeting distributors accross the states. Muy undersanding built on trial and error. As a new award winning developer of these Conect Key apps having placed in all of there contesta. Merritig my trip to Rodcheser, Nee York, as a new lead developer of these relitivly unknown applications. The conference a meet and greet of other competing distributors accross the nation. A colection of forty or so other programers sponsored by there corisponding companies.  Developers who has bien working with Xerox  prior to the conference. Two developers in piticular standing out as there company had been one of the national developing companies originaly contracted as the soul producers of these apps. Apps that had been pushed to all the distributors devices on trial. An example of all that was possible as the company pushed there Facebook feed to the side of the screen. A continual marketing feed available at the request or solicitation of sales reps pitching the benifits of Xerox to there clients. These two programers standing as the athority on the development and release of new applications to the market. 

My understanding only coming a few months eairlier as my position at Xerox Source consisted of developing the companies website, billing portal, online store and intra net system, conecting all the branches to the most relivant information from corporate. I had returned to Xerox Source two years eairlier in the contract billing department. Advancing quickly as challenges were issued by my superiors. 

The Conect Key Apps as they were called was a simple yet extreamly customizable platform as I would soon learn. The applications if native to the device could trigger a host of services sreamlined to the repitious needs of the users. For example if Bob a simple clurk was required to scan a set of documents then print 3 copies, email 7 to the same contacts and save one copy to an archiving server, every day, multiple times a day. A time saving application could be developed, at a premium. Thus saving the client multiple hours of labor Time. This form of application native to the prexisting features, built into the device. Non native applications only require the device to be plugged into the network with internet access. A common in buisness today.

The then corisponding application is only a link to external resources needed. For exaple if the need to print directions using Google maps from one destination to the next the device will use its intergrated keyboard to request departure and destination. Then without any additional actions print or email with just a click of the icon on the display. These are simple examples as anything accessable on the Internet could be in essence be built into an application for sale, as the needs arrise. The two developers that I would soon meet at the conference had developed the original applications that were being curently used as examples for distribution accross America. At the present time one of the few apps available on Xerox's newly launched app store. The same application that was available to all distributors of Xerox. The same application I was tasked to investigate.

After conecting the device harddrive to my computer a Linux driven machine, with the vast capibilities only Linux Kali could provide. Linux Kali an operating system unknown to most as the majority of the population use Windows oe Mac as there daily drivers, operating systems built for the masses. Kali is an operating system designed for the pourpous of penitrating anything computer based. Its available tools for hacking, cracking and intruding on systems that may show a hint of vonrability. The ability to dismantal dynamic websites, access routers and servers without the need of username or password. The ability to penitrate secure personal computers conected to unsecure networks, acsessing private personal data of the user. And many more useful features available at the descression of the user. A full force penitration system, operating system. The same system I had just plugged the Xerox harddrive into.

My screen now displaying the contents, file structure similar to any other computer harddrive, as I click threw folders to view there content. A mixture of script and unrecognizable files to my untrained eyes. As I work my way threw opening individual files in text editor viewing there code I fallow a path unknown. I work my way threw equating myself with the system displayed accross my screen I find a constent. A file that is restricted to my access.

After multiple atempts at accessing them with failure I tried a simple action of renaming the file as a ".zip" file extention. To my surprise I could now extract the secure files and view the code in a text editor. Revealing the Conect Key applications make up. In esence I was reverse enginering the apps I set out to understand. After a few accidental errors that opened more doors of knoledge I learned that those secure files primarly consisted of an icon only noticed by Xerox devices and a script file that pointed to an external website. A URL that I could fallow. Opening a web browser I typed in the URL. Revealing to my surprise the exact display that shown on the Xerox device display.

Without the ability to intitate actions to a device. For example when I clicked "Scan to E-mail" a screen would open asking for the standard información. Like e-mail address for the recipant of expecting document. Which I was able to enter with my keyboard but the corisponding action of "Enter" would do initaly nothing as it was not active on any single device. The website open to any and all that stumble accross it. Even though they would not know its pourpous or use. Having thurow knoledge of web development I dug deeper. A simple right click of the mouse enabled me to view the web page as code, lines of text written for a computers understanding. These lines of code painting a picture of the structure and resoueces used to trigger the actions on Xerox devices. Normaly hidden java script files accessable by fallowing additional URL's, all hosted on external servers of external companies, outside of Xerox. This one inpiticular  belonging to the two developers I was soon to meet unknowingly at the conference. Soon I had access to every file needed to reproduce the applications displayed on every device. The website being extreamly simple calling on pre set files. Propriatary Xerox technology open to the world. Access to everything needed to produce actions corisponding to the need of each device.

Opening a terminal I typed a few comands trigering a program that in essence will duplicate any website its pointed at, scraping a website. This action creates directories of files with the corisponding websites and script pages copied to my computer. A process taking seconds rather than hours of saving every referenced web page or file individualy. A true benifit to my current need. Soon I was creating a slew of new apps for our sales team. Everything from the theatrical of making the Icon on the display a photo of the perspective client. When triggered printing a photo of that person on all networked devices threw the office to placing your Starbucks order with your local Starbucks,  securly selecting your complete order by entering your credit card information directly on the Xerox device display. More of a parlor trick for the teachers and purchasing principals of major school districts than actualy useful. But this displayed the vast posibilities of what an otherwise simplistic printer or copier could do. As I moved forward with the development of these relitivly unknown applications Xerox anounced a contest for developers. The best applications submitted would place first - third reciving cash prizes, a pluss in my curent position, over a three month period. Three oprotunities a chance at the grand prize the forth month. Having about two months of knoledge now on the abilities of the applications.

And municipalities. The new Print Care application a staple to Xerox Source was loaded to every curent and new devices shiped out of there wearhouses for distrabution.

The truth of the mater was Xerox was holding back on the capibilities now open to anyone with a computer and USB stick. It also may just be bling ignorance on there part.

When Xerox anounced the contest they opened access to the tools needed, sort of. There new app building web portal was extreamly limited to what was actualy possible. What it did do was make my curent backwards process of development superior to what the other competitors in the field had access to. There was no restrictions hindering my development because I had no rules to fallow at the start. I had learned early on that I could create an application that was just a link, hyperlink, to whatever I website I chose to point it at. And the three new applications I had won awards for were hosted on our private company servers. For example whenyou wanted to order the staples for your device you would click the "Order Staples" icon displayed on the device screen and everything you see visualy is actualy just a remote website displayed on the screen infront of you. If you unpluged the network cable from the back of the device the application would fail to respond or work. Not a problem in the states. Owning one of these very expensive mechines garentees it will be provided to utilize its native features, scab to email, etc. Every application I had built was housed in individual corisponding folders on Xerox Sources servers or web servers. This was also true for the two developers that provided the original apps. By finding the link directing me to there demo app provided for distributors I was able to view all there applications built for every client they had designed for, open to the public. They had provided everything needed to develop all of there past custom apps by not placing them behind a wall of security. Over the few months prior to the upcoming developers conference in New York, I had replicated and improved or redeveloped every app i could find of theirs free on the web. All held on there servers open to the public. Once a link was found I would just open the terminal on my computer, type the necesary comands and Kali would duplicate there entire website or application to my computers folders, just that simple. 

Right or wrong I held the posistion that Xerox corporate provided the nessacary tools needed for a fair compitition. Any propriatery code was now available to all developing distributors. These were the original scripts, trigers, enabling the device to respond to corisponding actions needed to be included in the packaging of each individual application created. This was not propriatery to any sole distributor. Without the provided scripts the device would fail to respond. 

For example, the digital keyboard displayed on the screen would not open or initiate if the Xerox provided files were not present on the corisponding server. All this is important because little did I know I had now revealed many vonrabilities around Xerox's new app store and applications.  There lack of security or protocal is built on a continualy evolving platform accessable to anyone with a computer or USB stick. When you walk up to a printer to make a copy of your confidential paperwork you rairly think of anything else. The truth is if the device in conected to a network that document you just printed could instantly be saved without your knoledge to a remote server. External servers colecting every document scaned, emailed or printed on that Xerox device. I say this because I have clear understanding that this has been done before. Having developed similar applications to replace the "copy, scan" icons on devices.

On every Conect Key Xerox device display you will find "Print, scan, email" icons you press to produce the corisponding action. If for example a person simply took that exact application and added a "ftp" (file transfer protocal) url, with anonymous credintials, ad in no need for user name or password to the print, scan, email icons displayed on your device, from that point on a copy of every document ever processed on that device would be saved to any location of there choosing. To add the applications to any device it can be done with USB stick by walking up plugging in the USB stick to the device and flashing the new app directly to the device or by accessing the devices brodcasted IP address on the network without the knoledge of those around. A process that takes less than a minute to complete. The corisponding company would not be the wiser. There is no additional notifications. So lets say somone walked into a school, college or courthouse, opend there laptop and asked to print a document conecting to there network, not an ucomon practice. That person then could flash the new app, print there document and move on in less than five minutes, no one ever being the wiser. That person now recieving a copy of every document from that point on. A task that is even more seccesful with any business without a full time cyber security tech and even then most would not notice anything amis as its unknoticed by most everyone. The device could be sending copies unnoticed for months or years depending on the next time its software was updated and only if the Icons recieved an update. More often than not, never. It could be added to hundreds of thousands of devices without notice. Thousonds upon thousands of documents saved as ".tif" images, archived under corisponding IP addresses and email addresses. Sitting idle on unknown servers. Medical, legal and private documents unknowingly accessable to third parties. Food for thought as Ive seen it done with my own two eyes. The applications not a threat as it unknowingly sends the packages silently.

So as the conference approced life was good.

Comments

Post a Comment

Popular posts from this blog

Vasectomy and Viagra

The second me and Viagra too great achievements of modern science. I have always wanted to get one done at an early age. Never really wanted kids. My daughter my Superstar was The Unwanted result of horny usefulness. I can honestly say I had very little connection at first to my daughter. I was working insane hours as a dock worker when she was born. 10 through 12 hours on 8 hours off day and night. The drive back and forth an hour commute each way. 7 days a week a walking zombie at the time. I remember walking into are two bedroom apartment after a shift. My wife at the time asking I feed my daughter before I passed out. I mindlessly wandered into the kitchen pulled fresh pumped breast milk from the fridge filled a bottle, warmed it tested it and handed it to my newborn child. Unable to do anything for herself. I picked her up and fed her. Burped her and changed her before passing out and my on bed. Only to wake 4 hours later to get ready for my shift again. My bond with my Superstar ...
Read more

Behind the bars

Id like to paint a picture. In my cell there functions a society, a society developed in the barrios of Colombia. We have a list on the bathroom wall that consist of names of the men behind the walls. My name does not change. Others come and go but mine stays the same, a list, a rotation. This is a social dictatorship an economy driven buy drugs Marijuana, cocane, tusi, etc is brought in, 100 g coke here, 250 g Marijuana there, bags of others. A controling patty finances and funds the minions that wrap and package for sale and distrabution. Along the way in our socioty of 18 men. The product is cut, lost stolen and sold by the constituants with in these walls. The police already extracted there cut as product passes from hand to hand, from freedom to opression. From A - Z inflation. So black to the list, the list of inmates that come and go. It flucuates, inmates, there transition unknown, some short some long, mine without measure. A reality holden from the world behind these bars. A ...
Read more