Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer."

[Shawn Merdinger <shawnmer () GMAIL COM>]

Yes, Harry, clearly the printer problems go back well over 15 years.
I merely pointed out my SPC talk in 2014 that covered Weev's silly one
line script attack use case.

For more historical context, and deeper dive into printer weaknesses:

IronGeek's Hacking Printers page:
http://www.irongeek.com/i.php?page=security/networkprinterhacking

Dr. Andrei Costin's "Hacking Printers: 10 years of public research and
lessons learned" (2012):
https://www.youtube.com/watch?v=cf8DQmjaNnw

Cheers,
--scm



On 3/28/16, Harry Hoffman <hhoffman () ip-solutions net> wrote:
> This vector, unfortunately, goes back alot further then 2014.
>
> And the print jobs have been everything from beastuality, to cruises, to
> folks from other countries issuing warnings to close off access to the
> ports.
>
> It's a sad state of affairs and one made worse by vendors who won't
> provide quality controls for the equipment they manufacture.
>
> Cheers,
> Harry
>
>
> On 3/28/16 10:14 AM, Shawn Merdinger wrote:
> > Lock down your printers, lest Weev (and now countless others) will
> > troll you with racist print jobs.
> >
> > http://motherboard.vice.com/en_ca/read/hacker-weev-made-thousands-of-internet-connected-printers-spit-out-racist-flyers
> >
> > https://storify.com/weev/a-small-experiment-in
> >
> > Fwiw, I've a couple slides in a 2014 Educause preso detailing this
> > vector exactly...down to the shell script...and one slide in
> > particular that will most certainly get you the backing from C-level
> > execs to remove your printers from public IP (child pr0n, hostile work
> > environment lawsuits, every public IP printer now a state/federal
> > crime scene).
> >
> > http://www.educause.edu/sites/default/files/library/presentations/SEC14/SESS08/shodan_for_edu_educause_security_conference_2014_public_version_shawn_merdinger.pdf
> >
> > Cheers,
> > --scm