Educause Security Discussion mailing list archives
Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer."
From: Frank Barton <bartonf () HUSSON EDU>
Date: Tue, 29 Mar 2016 09:37:38 -0400
At Husson, we have a dedicated, locked down VLAN for printers. Only certain machines can talk to, or even see the printers. We did this partially for security, partially for accountability, and partially because printers are such sensitive devices. Some of our printers, when hit with a security vulnerability scan will start to print of PCL garbage, and will need a power-cycle to come out of it. The dedicated VLAN also ensures that all printing has to go through one of our print servers, and thus also our print tracking system. I have to say though, I half-expected to see page after page of chicken, instead of the vitriol that was used. http://uproxx.com/technology/unsecured-wireless-printer-prank-chicken-report/ Frank On Mon, Mar 28, 2016 at 11:08 AM, Harry Hoffman <hhoffman () ip-solutions net> wrote:
This vector, unfortunately, goes back alot further then 2014. And the print jobs have been everything from beastuality, to cruises, to folks from other countries issuing warnings to close off access to the ports. It's a sad state of affairs and one made worse by vendors who won't provide quality controls for the equipment they manufacture. Cheers, Harry On 3/28/16 10:14 AM, Shawn Merdinger wrote:Lock down your printers, lest Weev (and now countless others) will troll you with racist print jobs. http://motherboard.vice.com/en_ca/read/hacker-weev-made-thousands-of-internet-connected-printers-spit-out-racist-flyers https://storify.com/weev/a-small-experiment-in Fwiw, I've a couple slides in a 2014 Educause preso detailing this vector exactly...down to the shell script...and one slide in particular that will most certainly get you the backing from C-level execs to remove your printers from public IP (child pr0n, hostile work environment lawsuits, every public IP printer now a state/federal crime scene). http://www.educause.edu/sites/default/files/library/presentations/SEC14/SESS08/shodan_for_edu_educause_security_conference_2014_public_version_shawn_merdinger.pdf Cheers, --scm
-- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Tracy Mitrano (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Haselhoff, Brent (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Harry Hoffman (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Frank Barton (Mar 29)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Matthew Trump (Mar 29)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer¹s flyer." Brad Judy (Mar 29)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 29)