Educause Security Discussion mailing list archives
Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer¹s flyer."
From: Brad Judy <brad.judy () CU EDU>
Date: Tue, 29 Mar 2016 14:20:33 +0000
These are schools where (to borrow a phrase from MIT), the network *is* the internet. With general use of public IP space and no default deny border firewall, putting a printer ³on the network² means putting it out on the internet. Brad Judy Information Security Officer Office of Information Security University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu <http://www.cu.edu/> On 3/29/16, 7:55 AM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Matthew Trump" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of M.Trump () KENT AC UK> wrote:
What justification was provided for connecting printers to the internet at these institutions? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Merdinger Sent: 28 March 2016 15:14 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer¹s flyer." Lock down your printers, lest Weev (and now countless others) will troll you with racist print jobs. http://motherboard.vice.com/en_ca/read/hacker-weev-made-thousands-of-inter net-connected-printers-spit-out-racist-flyers https://storify.com/weev/a-small-experiment-in Fwiw, I've a couple slides in a 2014 Educause preso detailing this vector exactly...down to the shell script...and one slide in particular that will most certainly get you the backing from C-level execs to remove your printers from public IP (child pr0n, hostile work environment lawsuits, every public IP printer now a state/federal crime scene). http://www.educause.edu/sites/default/files/library/presentations/SEC14/SE SS08/shodan_for_edu_educause_security_conference_2014_public_version_shawn _merdinger.pdf Cheers, --scm
Current thread:
- " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Tracy Mitrano (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Haselhoff, Brent (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Harry Hoffman (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Frank Barton (Mar 29)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Matthew Trump (Mar 29)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer¹s flyer." Brad Judy (Mar 29)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 29)