Educause Security Discussion mailing list archives

Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer¹s flyer."

From: Brad Judy <brad.judy () CU EDU>
Date: Tue, 29 Mar 2016 14:20:33 +0000

These are schools where (to borrow a phrase from MIT), the network *is*
the internet.  With general use of public IP space and no default deny
border firewall, putting a printer ³on the network² means putting it out
on the internet.

Brad Judy
 
Information Security Officer
Office of Information Security
University of Colorado
1800 Grant Street, Suite 300
Denver, CO  80203
Office: (303) 860-4293
Fax: (303) 860-4302
www.cu.edu <http://www.cu.edu/>
 

 






On 3/29/16, 7:55 AM, "The EDUCAUSE Security Constituent Group Listserv on
behalf of Matthew Trump" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of
M.Trump () KENT AC UK> wrote:

What justification was provided for connecting printers to the internet
at these institutions?

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Merdinger
Sent: 28 March 2016 15:14
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] " ...colleges and universities all over the United
States found that their network printers were spilling out Auernheimer¹s
flyer."

Lock down your printers, lest Weev (and now countless others) will troll
you with racist print jobs.

http://motherboard.vice.com/en_ca/read/hacker-weev-made-thousands-of-inter
net-connected-printers-spit-out-racist-flyers

https://storify.com/weev/a-small-experiment-in

Fwiw, I've a couple slides in a 2014 Educause preso detailing this vector
exactly...down to the shell script...and one slide in particular that
will most certainly get you the backing from C-level execs to remove your
printers from public IP (child pr0n, hostile work environment lawsuits,
every public IP printer now a state/federal crime scene).

http://www.educause.edu/sites/default/files/library/presentations/SEC14/SE
SS08/shodan_for_edu_educause_security_conference_2014_public_version_shawn
_merdinger.pdf

Cheers,
--scm

Current thread:

" ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Tracy Mitrano (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Haselhoff, Brent (Mar 28)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Harry Hoffman (Mar 28)
  - Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 28)
  - Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Frank Barton (Mar 29)
    - Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Judith L. Tabron (Mar 29)
- Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Matthew Trump (Mar 29)
  - Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer¹s flyer." Brad Judy (Mar 29)
  - Re: " ...colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer." Shawn Merdinger (Mar 29)