Security Basics mailing list archives
RE: Securing Printers
From: "Corey Watts-Jones" <cwattsjones () rogers com>
Date: Sun, 21 Nov 2004 00:16:32 -0500
When the file was dropped in via simple browser based FTP, it was write only. If I tried to copy it back out it would fail. I only briefly experimented with it but on the mid-level office printers it wasn't retrievable. I will experiment further on the Xerox Phaser and the Canon copier I have access to as well. Cheers, Corey -----Original Message----- From: Herbold, John W. [mailto:JWHERBOLD () arkbluecross com] Sent: Friday, November 19, 2004 2:42 PM To: 'sec-basic list' Subject: RE: Securing Printers Can the printer cache be redirected or the information be copied out of the cache? This could give someone access to confidential information. Thanks, John W. Herbold Jr. Security Specialist -----Original Message----- From: Corey Watts-Jones [mailto:cwattsjones () rogers com] Sent: Friday, November 19, 2004 9:50 AM To: 'Matthew Romanek'; 'sec-basic list' Subject: RE: Securing Printers I agree that for units of that size and production capability it's an issue, but after spending a few minutes playing with this on one of our local networks, most regular office printers (I tried it on a Lexmark T20 and an HP 4050) flush their buffers on a regular basis. This would render them pretty useless as storage for an exploit as I saw mentioned earlier on the list. On these printers, if I put a file in there that it couldn't interpret, it would spit out pages with random ASCII text on them and then go into error. When I ftp back into it, the info is gone. Corey Watts-Jones Compusmart Professional Services Technician -----Original Message----- From: Matthew Romanek [mailto:shandower () gmail com] Sent: Tuesday, November 16, 2004 1:55 PM To: sec-basic list Subject: Re: Securing Printers Regarding Printers with public IPs, the very first thing that jumps to my mind is 'What do you consider a printer?'. I say that because quite a few of our printers are ImageRunners or that sort of networked copier. The kind with 80GB harddrives and convenient web interfaces that let you log in and pull up images of the last couple thousand pages that were printed on it, then save or re-print them. If that doesn't trigger alarms with data security, nothing will. -- Matthew 'Shandower' Romanek IDS Analyst
Current thread:
- Re: Securing Printers, (continued)
- Re: Securing Printers Frank T. Clark (Nov 16)
- Re: Securing Printers xyberpix (Nov 16)
- Re: Securing Printers Peter Wan (Nov 16)
- Re: Securing Printers Spigga (Nov 16)
- RE: Securing Printers Julen C (Nov 16)
- RE: Securing Printers Dubber, Drew B (Nov 16)
- RE: Securing Printers Dante Mercurio (Nov 17)
- RE: Securing Printers Samuel Petreski (Nov 18)
- Re: Securing Printers Adam Jones (Nov 19)
- RE: Securing Printers Samuel Petreski (Nov 18)
- RE: Securing Printers Herbold, John W. (Nov 19)
- RE: Securing Printers Corey Watts-Jones (Nov 22)
- RE: Securing Printers Herbold, John W. (Nov 22)
- RE: Securing Printers Corey Watts-Jones (Nov 22)