RE: Securing Printers
From: Herbold, John W. (JWHERBOLD_at_arkbluecross.com)
To: "'sec-basic list'" <email@example.com> Date: Fri, 19 Nov 2004 13:41:35 -0600
Can the printer cache be redirected or the information be copied out of the
cache? This could give someone access to confidential information.
John W. Herbold Jr.
From: Corey Watts-Jones [mailto:firstname.lastname@example.org]
Sent: Friday, November 19, 2004 9:50 AM
To: 'Matthew Romanek'; 'sec-basic list'
Subject: RE: Securing Printers
I agree that for units of that size and production capability it's an issue,
but after spending a few minutes playing with this on one of our local
networks, most regular office printers (I tried it on a Lexmark T20 and an
HP 4050) flush their buffers on a regular basis. This would render them
pretty useless as storage for an exploit as I saw mentioned earlier on the
list. On these printers, if I put a file in there that it couldn't
interpret, it would spit out pages with random ASCII text on them and then
go into error.
When I ftp back into it, the info is gone.
Compusmart Professional Services Technician
From: Matthew Romanek [mailto:email@example.com]
Sent: Tuesday, November 16, 2004 1:55 PM
To: sec-basic list
Subject: Re: Securing Printers
Regarding Printers with public IPs, the very first thing that jumps to
my mind is 'What do you consider a printer?'. I say that because quite
a few of our printers are ImageRunners or that sort of networked
copier. The kind with 80GB harddrives and convenient web interfaces
that let you log in and pull up images of the last couple thousand
pages that were printed on it, then save or re-print them.
If that doesn't trigger alarms with data security, nothing will.
-- Matthew 'Shandower' Romanek IDS Analyst