RE: Securing Printers

• Previous message: GuidoZ: "Re: Changing IP address as standard user"
• Maybe in reply to: Bryce Embry: "Securing Printers"
• Next in thread: Corey Watts-Jones: "RE: Securing Printers"
• Reply: Corey Watts-Jones: "RE: Securing Printers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Corey Watts-Jones '" <cwattsjones@rogers.com>, "''sec-basic list' '" <security-basics@securityfocus.com>
Date: Sun, 21 Nov 2004 11:06:27 -0600

I guess my argument would be that it is a possible risk, if not the printers
currently in house, what about software upgrades or printer upgrades. As we
all have seen just because it is not a risk today does not mean that it will
not be risk next Tuesday. What FTP code do they use behind the scene, is
someone monitoring it to make sure that it does not have a vulnerability?
You know the saying... Secure in Layers. Why take the risk? Was there a
business need to give them a public IP?

John Herbold
Security Specialist

-----Original Message-----
From: Corey Watts-Jones
To: 'Herbold, John W.'; 'sec-basic list'
Sent: 11/20/2004 11:16 PM
Subject: RE: Securing Printers

When the file was dropped in via simple browser based FTP, it was write
only. If I tried to copy it back out it would fail. I only briefly
experimented with it but on the mid-level office printers it wasn't
retrievable. I will experiment further on the Xerox Phaser and the Canon
copier I have access to as well.

Cheers,

Corey

-----Original Message-----
From: Herbold, John W. [mailto:JWHERBOLD@arkbluecross.com]
Sent: Friday, November 19, 2004 2:42 PM
To: 'sec-basic list'
Subject: RE: Securing Printers

Can the printer cache be redirected or the information be copied out of
the
cache? This could give someone access to confidential information.

Thanks,

John W. Herbold Jr.
Security Specialist

-----Original Message-----
From: Corey Watts-Jones [mailto:cwattsjones@rogers.com]
Sent: Friday, November 19, 2004 9:50 AM
To: 'Matthew Romanek'; 'sec-basic list'
Subject: RE: Securing Printers

I agree that for units of that size and production capability it's an
issue,
but after spending a few minutes playing with this on one of our local
networks, most regular office printers (I tried it on a Lexmark T20 and
an
HP 4050) flush their buffers on a regular basis. This would render them
pretty useless as storage for an exploit as I saw mentioned earlier on
the
list. On these printers, if I put a file in there that it couldn't
interpret, it would spit out pages with random ASCII text on them and
then
go into error.

When I ftp back into it, the info is gone.

Corey Watts-Jones
Compusmart Professional Services Technician

-----Original Message-----
From: Matthew Romanek [mailto:shandower@gmail.com]
Sent: Tuesday, November 16, 2004 1:55 PM
To: sec-basic list
Subject: Re: Securing Printers

Regarding Printers with public IPs, the very first thing that jumps to
my mind is 'What do you consider a printer?'. I say that because quite
a few of our printers are ImageRunners or that sort of networked
copier. The kind with 80GB harddrives and convenient web interfaces
that let you log in and pull up images of the last couple thousand
pages that were printed on it, then save or re-print them.

If that doesn't trigger alarms with data security, nothing will.

-- 
Matthew 'Shandower' Romanek
IDS Analyst

• Previous message: GuidoZ: "Re: Changing IP address as standard user"
• Maybe in reply to: Bryce Embry: "Securing Printers"
• Next in thread: Corey Watts-Jones: "RE: Securing Printers"
• Reply: Corey Watts-Jones: "RE: Securing Printers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]