Control Character attacks on line printer log devices

From: snevel+usenet@sonic.net
Date: 05/07/02


From: snevel+usenet@sonic.net
Date: Tue, 07 May 2002 04:50:08 GMT

While perusing the latest Risks Digest (22.04) article on the risks
associated with the proliferation of Nanny-Cams:

  http://www.franken.de/users/tentacle/papers/hiddencams.pdf

I back-tracked the URL to see if the author had any other interesting
papers to read.

In addition to a very interesting analysis of information leakage from
many of the popular web search engines, I came across a *very* interesting
article

 http://www.franken.de/users/tentacle/papers/lp-attack.pdf

on how line printers used as supposedly secure logging devices might
actually be subverted by getting it to accept control characters.

The author even gives the design for a simple hardware device to foil some
of those attacks.

Simeon

-- 
The address in the header *is* actually replyable. 
If replying, use mail or post here.  Please, not both

If you're not outraged, you're not paying attention