Multifunction Printers — The Forgotten Security Risk?

eweekhickins writes to share an article in eWeek highlighting the forgotten risks that a multifunction printer could possibly offer. Brendan O'Connor first called attention to the vulnerabilities of these new devices at a Black Hat talk in '06 and warns that these are no longer "dumb" machine sitting in the corner and should be treated with their own respective security strategy. "During his Black Hat presentation in 2006, O'Connor picked apart the security model of a Xerox WorkCentre MFP, showing how the device operated more like a low-end server or workstation than a copier or printer--complete with an AMD processor, 256MB of SDRAM and an 80GB hard drive and running Linux, Apache and PostGreSQL. He showed how the authentication on the device's Web interface can be easily bypassed to launch commands to completely hijack a new Xerox WorkCentre machine."

First virus

[IdeaMan]

Wasn't one of the first Mac viruses spread by a mac printer?

Re:First virus

[vux984]

Wasn't one of the first Mac viruses spread by a mac printer?

There was a famous trojan that infected apple laser printers via postscript... but I don't think it 'spread' itself so it wasn't really a virus, nor would it qualify as a Mac virus because it didn't infect Macs, just some Apple Printers.

In any case I think it just lived on the printer. Although one of its effects was to change the password, something that could only be done a limited number of times for some demented reason, which meant eventually the printer would lock you out, and you couldn't reset the password without swapping in a bios or pram, or something along those lines.

Nonetheless, yes, laserprinters have been 'servers' in their own right for over 20 years, so this is hardly news. The same is true of NAS, Routers, managed switched, and so forth. And as for an 'IT security strategy" really, what can you do? Be aware its possible, and limit your attack surfaces to a level appropriate to the risk of them being compromised and the level of damage they could do if compromised.

For most of us, "Don't put your printer on the internet" is probably sufficient"IT security strategy"... although for higher security installations, something more detailed would be required.

Re:

[Anonymous Coward]

The funny thing is, when I was setting up our office network I put the printers in their own network (no router), with the print server being the only host able to access both the printer network and the office network. All print jobs were routed through the print server. All scan jobs were available on the print server's file system.

The sysadmin who came in after me decided this was a boneheaded decision made by a network NAZI, replaced all my Linux boxen with Windows boxen, moved the printers onto the wor

Re:

[Endymion]

In the meantime, the administrator is continually policing desktops

I believe we call this "Job Security".

Re:

[nosfucious]

Actually, I think that's more "Busy work". Which may (or may not) translate to job security.

At least s/he looks like they're busy.

The trick is to continually make reports on security/installations/network status. Scripting language of choice here or Zabbix or WMI queries et al. ??? Then Shaldot/Facebook/Pr0n/2girls1cup or whatever bakes your cookie.

Re:First virus

[arth1]

Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin".

Re:

[Mister Liberty]

Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin".

You should have made that 'Sugar Y/N/Double'

Re:First virus

[Anonymous Coward]

"Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin"."

Fun for you, sure. YOU didn't have to clean the coins out of the gears.

Re:

[spasm]

Meh. For those too lazy to telnet, Google hpsetdisp.pl for a quick perl script to change the lcd display of any HP with JetDirect (ie most modern ones)

Re:

[YttriumOxide]

It'll actually work on most devices that accept that PJL command... including Fiery RIPs.

It does actually have a real world use by the way - it's nice to customise the display during specialised operations, but in most environments these days, it is a little bit antiquated to do so.

Re:

[|Cozmo|]

That's awesome. I did something similiar to the verifone credit card machine at my first job. I changed the "swipe card" prompt to say "access denied" and everyone thought the machine was broken. They didn't think it was nearly as funny as I did.

Re:

[Agripa]

PC Load Letter

Re:First virus

[Trogre]

It means that some moron has sent a job to the printer in US Letter again. Just hit OK to have it print from the A4 tray.

So what's the potential threat?

[daveywest]

Are we going to have a bot net of machines that print our spam for us?

Re:So what's the potential threat?

[Adriax]

Fear the Goatse printer virus.

Re:So what's the potential threat?

[whoever57]

Fear the Goatse printer virus.

Oh, that is just pure evil! Imagine a printer that randomly inserted a small number of Goatse pages in its output.

Re:

[Trogre]

... or as a faint watermark that wasn't immediately obvious until in the boss/client's hands.

Re:So what's the potential threat?

[Ungrounded Lightning]

Better yet: A texture map that is virtually invisible to the naked eye but becomes visible when copied by a xerographic process (like the "void" markings on some checks).

Re:

[Doctor O]

This is *so* evil. What are we still talking about, let's get hacking! ;)

I imagine something that does such a texture map, and adds a big "DO NOT COPY THIS" to the printout. Of course, the goatse image is subtitled "TOLD YOU SO".

I DID THIS!

[Cyno01]

Sort of. After a power outage, i hadnt rebuilt the settings on my wireless router. One day i went into my network places and there were a few new folders in there, as well as another shared printer. Checked the logs and sure enough "ScottsLaptop" or somebody was leeching my wireless. My own fault for not re-securing it, but i still printed several pages of goatse on his shared printer before i booted him off my network. Not really related at all, but a mildly amusing network printer story if there ever were

Re:

[cant_get_a_good_nick]

Even scarier...
I remember someone had created a IPTABLES -- web proxy that turned pictures upside down [ex-parrot.com] for the leechers. A few doses of goatse or tubgirl should scar them for life.

MOD PARENT UP INSIGHTFUL

[SpzToid]

Seriously. Such a suggestion is a clear illustration of a security threat to be concerned about and guarded against.

It also makes for a realistic discussion of the risk with a non-technical user.

I don't want to lose sleep over the possibility, do you?

Except, how would you prevent it from happening? I'm not sure you can, but I'll bet the answer is in this book called Extrusion Detection. [awprofessional.com] I haven't (yet) read it, however I have read its sister book (Network Security Monitoring) by the same outstanding expert

Re:

[ettlz]

Let me guess, it'll get caught in the ring-buffer.

Re:So what's the potential threat?

[KublaiKhan]

More evil would be a system that forwards the documents printed to another location....

Re:

[robi2106]

which is entirely possible to do (assuming you can get a hold of the compiler needed to create your own code). all you need to do is send the PJL needed to upload the program, and then stick it in the stack and vioala! instant print job mirroring.

naturally networked printers like this should live on their own subnet that refuses all port communication except inbound originating print request or necessary admin traffic from specific other networks....

so yes, lots of network admin overhead to keep them lock

Re:So what's the potential threat?

[AuMatar]

No, they print out a ransom note, demanding $1,000,000,000 or they'll print out all our spam. Management will pay, because at the current cost of ink the billion is cheap.

Re:

[myowntrueself]

or they'll print out all our spam.

I had a client who *insisted* on printing out *every* *single* email they received.

Every one of them. And this was before I set them up with spam filtering; they printed ALL their email and they got TONS of spam.

Some people really do need to be taken out and shot.

Re:

[El Lobo]

I know your'e trying to be funny, but at my university, our neighbour department has an (almost) wide open Xerox Workcenter 7245. I say *almost* because they have their Apache with the default 11111 password. Last april the 1rst I printed a 50 pages documetnt (100 copies) to their printer. It was actually the Administrator's guide for the Xerox Workcenter, as a pdf. To this day, they are still asking who the hell missused their printer that way... ;-)

On a serious side, that machine can send a scanned docum

pr0n print

[emj]

I actually came back to the office one day finding 400 pages of porn printed in color on our office printer. Apparently it was open for everyone on the net to use as a print server.

Re:

[Hyperspite]

Well? What did the department do with it? You can't just waste that...

Re:

[Doug Neal]

I actually came back to the office one day finding 400 pages of porn printed in color on our office printer. Apparently it was open for everyone on the net to use as a print server.

This can also be done with your neighbours' open wireless networks.

Fool the black hats!

[EmbeddedJanitor]

Remove the toner from the printer and you only get white hats.

Re:Fool the black hats! Speak upppp....

[davidsyes]

Fortunately, these MFP's don't have speakers. Otherwise, the goats would have a new form of emission... mwaehhehehe mwaehhehhee.... Now, you can hear, see, *and* smell the goat..

So what?

[SpiritGod21]

The biggest issue isn't a lack of (software or physical) security regarding the machine, but a lack of a security policy in these instances. At our institution, machines have unique names, unique passwords (when they have to scan to a network drive), and are behind the campus firewall. But a user could get one, hook it up (putting it behind the firewall) and not change the default password and we'd 1) be none the wiser and 2) have no control over the machine. If a department gets one, it's their printer, not ours.

Still, with client-side antivirus and firewalls, and the control we have over the servers (for a multifunction printer to be able to scan to a server, it has to be given specific access, which doesn't happen lightly), it doesn't seem like being able to access the web interface can pose a whole lot of a threat. An attacker could potentially waste a ream of paper or two, a bit of toner, but I don't foresee any major consequences.

Re:

[Pirulo]

There are other consequences that are sensitive to several business,

Enabling the MFP to cache all documents so they can be retrieved by the hijacker is an example on how to steal sensitive information.

How about physical document security instead?

[Radon360]

Let's work with the concept that a multifunction machine get pwned for a moment. Instead of all the ideas of using it to root around on your servers, or join a botnet, what if the vulnerability did something as innocuous as FTP/SMTP (or even fax) images of scanned/printed documents to a server on the outside world?

Get a machine in a place that does financial or medical records and now you have a steady stream of confidential information going somewhere in the form of soc. security numbers, bank account numbers, etc. all in scanned form.

Since the machine probably already does this on a regular basis under normal use, it's possible that such an exploit could continue for a while before it would ever be discovered.

Re:

[archen]

Heh, and at least FTP/SMTP would be traceable through a firewall that logged it. Our company just got a printer in today with fax from PC capability. Everyone was like "That's great". Then I pointed out that anyone with this on their PC could potentially send any document in the company via fax, and no one would probably catch it in the phone logs.

While true it also got me the "Man I hope our I.T Manager (me) never turns on us.." look. I get one of those every month or so.

Re:

[jimbojw]

There's a great book called Stealing the Network: How to Own the Box [amazon.com] which contains a series of realistic short stories chronicaling a variety of black hat adventures. In one story, the protagonist uses an open printer as a base of operations from which to launch attacks on other boxes in the network. This is especially useful since internal servers may be IP-range limited to prevent direct access from outside machines.

IIRC, the attacker also used it as a gateway to steal and forward packets traveling t

Re:

[flappinbooger]

That's way handier than rooting through the trash.

Re:

[nih]

At our institution, machines have unique names, unique passwords

yes i'm sure they do, now stop worrying and calm down, the doctor will be here any second

Re:

[Jeff DeMaagd]

In addition to the above industrial espionage potential, they could also be used to aid in a DoS. The second might not be that likely as it's so easy to root a Windows system.

Just what I need

[antifoidulus]

is to come into work in the morning to find all the ink and paper has been wasted printing the goatse man over and over again....

Re:

[Farmer Tim]

That's not a waste, it's a network security diagram.

Weakest Link

[ookabooka]

This is actually a very good point, a network is only as strong as its weakest link (or firewall). While each machine on a network may be secure, hijacking a printer can do the same amount of damage as hacking any other machine on the network (save actual servers w/ data on them). Imagine hijacking a printer on a network and then having it send out spam (hey, its on superreliabledomain.com, no reason to hastily toss it in the spam bucket), or arp poisoning to listen in on other traffic on the network it should have no business with. Any device connected to a network should meet a certain standard of security, it only takes one weak link to really mess things up.

Re:

[gotzero]

Thankfully, all of the multi-function print centers I have at my job are never working long enough at one time to get hijacked. Maybe the horrible up-times were a gift from the manufacturers to prevent these attacks!

Perhaps I'm jaded, but is this news?

[zappepcs]

As noted, this has been covered before. If you are not doing your best to segment your network for security reasons, then you probably deserve to learn about this one the hard way. EVERYTHING now has the smarts/hardware to launch/spread/spawn a virus attack on your network. Every day I get one or two messages about this and mobile computing being the 'number one' threat to our networks.

FerCrissakes, every USB stick has that ability if you have not done your work/research etc.

But still, by far, the most dangerous thing on your network is the end user(s)...

That's life, it's the way the cookie crumbles, and it's how you're going to lose brownie points with the PHB at work.

It ain't news.

[hal9000(jr)]

hah. about 10 years ago, I got a call from an admin at the University of Texas. Seems a host on my network was scanning his network pretty aggressively. Figuring the guy went to the trouble to find person responsible for the offending host, me, I talked to him, got the IP, and finally found the host. It was a web cam. huh. So while I had him on the line, I pulled the cable. Scanning stopped. Put the cable back in, scanning started.

I apologized and pulled the camera off the network. I then plugged it int

Re:

[thewils]

Man, in a big shop you could loiter by a printer quite easily (hey I'm waiting for a top secret doc) and snarf anything that printed there to read at your leisure later. Those "lost" printouts would simply be resubmitted because Windows/the printer fouled up again.

On mainframes, you don't even have to stand next to the printer - you can see big jobs (payroll?) if you have SDSF access to the print spooler.

Re:

[flink]

Many larger/more sophisticated printers these days have a "print to mailbox" option that causes the document to remain spooled on the printer indefinitely instead of immediately printed. You have to be physically at the printer and enter your user ID and PIN to start your print job. So that mitigates the hanging around the printer attack, still doesn't help if the printer gets r00ted though.

Re:

[RollingThunder]

about 2 years ago my boss was talking about the security risk in shared network printers. If he wanted a hard copy of something sensitive, he would have to hit Print, and then trot down the hall to get his output before anyone say it.

Some of the current crop of printers theoretically have a "confidential print" option where you tell it to wait for a name and a PIN before it actually starts spitting paper out. Lexmark T632's are one I'm familiar with.

I say "theoretically" because I've tried to use the fea

Hit it, The Paper

[Digi-John]

My dot-matrix parallel printer will never turn on me like that!
Screeeeeeeech

Re:

[that this is not und]

My favorite Dot Matrix printer was this big behemoth GE Terminet printer that I had full command of years back. I was writing Assembly Language code for 4-bit embedded controllers and had taken it for my very own, attached to the '286 machine I had glommed onto at the time. It was many-pages-per-minute fast. It would hurl paper up into the air when doing multiple page ejects. In fact, if you turned the PC off before the printer, for some odd reason the printer would interpret the signal on the cable as

The cleverest hacks are in front of your nose

[postbigbang]

Lexmark, Xerox, the list goes on. How about a Linksys WRT54G? How many devices out there can be easily rooted and owned? The list is endless. Who would suspect a logon attempt or a slow port scan from a printer, or a volume-page scanner?

Maybe your VoIP system's very happy you linked it to your Active Directory with an administrative logon. Seen any weird LDAP requests recently? Had to reboot your RIP engine recently? Surprise!

Diligence is its own reward.

Re:

[bendodge]

The WRT54G is easy to secure. Just use DD-WRT!

Re:

[syousef]

You can pwn my PC but leave my WRT54GL alone. It's one of the few pieces of hardware I own that's proven to be as reliable as the sun rising in the East. Yes I've installed the Linux bios.

Re:

[postbigbang]

Me too. Strip out everything but what you need, and beware the IPV6 mods.

Not simply PSC then

[pembo13]

I take it from the summary that simple print-scan-copy machines aren't what is being mentioned. Instead, referring to those smart printers that "can access all your companies files" -- couldn't figure how that was a good idea when I saw the ads myself.

Re:

[raehl]

There are plenty of printers out there with network ports. Once you plug something into your network, it's plugged into your network.

Re:

[JoeZeppy]

I take it from the summary that simple print-scan-copy machines aren't what is being mentioned. Instead, referring to those smart printers that "can access all your companies files" -- couldn't figure how that was a good idea when I saw the ads myself.

We have bunch of these Xeroxes that have - wait for it - an XP workstation hanging off them! No idea what the advantage to that is. You can't use it as a print server, because only ten people at a time can have a connection to it, so as soon as it starts to

Re:

[Joe The Dragon]

do they get messed up if you try to go to the windows / Microsoft update website?

the printers don't have a e-net port on them?

Sound like a PHB move.

Re:Not simply PSC then

[Teilo]

What you are describing is an EFI Fiery RIP. This is not just a "workstation hanging off of the printer." It is doing the actual work of rasterizing the Postscript. Get rid of it, and your Xerox is not even a dumb printer. It won't print at all.

EFI Fiery controllers generally run a version of XP Embedded, which is itself locked down in a variety of ways, but sometimes not. They often have a proprietary motherboard with unique RIP hardware. We have several here. One, driving a Canon CLC 4000, does not even have enough of Windows present to install a driver (VNC in this case).

Another, driving a Konica BizHub Pro 6500 is almost wide open, except that we actually had to pay for the privilege of hooking up a monitor and keyboard. That's right, they flash the motherboard in such a way that the machine is headless, unless you pay extra.

Re:

[YttriumOxide]

Just as a note, it's EFI that charge for the extra to add the keyboard and monitor... just on the Canon, you paid for it when you bought the MFP, as opposed to separately with the Konica Minolta.

Regardless - get the bizhub PRO C6500 AWAY from any network that should be secure. It's a print room machine and should be in your print room (on an isolated print room network). If you want a secure product for your corporate network, you should consider a bizhub branded product rather than a bizhub PRO branded p

Re:

[Teilo]

I didn't say it could not function as a workstation. Indeed it can - sometimes. Installing lots of junk on them often has the side effect of breaking the RIP. Again, it all depends upon what particular package EFI puts together. I hate EFI. Only use them because we are forced to.

The difference is that the Xeroxes without a separate box have some sort of RIP hanging off the back of them, or a very simple internal RIP. Fiery sells simplified controllers that are still running XP (or 2000) internally, but have

Re:

[YttriumOxide]

Business Colour from Konica Minolta generally doesn't use a Fiery or Creo. Fiery is an option on business colour, but is rapidly being phased out since Konica Minolta's own technology is MORE than capable in this area these days.

Both Fiery and Creo are still used on Production colour though.

See another of my posts in another thread discussing the security of Konica Minolta own systems. Fiery and Creo are for the print room and that's where they should stay. Don't put either of them anywhere near a corpor

Gee,

[prevajanje]

come to think of it, my refrigerator made some noise as I powered up the computer,....

You can run Linux on 2Mb of flash

[Colin Smith]

With processor, ethernet etc that fits into 35mm×19mm×19mm of space[1]. Basically the same OS as your file, printer, web and database servers...

This means that anything that size or bigger, could be running a set of software perfectly able to be compromised, and used as a springboard into other systems. Anything with a network port should have the same security policies applied as a server.

[1] e.g. http://www.picotux.com/techdatae.html [picotux.com]
 

Re:

[flyingfsck]

Every network printer I have ever tried, sports a FTP server. This is handy when all else fails - FTP a postscript file to the damn printer and la voila! Of course, this can be exploited with a denial of service continuous print loop in postscript.

Re:

[Colin Smith]

That depends... Did you use ash as /sbin/init?

 

Security

[zymano]

http://www.openbsd.org/ [openbsd.org]

http://www.lynuxworks.com/solutions/security.php [lynuxworks.com]

http://www.coyotos.org/ [coyotos.org]

Multi-malfunction devices, more like it

[SuperBanana]

Brendan O'Conner first called attention to the vulnerabilities of these new devices at a Black Hat talk in '06 and warns that these are no longer "dumb" machine sitting in the corner and should be treated with their own respective security strategy.

The Xerox WorkCentres are more likely to malfunction, first. They jam incessantly unless you use Xerox brand paper (rather than design their machines to handle popular paper, they design their machines to only handle Xerox paper properly) and they have basic design defects- for example, toner builds up on fingers near the fuser assembly, which has to be scraped off regularly or the machine starts to jam with increasing frequency.

Also, the print spooler PC on the back of the 3535 units (the B&W ones, may have that # wrong) were completely stupid- when the copier displays a message to the effect of "PC booting" with a progress bar, it's a TIMER, and nothing more- the machine doesn't actually check if the PC successfully booted and is accepting jobs.

Don't even get me started about how atrocious the Windows-based RIP engine is for the color printers.

Not even remotely "smart".

Chip Crowding - Firmware Hack

[not_hylas( )]

All kidding aside (printf), we had a break in a few years ago by some very organized Blokes one (of many) thing they hit was an HP 120nr printer (w/ RIP [fonts]) to which they tried (and failed) to chip crowd or replace the firmware. They jumped routers/switches to the local LAN to accomplish this, the network card was damaged in this attempt - we just got it back from the repair shop and the Tech asked me "what did you do, pull the NIC card while it was running?"
Of course I didn't, nor did anyone here do

Re:

[Joe The Dragon]

tell us more

Re:

[not_hylas( )]

Read article and comments:
Several people had the same hack as ours later in the thread - as difficult as it is to read the "crazy" ones, they are pretty accurate as well. Once you've been "there" everything else become somewhat trivial by comparison.

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded [securityfocus.com]

Not-too-long-ago...

[FooAtWFU]

Not too long ago (less than 4 years) my university's network still gave everyone Real IP Addresses accessible from the Internet anywhere, without much (if any) firewalling. They've since cracked down and NATted, but before that point, apparently, one of the big laser printers was compromised and turned into a warez FTP server.

Mind you, it still printed.

This is just the technology filtering down. :)

At my work (a bank)...

[netsavior]

We have a $45,000 high quality high volume scan/printer that is a paperweight.

They purchased it for scanning confidential documents. The hitch is that there is only 1 way to get documents off of this printer: A public non-protected network share... This is basically against the law for a bank.

I suggested that I could set up a private network and they could securely upload docs to the proper place with the right security, however that plan was nixed for being "non-standard"
The result is that now they consult me when buying a pencil sharpener because they don't know how it will affect network security.

Envelopes

[mbstone]

Maybe somebody will invent a benevolent virus for multifunction printers that will enable them to actually print envelopes.

Re:

[Macgrrl]

Sadly that's a hardware problem - not a software problem.

It seems like a simple thing to do until you start thinking about the variety of thicknesses which have to pass through the rollers without jamming - oh and flaps, and gum which can't degrade from the heat if they pass through a fuser, so stick to the device if a flap folds up...

They actually make specialty envelope printers for high volume applications, they are almost universally based on inkjet technology because it is cold printing.

Personally I

Poor article title

[nsayer]

It's not that the printer is multifunction that has anything to do with it. I used to have a multifunction printer that connected to my computer with USB. I dare say that it offered no particularly interesting attack vector in that configuration.

AV

[fester2001]

Upgrade now to Norton Anti virus 2008 to ensure your printer is safe.

Much Earlier Article on Xerox Systems

[The Infamous TommyD]

http://csrc.nist.gov/nissc/2000/proceedings/papers/034.pdf [nist.gov]

Basically, 9 years ago we showed some remarkably embarassing features in Xerox multifunction printer/copiers/faxes. Including SNMP access to plaintext passwords!

I wonder how many of these "features" are still there.

Old news is... old news

[Macgrrl]

The generation of WorkCentre Pros mentioned in the article are no longer part of the current line up.

A 'smart' network entity will be a risk if it isn't locked down regardless of whether it is a printer or a server or a desktop computer.

The current generation of devices have improved security features including encryption of job files and digital watermarking at creation to ensure you can track the originator of any document.

To use a basic analogy - if you don't close and lock your doors - is it the hous

My old idea of "Multifunction Printer"

[haaz]

Looking at this, I was wondering how or why there would be talk at Black Hat about a multifunction printer being a security risk. "What, would terr'ists sneak in and use the printer to scan jihadist documents are very slowly print them out -- only to fax them!!" No, it's a little more elevated than that. Still not anything I need to worry about right now though.

Now goatse-laden printers, that's scary.

The first Laserprinter was the fastest Apple

[cant_get_a_good_nick]

Due to processing demands of Postscript, it had the highest speed 68000 available in an Apple product, besting all the Macs of the time.

Re:ABout time

[mpapet]

I'm calling you on this because I think it's very improbable without a laptop in the physical location. Sure it broadcasts like crazy in a LAN, but there's a HUGE leap from getting on the printer to turning it into your bot from a remote destination. Did the print server have a public IP?

Some details please.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[twiddlingbits]

Bullsh*t. You been watching too much Hollywood crap. They'd have to have a ladder to reach the tiles, some way to cut the Cat 5 cable, put a connector on the end (non-trivial if fiber), then have to splice the router into the cable, set the router IPs to be on the same subnet as the bank (unless you know this you'll need a sniffer program to grab it). While they are doing this they can't cause a noticable outage and I doubt the banks DNS is going to give the laptop an IP without some kind of login and authe

Re:ABout time

[GNU(slash)Nickname]

I doubt the banks DNS is going to give the laptop an IP

Yep, pretty sure you're right about that.

Re:

[JoeZeppy]

Bullsh*t. You been watching too much Hollywood crap. They'd have to have a ladder to reach the tiles, some way to cut the Cat 5 cable, put a connector on the end (non-trivial if fiber), then have to splice the router into the cable, set the router IPs to be on the same subnet as the bank (unless you know this you'll need a sniffer program to grab it). While they are doing this they can't cause a noticable outage and I doubt the banks DNS is going to give the laptop an IP without some kind of login and auth

Re:

[twiddlingbits]

I meant to say DHCP. There are DHCP servers that will request Authentication or only allow certain MAC addresses to get IP's. No one has yet solved the issue of how you know the bank has just the right printer with just the right firmware version. Plus how do you know what IP address is a printer without special tools such as a sniffer. It's not a hack for the amatuer. Also, don't you want to control that printer and it's agent from outside the bank? To do that you got to do a lot more things, like chang

Re:

[totally bogus dude]

Plus how do you know what IP address is a printer without special tools such as a sniffer.

It's pretty rare for people to change the MAC address of their devices, even on devices that allow it. And since each vendor is allocated its own prefix(es) it's pretty straightforward to narrow your search to e.g. Xerox MAC addresses. With a bit of research it's likely you'd be able to find even narrower prefixes that the vendor has allocated to particular types of printers.

don't you want to control that printer and it's agent from outside the bank? To do that you got to do a lot more things, like change firewall/router rules and routing tables

I think that's what the installation of the wireless router is for.

Also, don't forget that all your criticisms are implying tha

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[twiddlingbits]

Still not solved the IP address issues and authentication issues and printer names/types/addresses.

Think before you post.

[sowth]

Did you even read the guy's entire post? Why would you need to cut a cable to break into the network with a wireless connection? You must be clueless because you think it is some amazing feat to run a network sniffing program.

Where does slashdot get posters these days? Oh yeah, they are 12 year old kids. I used to read this site because quite a few posters seemed to be experts in their respective fields--at least the ones who where modded up. Now I don't know why I bother.

Since apparently we have to sig

Re:

[FLEB]

You shouldn't pick on the 12-year-olds. Just because you just turned 13, it doesn't necessarily mean you're any better at reading comprehension than any of them, especially when you go and prove it with a stunningly brilliant foot-in-mouth rant like that.

The "wireless" was referring to the tap that the attackers attached to the network, not to an existing wireless connection. You'd still have to tap into the rest of the bank's network somewhere. It's doubtful they'd have an RJ45 socket hanging around in the

Lol

[Anonymous Coward]

Im in ur bulbs, givin u seezures.

Re:

[mlts]

This gets me wondering. A printing company like HP could make money hand over fist by designing a printer from the ground up for security. For storing data to be spooled, if the data is in RAM, as soon as the data is printed, the bits of RAM are zeroed out. If the data is stored on a HDD, have the data encrypted with a random key that changes every boot, and perhaps every hour or so if no jobs are in the queue. Of course, this means that any jobs in the printer have to be dropped if there is a power out

Re:

[Bork]

You mean like this one?

http://www.troygroup.com/SecurityPrinting/products/MICRPrinter/4300secure.asp [troygroup.com]

Re:

[YttriumOxide]

Last I checked (which was a few minutes ago), every current Konica Minolta office product has every feature you're talking about ("office products" excludes the printers, SOHO toys and production equipment (like the C6500 mentioned in another thread - which being a production machine shouldn't be anywhere near a corporate or public network - it's a print room machine!)). Data erasure policies for RAM and HDD, Active Directory login, security logging, internal firewall... plus many you didn't mention such a

Re:

[Tuoqui]

He wouldn't have happened to be using an axe at the time would he?

Re:

[Myself]

Does april 2006 count as before? [notacon.org]

The archive [notacon.org] of the talk is here: [mp3] [notaconmedia.com], [avi] [notaconmedia.com]. Essentially, most of the webservers in these things are vulnerable to all sorts of mischief. If you can own the underlying OS, the sky's the limit.