Forgot your password?
typodupeerror
Security IT

Digital Photocopiers Loaded With Secrets 204

Posted by CmdrTaco
from the office-party-bums dept.
skids writes 'File this under "no, really?" CBS news catches up with the fact that photocopiers, whether networked or not, tend to have a much longer memory these days. When they eventually get tossed, few companies bother to scrub them. Couple this with the tendency of older employees to consider hard-copy to be "secure," and your most protected secrets may be shipped directly to information resellers — no hacking required. "The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas — loaded with secrets on their way to unknown buyers in Argentina and Singapore."'
This discussion has been archived. No new comments can be posted.

Digital Photocopiers Loaded With Secrets

Comments Filter:
  • No problem (Score:5, Funny)

    by eln (21727) on Tuesday April 20, 2010 @01:19PM (#31912648) Homepage
    I always take care to disguise my ass before photocopying it. You can never be too careful these days.
  • by EricX2 (670266) on Tuesday April 20, 2010 @01:19PM (#31912650) Homepage Journal
    I never would have guessed the copy stayed in memory on the device. When I copy, scan to email or, scan to file it doesn't give me the option to 'scan again without reinserting original'... or does that imply the ones we have don't have this 'feature'?
    • by fuzzyfuzzyfungus (1223518) on Tuesday April 20, 2010 @01:22PM (#31912720) Journal
      It depends on the calibre of the device. Your basic deskside all-in-one isn't much of a risk. The real cheap seats might only have enough onboard storage to show up on the USB bus and have their firmware blob dumped to them by the driver.

      Many of the nicer models, though, have an internal HDD, often with a webserver, to support use cases like "scan, retrieve document through web interface" or "receive and store faxes without printing them all". Those are the ones you have to watch out for.

      Given that most printer manufacturers can't seem to design UIs that aren't exercises in pain, it may or may not be obvious based on using the device how much storing it is doing.
      • Re: (Score:3, Informative)

        by Em Emalb (452530)

        that and a lot of them these days have email capabilities (scan and email) so you get the directory full of usernames and email addresses. We actually barely remembered in time to do this when we shipped back a bunch of dell all in ones after their lease was up.

      • Re: (Score:3, Interesting)

        by xOneca (1271886)

        Your basic deskside all-in-one isn't much of a risk.

        You mean cheap all-in-one are more secure than expensive ones? I wouldn't say that if it wasn't for this article...

        Seems one more thing to have in mind when buying a printer...

      • I used to work in a print shop with some really nice machines. None of them had a function to reprint a previously printed document from the main display. The one I used the most had a 120gb drive in it that I could access, but I couldn't print from there either. I could view the queue of what had been previously printed by document type/name, but I couldn't actually print or view it. It also had a display of how full it was, and the only time I ever saw it fill up was when I was printing a large raw file (
      • by IrishHammo (1784970) on Tuesday April 20, 2010 @02:05PM (#31913418)
        Even nicer, I remember a few years ago I needed to scan the work permit in my passport for HR. So I went to the photocopier, did a scan to storage, and from my desktop retrieved from the photocopier storage and emailed. Job done I went to delete my passport from the photocopier storage. No Dice, windows admin rights required, and when I asked a windows admin to delete it for me (and the other 8 confidential documents sitting there with full read access) I got a very blank look.
    • It's supposed to be obvious when your giant MFP has a goddamn HARD DRIVE in it, and I've seen many that do.

      Not being able to go from email to file on the same image(s) is just bad interface design that assumes you want to do only one thing with the document. Whether it's still in memory or not depends of course on the design of the MFP's platform. The large memory capacity in terms of both flash and magnetic media is mostly for balancing high resolution input from multiple sources in a network environment
      • Re: (Score:3, Funny)

        by interkin3tic (1469267)

        It's supposed to be obvious when your giant MFP has a goddamn HARD DRIVE in it, and I've seen many that do.

        See, I don't even know what an MFP is, so whether or not mine has a hard drive in it is really not obvious to me or my coworkers at the buffalo police office sex crimes division.

        (For those of you who didn't RTFA, the "buffalo police office sex crimes division" was a humorous reference to the article. You missed out on that very funny joke. That'll learn you to not RTFA.)

    • by YttriumOxide (837412) <<yttriumox> <at> <gmail.com>> on Tuesday April 20, 2010 @01:29PM (#31912842) Homepage Journal

      I never would have guessed the copy stayed in memory on the device.
      When I copy, scan to email or, scan to file it doesn't give me the option to 'scan again without reinserting original'... or does that imply the ones we have don't have this 'feature'?

      Generally it doesn't. Many devices have the ability to store at the same time as copy, however it's a feature you generally have to explicitly choose (unless enabled as a security mechanism by the device administrator). Some devices also have the option to keep the last job in memory (however not permanent storage such as HDD) in order for a "fast reprint" or "fast resend", but it's not a common feature, so I wouldn't be too surprised that the ones you're using don't have it.

      A far more pressing concern than memory is the permanent storage. Most devices these days have an HDD that will store data for various purposes. Actual images of copy/print/scan jobs are only rarely stored, and usually only when explicitly set to do so (as above), however user data information in the form of job logs, counter information, credit information (for embedded accounting applications) and so on can be quite a concern. Most decent devices will however have a "secure erase" feature to be used by the administrator before disposing of the device, and often also an option whereby data going through HDD and RAM is encrypted on the way in/out (except of course actual operating code - but that doesn't contain YOUR sensitive data, only the manufacturers...).

      To all: Feel free to ask for clarification on anything copier/MFP related... writing code for these things is my day job. Many things in the article are half-truths and some are just flat out wrong.

    • true story (Score:5, Interesting)

      by cinnamon colbert (732724) on Tuesday April 20, 2010 @02:02PM (#31913386) Journal
      many years ago, in the ages of DOS 4.0 and so forth, we had a hewlett packard laser jet, which we thought pretty slick, that connected with a huge fat parallel port cable. One day, I unplug the printer and hook it up to another PC, which, children, in those far off days was quite an adventure in drivers (this was before you could download drivers off the web.....almost pre historic) While, I send some print jobs, say job1, job2.... to the printer, some of which print and some of which vanish, but, eventually, I get all the printouts I need and hook the laserjet back to its orignal computer. A month or two later, printjob2 popped out of the printer. snce the software for this was not installed on the pc the printer was hooked up tow, the job must have sat in the printer all that time (this is long before any "wireless" was available - it would be 2 or 3 years later that the marvel of 802.11A came along)
      • by EdIII (1114411) on Tuesday April 20, 2010 @02:52PM (#31913976)

        I just had this wonderful image of you in a lawn chair, pants up to your nipples, with a bunch of little tykes sitting attentively on your lawn while you waxed nostalgic about the days of the parallel port, the Internet being a bunch of BBS's, and having to enter in the heads and cylinders of your hard drive into CMOS. When CPUs had numbers and not fancy marketing names given to them by Nancy boys with MBA's and real men used punch cards....

        *sniff*

        I got to call my Gramps, brb

    • by drooling-dog (189103) on Tuesday April 20, 2010 @02:11PM (#31913504)

      Well, the original submission says,

      Coupled with the tendency of older employees to consider hard-copy to be "secure"...

      ...so it looks like this is only a problem for the geezers; after all, digital photocopiers are like magic to them. There's virtually no chance that any of the savvy young hipsters in your organization could fail to be aware of this threat.

  • S/N (Score:5, Funny)

    by paiute (550198) on Tuesday April 20, 2010 @01:19PM (#31912652)

    If they are anything like our photocopiers, the criminals will have to wade through a sea of lolcats and fail posters to get to any actual business information.

    • Re:S/N (Score:5, Insightful)

      by interkin3tic (1469267) on Tuesday April 20, 2010 @02:05PM (#31913424)

      the criminals will have to wade through a sea of lolcats and fail posters to get to any actual business information

      Unless they find a way to make the text searcheable and just search for "social security number" or "credit card number" and look at what's written right next to it. And while I don't know how to do that personally, it seems like the type of thing that would take about 10 minutes to figure out and then another 10 minutes to actually do.

  • Why? (Score:5, Interesting)

    by kabloom (755503) on Tuesday April 20, 2010 @01:19PM (#31912662) Homepage

    Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

    • Pretty much since hard drives were cheap enough to mate up with their digitizers.
    • Because as I understand it really fancy copiers are also document repositories of sorts, with a web interface to retrieve faxes and scans, and so on.

      Not saying it's a good idea, but it's an extension of the "multifunction machine" that copiers have become anyway
      • by socsoc (1116769)
        Could you please photocopy that post without specifying the monospace font? It's messing up my digitizer scripts and I won't be able to have a copy of everything ever posted in the thread.
    • by Z34107 (925136)

      It depends on the model, but a lot of features need long-term storage. Things like "secure" printing, where you have to type in a PIN before it will release our document.

      Other features like "print from the web interface" or "print from e-mail" (running on a server on the printer itself) need storage. Keeping a history can also make management easier - some people use it to keep track of who is using company printers for personal use.

    • Re:Why? (Score:5, Informative)

      by SoTerrified (660807) on Tuesday April 20, 2010 @01:32PM (#31912890)

      Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

      In the old days, if you wanted 5 copies of a sheet of paper, the scanner would scan 5 times. Then someone thought "Hey, what if we could save the scanned image?" So you could scan once, and print out 5 copies. The easiest method is just to toss in a hard drive, and store the copies on there. Now, copying a variable number of pages, then erasing them immediately is extra wear and tear on the HD. You can get a longer drive life by distribute the data all over the HD so it's easily written, then only overwrite when the entire HD was full.

      Pretty simple, really. The only downside is that the HD inside contains the last items scanned, up to the memory of the device. (So while it doesn't keep a copy of "everything ever copied", it could easily be the last several thousand items copied.)

      • Re: (Score:3, Interesting)

        by iamhassi (659463)
        " Now, copying a variable number of pages, then erasing them immediately is extra wear and tear on the HD."

        Sure that makes sense, but why the long-term storage? Why does it store the copies from 6 months ago? Shouldn't it go through every week wipe anything over a week old?

        Of course that's not perfect, there's still going to be that final week on there, but at least no one will be "downloading tens of thousands of documents" from a photocopy machine like they did.

        Also shouldn't the manufacture's
        • Keeping a copy for 6 months is more of a function of the office workload. The manufacturer makes the available memory really high so that it isn't going to be "broken" by really high workloads. If an office manager gets a pimp photocopier only to be used for a few copies a day, that is on the office manager.

        • Also shouldn't the manufacture's be responsible for this somewhat? It's obvious when you save a document to a computer that the drive needs to be wiped, not so obvious when it's a copy machine. Shouldn't there be big warning labels and a "wipe all" button on the back somewhere? Sharp apparently offers a product to wipe copy machine hard drives.... for $500:

          I worked for a company a few years ago where one of the things I did was to oversee all leases and support contracts, including copier leases. Our supp

        • Re:Why? (Score:4, Interesting)

          by mlts (1038732) * on Tuesday April 20, 2010 @03:21PM (#31914314)

          Every HDD out there, as part of the ATA standard, supports a secure erase command. The utility HDDErase is one such tool which tells a drive to erase itself. And since this is done at the drive level, it is a lot faster than a dd if=/dev/zero of=/dev/sdwhatever because there is no data having to be moved through the drive's I/O channels, the drive head is just writing the zeroes itself. Some drives AES-256 all the contents automatically, and a secure wipe tells the drive just to drop the existing key it uses for encrypting/decrypting data, and generate another one. This is a lot faster because once the old key is erased and a new key is put in, the remaining data on the disk is useless.

          Another method is to do a file encryption method similar to how Windows Mobile post 6.0 stores encrypted files on a memory card: Generate a random 256 bit key for every item going on the HDD. Store the key to every file in the copier RAM (unless there is a reason to have persistent storage, then store it on some non-volatile memory that is easily erased.) Then when done with the copy and the data on disk isn't needed, drop the key from RAM (perhaps overwrite it in RAM a few times), and delete from the disks's filesystem. Since the encryption key only persists in volatile RAM for the lifetime of using the file, this method makes it almost impossible to recover data, unless someone is attacking the copier while it is live and in use (which then there are even bigger problems.)

    • by Cassini2 (956052)

      Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

      The copiers scan the originals into memory, and then print from memory. It allows them to print 5 copies of a 100 page document, all perfectly collated. The long term storage is a side effect.

      Having a hard drive also enables new features, like network printing to the photocopier, and network scanning. These command a significant price premium with minimal hardware cost. As such, the photoc

    • Re: (Score:3, Insightful)

      Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

      The news report is being sensationalist, and leading you to believe that it's keeping the data. Listen to the report again: they use a forensic program to get at the files. In other words, unless you tell the device to save the image, it's deleted. (The catch is that "deleted" means "entry deleted", not "file wiped off the drive".)

      In other words, companies aren't wiping the hard drives of leased copiers. (Then again, are companies wiping the drives of leased PCs? Of PCs they owned, then threw away?)

      S

    • Re: (Score:3, Insightful)

      by CAIMLAS (41445)

      It probably comes down to cost.

      If a printer has a 22ppm rate and has 64MB of RAM, you're not going to be able to print more than one or two larger print jobs at a time - particularly if they're RAW jobs. You'll need a print server for that, and you'll have a significant bottleneck before getting to the printer/the printer accepts the job. This leads to user agitation.

      So, while 128MB costs $100 (at the time), a 40G disk costs roughly the same amount - and you can cache to disk with marginal overhead and prov

    • by Locke2005 (849178)
      When somebody decided it might be faster to print 100 copies of a full-color 100 page report without downloading the entire thing to the printer 100 times...

      This is more a problem with multifunction machines, i.e. our copier/printer/fax at work keeps all received faxes and scanned images on a network mapped drive until explicitly deleted. That's only a problem if your admin fails to clear the HDD before surplussing the machine, but most of these are leased from a 3rd party who doesn't give a shit about yo
  • by GigsVT (208848) on Tuesday April 20, 2010 @01:24PM (#31912756) Journal

    No one is going to sort through millions of pointless memos about employee picnics and birthday party announcements on the off chance that there's something potentially valuable to someone somewhere.

    • by rhsanborn (773855) on Tuesday April 20, 2010 @01:31PM (#31912872)
      No one is going to go dumpster diving and digging through reams of discarded employee picnic announcements just to try and find some corporate secrets, wait... shoot.

      Ok, let's try this again. No one is going to go through piles of keylogger data most of which is filled with lols and a\s\l?s to try and find a persons banking credentials, wait ... frick.

      No one will do it, except the people that do. There is a buck to be made, people will do it.
    • Re: (Score:3, Insightful)

      by bdsesq (515351)

      No one is going to sort through millions of pointless memos about employee picnics and birthday party announcements on the off chance that there's something potentially valuable to someone somewhere.

      Want to bet? Oh, that's right you already are betting. If no one goes through your copier data you win -- nothing. If someone finds a password or credit card number you lose -- big time.

      So nothing to gain and everything to lose. Sounds like wiping the copier disk is a "must do"!

      • by natehoy (1608657)

        Personally, I think finding the drive/memory and smashing the shit out of it would be cheaper and more effective. Shame that the photocopier can't be reused, but spending $500 to wipe a photocopier that you can sell for $300 isn't very efficient either. Recycle the parts, and give $300 to a charity so they can buy a used photocopier from someone else.

      • by GigsVT (208848)

        If you are making photocopies of a sheet with your password on it, you have way bigger security issues to worry about.

    • Yup, because OCR would take too long and they would never think of that. If it kept printouts and not just copies (and many copy machines can also function as a printer) it would be very quick and accurate to OCR everything on a drive and do a text search for S/N
    • by _Sprocket_ (42527) on Tuesday April 20, 2010 @01:42PM (#31913072)

      Data is valuable. Labor is cheap.

    • by natehoy (1608657)

      Your statement is an example of "security through obscurity" or "hiding in plain sight". That model of security was already disproved long ago. And, by "long ago", I'm referring to thousands of years, not weeks. It not only predates the invention of the photocopier, it predates the invention of paper. It probably even predates the concept of walking upright.

      Hiding important things in an ocean of unimportant things means that someone can still get at the important things if they try hard enough, or are a

    • by Hatta (162192)

      Do you have any idea how much electronic waste gets sent to Africa? Do you have any idea what the economy there is like? Do you have any idea how much identity theft originates from Africa? These are people with very few legitimate options, and a very low risk to reward ratio for the illegtimate options.

    • by rubycodez (864176)

      sure they will, there are those who go through entire dumpsters looking for valuable papers

      and your stereotype is silly, such "pointless memos" are done via e-mail, copiers mostly do business papers

  • Secrets (Score:5, Interesting)

    by Z34107 (925136) on Tuesday April 20, 2010 @01:24PM (#31912760)

    I'm not surprised - there are all sorts of nifty things mere "copiers" do. They can store documents forever, especially "secure" ones that you have to release with a PIN. They provide network services - some include (hackable!) FTP servers.

    HPs printers support SNMP, but usually in the most insecure method possible. One of the simpler things you can do (Google it, perhaps not using SNMP) is remotely change the LCD text and blink the status lights. I wrote a script that would make all the HP printers on campus flash an animated ASCII Kirby dance.

    Print servers are just that - servers. But, they look like copiers, so they get thrown out with secrets.

    • Re:Secrets (Score:4, Funny)

      by zill (1690130) on Tuesday April 20, 2010 @01:55PM (#31913298)

      I wrote a script that would make all the HP printers on campus flash an animated ASCII Kirby dance.

      Travis! You finally made a slip of tongue. Us sysadmins has been hunting the culprit for years now and now we finally got you!

    • Re:Secrets (Score:5, Funny)

      by Lumpy (12016) on Tuesday April 20, 2010 @01:59PM (#31913350) Homepage

      My favorite was to change the language file and make "ready" be "insert coin"...

    • by adenied (120700)

      Years ago (circa 1999 I guess) I discovered that many of the campus printers at my university were wide open to telnet. One could log in to any of them without a password and change multiple settings. I worked for one of the departments that had a lot of computers that we administered so ours were pretty locked down. But most departments relied on the campus-wide organization for pretty much everything. I e-mailed their security people about the problem and pretty much got blown off with "we don't think it

  • by bfmorgan (839462) on Tuesday April 20, 2010 @01:26PM (#31912798)
    I have pointed this out to my company's computer security guy and his response was, "I don't worry about copiers, that is a human resource issue". I have sent him this story. Maybe that will get him worried. Oh, and I cc'd the CEO.
  • From the article (Score:3, Insightful)

    by Itninja (937614) on Tuesday April 20, 2010 @01:29PM (#31912844) Homepage

    Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.

    Having worked in the digital industry up until 2007 I can tell you, that is a laughably inaccurate statement. We had half a dozen industrial-class copiers, all from 2004 or newer. The only one with a 'hard drive' in it was the high end color copier/printer; and we had to specifically add that option. I think it would be accurate to say that nearly all digital copiers might be configured to use a hard drive, though many are external and often separated from the device when it's sold.

    • by geekoid (135745)

      "digital industry"?

      what? you carved atoms into bits for a living?

  • by wfmcwalter (124904) on Tuesday April 20, 2010 @01:34PM (#31912932) Homepage
    My company recently bought a used copier/scanner/printer, which had supposedly been reconditioned and cleaned. It included a "document server" feature, whereby jobs could be scanned to its internal disk (or print jobs could be stored in the printer for later printing). The salesman who sold it to us had helpfully left scans of his current account statement in the document server, together with some placating letters to other customers. After thinking about what uses we'd actually have, I decided just to turn the document server feature off for everyone. I did leave the deferred-jobs part on (as it's useful when someone is printing on weird stock or printing something confidential) - thus ensuring that anything left on the copier (the company is now defunct, the copier presumably resold) is guaranteed to be juicy.
    • by ae1294 (1547521)

      The salesman who sold it to us had helpfully left scans of his current account statement in the document server ... After thinking about what uses we'd actually have, I decided ... it's useful ... printing something confidential ... thus ensuring that ... (the company is now defunct)

      Hummm... that must have been a really awesome hookers and blow party your company had!

  • new feature idea... (Score:3, Interesting)

    by Stewie241 (1035724) on Tuesday April 20, 2010 @01:38PM (#31912994)

    Isn't there a spec for deleting data? Seems it would be a good selling feature and cheap to implement a system in the BIOS of all PCs and any device that has a hard drive a way to securely delete all data. This would make it much easier to get rid of old equipment without having to worry about what data is left.

  • Yes, are secrets ar in da printed memory...oh noes!

    What are the odds that any printer happens to have some damming secret in it that's being reomoved? Is it worth going there avery single decommissioned printer to find it?

    No.

    • by Amouth (879122)

      Every? yea that would be a waist.. but you know if you showed me different copiers - i could tell you roughly what each one would be used for (aka the departments) and if you could get any of the back history of the last lease.. that is when you start targeting companies or government groups for specific info.. and that my friend is where you start getting info that can make you money.

      even where i work - i know of 1 copier that gets used for a couple random things BUT it is also the one the book keeper

    • by sjames (1099)

      That depends. They tend to get shipped to cheap labor countries to get stripped and buried where the environmental and workplace safety laws are non-existent. It might be worth the cost of labor THERE.

      In the U.S., it might be a good way to employ a few meth heads. They tend to be hyper-focused, love doing dull repetitive work, and don't really want to talk to authorities about anything like being paid less than minimum wage or what their urine test might reveal. Since legitimate work that they can do while

  • They aren't really finding files. The files, of course, are marked for deletion and are deleted with the data left behind in unallocated sectors. What they're doing is using forensic tools to take this raw data off the hard drive and re-assemble it into files, something well-known about computers. The point of the story is that nobody knows it's true about many digital copiers, too.

    As for the $500 device to wipe the drive, this device is expensive because it's a little computer that does a "wipe" of the

    • by LanMan04 (790429)

      As for the $500 device to wipe the drive, this device is expensive because it's a little computer that does a "wipe" of the hard drive data to FIPS 142-2 and NIST 800-88 4 standards.

      Well, after putting the drive through that it won't be usable by the copier anymore (unless copier will accept and format any plain-Jane drive, but I seriously doubt that), so why not just get DBAN's Boot N Nuke and be done with it? Or a hammer? Or a gun? Most of those cost less than $500 and meet the same security standards.

      http://www.dban.org/download [dban.org]
      http://www.dban.org/faq/software [dban.org]

  • No hard drive, no real issue.

    I see this issue crop up with large-format printers/copiers, but the issue is really the same as what the article is talking about. Many photocopiers, printers - both small format and large format - have the ability to re-print from history, and this is because all the jobs are saved locally to the device. Depending on the device and manufacturer, this may or may not be a real problem. On some of our devices (large format), the history is set in terms of gigabytes - usually t

    • by Delusion_ (56114)

      Yes, TFA is a bit of scare-mongering. Quite honestly, most businesses are not in jeopardy if their old printed/scanned documents get out of their hands; by the time anyone else has access to the device, the documents aren't timely.

      Having said that, the article also points out that two of the devices they scanned were from police departments and contained documents that, if leaked, would put their previous owners in liability, and the subjects of the documents in jeopardy of blackmail or worse.

      I think that,

  • It is true - 1st saw this about 8 years ago - that color copiers put a pattern of yellow dots on every sheet; supposedly, the pattern is tied to the serial number of the machine. You can see the dots, at least for some machines, with the naked eye, if you look really carefully and know what to look for. and this is just what we know http://www.pcworld.com/article/118664/government_uses_color_laser_printer_technology_to_track_documents.html [pcworld.com]
  • Is their a site on the web that lists the procedures for clearing out saved data for each copier/printer model?
  • ...(in 1999) when I copied an offer letter for better employment on my current employer's copier, then left for a long weekend. I came back on Monday to find my offer letter pasted all over the company.
  • by Stele (9443)

    When they eventually get tossed, very few companies bother to scrub them.

    With years of ass-stain buildup, who's going to bother scrubbing them? Better to just incinerate the lot. It's the only way to be sure.

  • Digital Everything (Score:3, Interesting)

    by colmore (56499) on Tuesday April 20, 2010 @02:01PM (#31913384) Journal

    I'm starting to really think that we're making a mistake putting full-fledged computers in everything we build. They allow for an amazing array of features, but it makes fully understanding our machines much more difficult. Security problems like this one are inevitable.

    A dumb analog xerox machine is pretty easy to understand, and one that runs on a microcontroller and a few KB of ram (if that) isn't much harder. But who but the most dedicated hacker has any real idea about what is going on inside a modern Xerox. It *might* not have any undocumented "features," but you have no way of knowing. Security has gone from being a matter of applied common sense to involving a large amount of blind trust in these manufacturers.

    It's a symptom of a larger issue though. We're rapidly getting away from having a society where a well educated and technically minded person can understand the actual inner workings of the technology they interact with every day. The tradeoff might be worth it, I'm not a luddite. But we should remember that we are entering into a new kind of relationship with our machines,

  • On many modern devices in the lab (e.g. Arbitrary Waveform Generators, Oscilloscopes) the hd can be easily removed withou opening the case. That would be fairly easy. Or: mount the hd firmly but make a slot for a i GB compactflash card containing the encryption key. or store the encryption key on the hd and delete it 1 time per month.
  • Would it really be that hard to make digital copiers that - by default - sanitize their hard drives every night?

    They could even reformat the entire drive every week or so if the OS resides in firmware or a 2nd drive.
    • Re: (Score:2, Interesting)

      by FaxeTheCat (1394763)
      All the major manufacturers offer options that will delete/overwrite data from the internal hard drive after it has been output. They also offer encryption of all user data on the drives, so that the drive content cannot be read outside of the machine.

      As most of the machines in this class now run on Linux, adding that kind of features should be pretty simple.
  • We dispose of our e-waste through a disposal company that certifies the destruction of all the data on the devices. We started disposing of fax machines and copiers this way when we realized that these things store potentially confidential documents.

    -ted

  • Wipe those old copiers and fill them with images of your butt to send a message to the industrial spies.

How much net work could a network work, if a network could net work?

Working...