What's new
Frozen In Carbonite

Welcome to FIC! Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Keeping Away From Paperless Society Does Not Prevent Hacking (because of course it doesn't)

Lerticus

Senile Old Coot
Communism
The latest research by the NCC Group just revealed at the Def Con security conference shows just how easy of a target office printers can be.
...
No wonder they’re a target; office printers are a treasure trove of sensitive data. And because they often come with a web-based interface or an internet connection, they have a huge attack surface, making them easy to hack.

In the course of three months’ work, researchers Daniel Romero and Mario Rivas found and reported 45 separate vulnerabilities from six of the largest printer makers — HP, Lexmark, Brother, Xerox, Ricoh, and Kyocera — which could have allowed attackers to, among other things, siphon off copies of print jobs to an attacker controlled server.

They also showed they could hijacked and enlist vulnerable printers into botnets — used to overload websites with junk internet traffic. Or, with little effort, they could brick the printers completely, potentially causing havoc for business operations.
Yes, there are some people who think that so long as they continue to work with printed materials they can be secure from the common hacks that stem from weak security combined with mass data sharing. Except it turns out that you just need to hack those printers themselves, and that relying on large companies to keep those devices secure does not really work. Yes, the trees are dying for no reason at all, because the premise of security is flawed.

Not a new concept, but it is noteworthy that the experienced manufacturers continue to have easily exploited vulnerabilities after the wireless interfacing has matured to this extent. It also proves once again that it is only by completely shutting yourself off from society can you (hopefully) protect yourself from the global hacking epidemic. Sharing data online or keeping it on hard copy, your technology and the information that it processes can be compromised so long as your electronics are not completely air-gapped, and if they are you really don't benefit from the technology at all.
 

folti

Active member

Yes, there are some people who think that so long as they continue to work with printed materials they can be secure from the common hacks that stem from weak security combined with mass data sharing. Except it turns out that you just need to hack those printers themselves, and that relying on large companies to keep those devices secure does not really work. Yes, the trees are dying for no reason at all, because the premise of security is flawed.

Not a new concept, but it is noteworthy that the experienced manufacturers continue to have easily exploited vulnerabilities after the wireless interfacing has matured to this extent. It also proves once again that it is only by completely shutting yourself off from society can you (hopefully) protect yourself from the global hacking epidemic. Sharing data online or keeping it on hard copy, your technology and the information that it processes can be compromised so long as your electronics are not completely air-gapped, and if they are you really don't benefit from the technology at all.
Keeping up with the vulnerabilities is expensive and hard. And they won't do that, until they are going to be forced to. Standard procedure for any equipment provider sadly.

Never mind, that nearly all of the printing protocols are insecure by design, because they have been originally cable only protocols (read, the computer and the printer have been linked together with a serial or parallel cable, no networking). Like don't connect to udp/631 or tcp/9100, 9101, 9102 on networked HP printer, because they are just networked servers for the JetDirect protocol, and will try to print any data they receive as a PostScript document. Or just die/get hacked, if the data is malicious. All because they just hastily adapted JetDirect to the age of networking by a simplest cheapest way in the 90s.
 

Lerticus

Senile Old Coot
Communism
*slit throat of virgins to use their blood for writing*
You might have a fight to get any more of that. I understand that Stormwalker uses that as a basecoat for his models. Or maybe it was a topcoat. It is quite a popular choice.
Keeping up with the vulnerabilities is expensive and hard. And they won't do that, until they are going to be forced to. Standard procedure for any equipment provider sadly.

Never mind, that nearly all of the printing protocols are insecure by design, because they have been originally cable only protocols (read, the computer and the printer have been linked together with a serial or parallel cable, no networking). Like don't connect to udp/631 or tcp/9100, 9101, 9102 on networked HP printer, because they are just networked servers for the JetDirect protocol, and will try to print any data they receive as a PostScript document. Or just die/get hacked, if the data is malicious. All because they just hastily adapted JetDirect to the age of networking by a simplest cheapest way in the 90s.
I laugh at how the kids in electronics stores look at me when I mention that I want to connect peripherals by cable. I am just so old and backwards... and a few thousand times more secure. Then again, I'm not some dumb kid with nothing of value in my life (sorry, kid, your new iPhone and 2006 Corolla aren't worth enough for people to target you and steal your shit).
 

folti

Active member
I laugh at how the kids in electronics stores look at me when I mention that I want to connect peripherals by cable. I am just so old and backwards... and a few thousand times more secure. Then again, I'm not some dumb kid with nothing of value in my life (sorry, kid, your new iPhone and 2006 Corolla aren't worth enough for people to target you and steal your shit).
Just wait until the criminal world adopts the microtransaction model ...
 

Vorpal

Administrator
Administrator
I laugh at how the kids in electronics stores look at me when I mention that I want to connect peripherals by cable. I am just so old and backwards... and a few thousand times more secure. Then again, I'm not some dumb kid with nothing of value in my life (sorry, kid, your new iPhone and 2006 Corolla aren't worth enough for people to target you and steal your shit).
Good. But do you also secure your cables and monitors against van Eck phreaking? :unsure:
 

Lerticus

Senile Old Coot
Communism
Good. But do you also secure your cables and monitors against van Eck phreaking? :unsure:
Not individually so much. I do have a number of wireless dead zones since it is easier to built a large Faraday cage around a cabled work area than to shield individual components. Important information stays inside the shielded areas, which can be a bit of a pain in the ass, but I do value my security.

It is impossible to completely eliminate the ability of being hacked by wireless means without airgapping, and by extension cutting yourself off completely from the world, but I am just paranoid enough to take some more extensive yet fairly reasonable measures to protect myself. There will certainly be some leakage, but by that point it will require more effort and cost to snoop my data than most people or groups would be willing to pay.
 

Top