Date: Mon, 02 Apr 2012 08:09:07 -0700 From: perryh@pluto.rain.com To: freebsd@edvax.de Cc: karel@lovetemple.net, freebsd-questions@freebsd.org Subject: Re: Printer recommendation please Message-ID: <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com> In-Reply-To: <20120401112923.47e6c8a7.freebsd@edvax.de> References: <4F75D37C.2020203@lovetemple.net> <20120330232307.41e420b1.freebsd@edvax.de> <4f7770b7.BkVKquuSmumStBb/%perryh@pluto.rain.com> <20120401112923.47e6c8a7.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Polytropon <freebsd@edvax.de> wrote: > On Sat, 31 Mar 2012 14:01:43 -0700, perryh@pluto.rain.com wrote: > > I personally don't trust wireless, because it's well nigh > > impossible to truly secure it. > > In that case, one should also pay attention to secure the > printer. Wait - secure the printer? What am I talking about? > > Firmware attacks! > > Yes - malware has already reached printers ... All the more reason to avoid wireless. (I had been thinking more along the lines of someone intercepting sensitive print files, e.g. tax returns, as they were being sent to the printer.) A printer connected to a hard-wired network, behind a firewall with no tunnelling to it allowed, is not going to get anything sent to it from outside. Granted this does not protect against malware jobs sent from a local machine, but it at least avoids having malware sent wirelessly to the printer by someone parked out front, thus there's one less pathway needing to be secured. It may also be a reason to _avoid_ printers that accept PDF directly. Since PDFs are often downloaded and printed, an attacker could post a bogus firmware download under an innocent-sounding name like "manual.pdf" leading someone to do $ fetch http://.../manual.pdf && lpr manual.pdf Oops. However if said PDF has to first be locally converted to PS (e.g. by xpdf) before being sent to the printer, an attacker would have to (somehow) formulate a PDF that would cause xpdf to emit a "PostScript" file that looked to the printer like a firmware download. I don't know enough about either PDF or xpdf to say whether that's possible, but I imagine it would at least be a whole lot more difficult than in the direct PDF case.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4f79c113.4NFuCWPOnCnPln6u%perryh>