From owner-freebsd-questions@FreeBSD.ORG Mon Apr 2 11:33:07 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C098D106564A for ; Mon, 2 Apr 2012 11:33:07 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 616E08FC15 for ; Mon, 2 Apr 2012 11:33:07 +0000 (UTC) Received: by ghrr20 with SMTP id r20so1247640ghr.13 for ; Mon, 02 Apr 2012 04:33:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :organization:x-mailer:face:mime-version:content-type :content-transfer-encoding:x-gm-message-state; bh=86jKJqksKlhQ3+QdJd4WwgY8md357QPIc1ljPOpAdTc=; b=C7cIwDP4bazEOTfXfeWnth/6R6Pvt76/YYPx5XOHH4OP6/LerdKvEQyej4nOeZGwGF +oJ6eMAn1bAJyly+hiId5ev3y6z4fMC3H08Fu2aVI5A2V/P90ggDj/stzZ51lre2LMc5 e3E9U5sFcKWjmpD9qFyFlEYYEnsn8qVL52BPqdaojGBMfdVR9GLhAefCtdHMFuxFHSMB aLHrZ0GC7XEnUADx8Fama4GYMungmRFtc4uMnwt4Ib8xUJYQF++kDFCwrf+KAkFpSeAs JsGgbrarYDRqpV7hs/kp1bGzQTw0oDVsw3iBsEPUa9L6U/0C/FV5V/XkEzdD05AnoiDi XRSg== Received: by 10.101.3.16 with SMTP id f16mr1995996ani.60.1333366386684; Mon, 02 Apr 2012 04:33:06 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-076-182-104-150.nc.res.rr.com. [76.182.104.150]) by mx.google.com with ESMTPS id e8sm49378466yhk.0.2012.04.02.04.33.05 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Apr 2012 04:33:05 -0700 (PDT) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jerry@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3VLrsD1bpKz2CG5d for ; Mon, 2 Apr 2012 07:33:04 -0400 (EDT) Date: Mon, 2 Apr 2012 07:33:03 -0400 From: Jerry To: FreeBSD Message-ID: <20120402073303.1ae0ea96@scorpio> In-Reply-To: <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com> References: <4F75D37C.2020203@lovetemple.net> <20120330232307.41e420b1.freebsd@edvax.de> <4f7770b7.BkVKquuSmumStBb/%perryh@pluto.rain.com> <20120401112923.47e6c8a7.freebsd@edvax.de> <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com> Organization: seibercom.net X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.2) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUAAABYRlwJCw4FAgAIBwKprDkBAQFQLR0BAgCir7VRttp8AAACAUlEQVQ4jZWUTYvbMBCGTVl8V2hX6Gg5G5FbWQdBj0lEfE7BhN4cyzi5Wt1E5L70roWy6N92xok/skkP+5IYrMcz78xIduDWpNM3vFzuA/jX5EY1AI6KHFwW/CzFuQAwqUBbV12p+CzIh6Awq7sg33pn5D64SQXAexffeuQlA/L35RrkaB551OjGfP/cAO8mCNaDcgvfky5ijoD0pAXlCQCnljiAjsJD9Ax05Ko5sZxbnLQcmM+dZg5IjREfZrWIHK0JuwU68pAGwHvfRxBundRzTxxz3r9dNUikPsEihjz2Dc4kjp1hKsJGuot4EDxaxzMoC7XqhxhOSfZrTS6gSX1JVdjp+o1PvWfekXgw3WL0g70nDEwA0H0HQsEZc8sTmFMTkWUfYWC/vdR1zQy3xLQgLwzu90QnlnFLjeiGWBjwhb4Sa42IqOg2qqS4O1/zhKokFUb1Q8Rj4Eb69WVflXEehJ35DgChVTE5n50eaGyMLOfH8AOodoSM4PVYAQgQdBulOa+knklYks3vAuQ+uX492lTl+A+e8qBV2AKoXalVKFfyuUp0pUp1ARaUHh82lv9MN+Ig7CZtgE6FNYvjlywT2VP2dMgOG46gTIWcqdfvuwyXNz0oMJNd/N5lh1YNiJt19ADTUo3VuFSNeQwVqRSrGjSCp53fk2g+Mvfk/gfoPxHeUS8MH9vRAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Gm-Message-State: ALoCoQmYEmMIeqoOsY0nT6RR4wfEWx7RfK6zIT8WZwXtyGDRbDdJVD7RdNOKqqDS83J3sF6yt4Yd Subject: Re: Printer recommendation please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Apr 2012 11:33:07 -0000 On Mon, 02 Apr 2012 08:09:07 -0700 perryh@pluto.rain.com articulated: > Polytropon wrote: > > > On Sat, 31 Mar 2012 14:01:43 -0700, perryh@pluto.rain.com wrote: > > > I personally don't trust wireless, because it's well nigh > > > impossible to truly secure it. > > > > In that case, one should also pay attention to secure the > > printer. Wait - secure the printer? What am I talking about? > > > > Firmware attacks! > > > > Yes - malware has already reached printers ... > > All the more reason to avoid wireless. (I had been thinking more > along the lines of someone intercepting sensitive print files, e.g. > tax returns, as they were being sent to the printer.) > > A printer connected to a hard-wired network, behind a firewall with > no tunnelling to it allowed, is not going to get anything sent to it > from outside. Granted this does not protect against malware jobs > sent from a local machine, but it at least avoids having malware > sent wirelessly to the printer by someone parked out front, thus > there's one less pathway needing to be secured. > > It may also be a reason to _avoid_ printers that accept PDF directly. > Since PDFs are often downloaded and printed, an attacker could post > a bogus firmware download under an innocent-sounding name like > "manual.pdf" leading someone to do > > $ fetch http://.../manual.pdf && lpr manual.pdf > > Oops. > > However if said PDF has to first be locally converted to PS (e.g. > by xpdf) before being sent to the printer, an attacker would have > to (somehow) formulate a PDF that would cause xpdf to emit a > "PostScript" file that looked to the printer like a firmware > download. I don't know enough about either PDF or xpdf to say > whether that's possible, but I imagine it would at least be a > whole lot more difficult than in the direct PDF case. Obviously you are not aware of the latest trend towards the movement to standardize PDF as the standard print format. I would recommend you start by reading the documentation located at: and continue on from there. While there might be some rational for your security concerns on a business network in regards to wireless networks, they are not really relevant on a home networks. The simple ease of use that a wireless network gives a user on a home network far outweigh any pseudo claims of espionage. Furthermore, there are means of encrypting print data. I leave the mastery of that matter up to the student. By the way, since you seem so concerned over your printers security, I assume that you all ready have it at least password protected. Personally, I prefer using certificates. Now that is real security. Again, I assume you are using printers capable of that security. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ Faith goes out through the window when beauty comes in at the door.