Date: Tue, 3 Apr 2012 08:40:05 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Printer recommendation please Message-ID: <20120403084005.576af98e@scorpio> In-Reply-To: <4f7b3fe0.PWM597T4KrLqJxhq%perryh@pluto.rain.com> References: <4F75D37C.2020203@lovetemple.net> <20120330232307.41e420b1.freebsd@edvax.de> <4f7770b7.BkVKquuSmumStBb/%perryh@pluto.rain.com> <20120401112923.47e6c8a7.freebsd@edvax.de> <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com> <20120402073303.1ae0ea96@scorpio> <4f7b3fe0.PWM597T4KrLqJxhq%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 03 Apr 2012 11:22:24 -0700 perryh@pluto.rain.com articulated: > Jerry <jerry@seibercom.net> wrote: > > > Obviously you are not aware of the latest trend towards the > > movement to standardize PDF as the standard print format. I would > > recommend you start by reading the documentation located at: > > <http://www.linuxfoundation.org/collaborate/workgroups/openprinting>; > > and continue on from there. > > That page seems to be concerned with using PDF, rather than PS, as > a common intermediate print language in CUPS. I see nothing there > relevant to sending PDF directly to a printer. PDF is slowly, but surely, becoming the default printing format on several operating systems. A relatively quick check will reveal that more and more manufacturers are now starting to natively support this print format. > > While there might be some rational for your security concerns on > > a business network in regards to wireless networks, they are not > > really relevant on a home networks. The simple ease of use that a > > wireless network gives a user on a home network far outweigh any > > pseudo claims of espionage. > > Following that line of reasoning to its logical conclusion would > lead one to believe that home networks have no need of any malware > protection, e.g. anti-virus. Any ISP which has had to deal with > incidents precipitated by customers' infected machines -- including > but likely not limited to DDoS and spambots -- would likely disagree. Your line of reasoning has somehow gotten totally sidetracked. At no point did I state that NO security measures were ever need. Obviously, everyone needs to establish a certain security baseline for his/her system. Whether or not that system is wireless or hard wired makes absolutely no difference. In fact, I might make a case that it is easier to navigate a hard wired system as opposed to a wireless one since most hard wired systems do not require passwords or certificates to access various components of said system. You stated further on that you have no password or certificate protection on your system. One grenade and you all die. > > Furthermore, there are means of encrypting print data ... > > Utterly irrelevant to the topic under discussion, which is > the additional malware exposure that a PDF-accepting printer > has relative to a printer that accepts only PCL and/or PS. FROM YOUR ORIGINAL POST: "All the more reason to avoid wireless. (I had been thinking more along the lines of someone intercepting sensitive print files, e.g. tax returns, as they were being sent to the printer.)" I again restate my original statement that there exists means of encrypting data sent to a printer. Whether or not you choose to employ them is your business. Requiring security certificates to access the printer offers even greater protection. > I maintain that an attacker can more easily trick a less-than- > paranoid user into sending a malware "print file" to a PDF-accepting > printer than to a non-PDF-accepting printer, simply because PDF > is such a commonly used distribution format. If someone prints a > malware "PDF" file that they have downloaded, and the process of > printing it does not require that it be transformed in any way (such > as conversion to PS) before being sent to the printer, their only > protection from disaster is whatever validation may be built into > the printer itself. (Keep in mind that what started the malware > discussion was Poly's link to a report stating that some printers > do not sufficiently validate an "update firmware" job.) And some do. It is a constantly moving target. You make a better mouse trap, they make a better mouse. It is the degree of paranoia that you are willing to live with. If the user spends his/her time visiting porno sites, then they can reasonably expect to be infected with a malignant file. It is virtually impossible to protect someone from their own bad habits. Please, don't waste your time with the, "I caught it from a toilet seat" explanation. While you could get infected spending a day in the Smithsonian Institution, your odds greatly increase if you spend it in a whore house. > Granted the identical exposure exists for a PS printer if the > downloaded malware file is identified as a PS file, however the > risk is much less in practice because distribution of PS files > is sufficiently uncommon that most unsophisticated users would > have no idea what to do with one if they were to come across it. By your own words, the problem exists. The question here is the degree of exposure. > > By the way, since you seem so concerned over your printers security, > > I assume that you all ready have it at least password protected. > > No need. I have no wireless at all -- everything is hardwired -- > and I trust my firewall. There's no way for anyone to either sniff > or inject anything from outside (i.e. without physical access to > the network on the secure side of the firewall). "Don't worry Captain Smith, this ship can't sink." On a serous note, I have spent the last 12 hours, more or less, checking with my friends and business associates. Not a single one has ever had or knows of a single incident of anyone actually ever being infected or having suffered any negative reaction to having printed a PDF file. Most, but not all of these friends / associates are Microsoft users; however, that should not invalidate the statistics. In fact, the FOSS society claims MS is more vulnerable to infections/hijacking then they are. Therefore, if Microsoft is not being vigorously attacked by this phantom menace, perhaps, just perhaps, it is being blown way out of proportion. The original PDF code was written years ago. Since about 2006 hackers have started finding vulnerabilities in it. There was one that attacked scanned documents in MS Office. That problems was fixed over two years ago. Virtually all PDF attacks now target Web Browsers. A case can be made that viewing PDF files in a Web Browser is far more likely to infect a machine than printing such document ever could. Whether or not you choose to print a PDF file, embrace wireless technology, etcetera means a rat's ass to me. However, spreading FUD is another matter. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120403084005.576af98e>