Printer recommendation please
Da Rock
freebsd-questions at herveybayaustralia.com.au
Mon Apr 2 10:14:52 UTC 2012
On 04/03/12 01:09, perryh at pluto.rain.com wrote:
> Polytropon<freebsd at edvax.de> wrote:
>
>> On Sat, 31 Mar 2012 14:01:43 -0700, perryh at pluto.rain.com wrote:
>>> I personally don't trust wireless, because it's well nigh
>>> impossible to truly secure it.
>> In that case, one should also pay attention to secure the
>> printer. Wait - secure the printer? What am I talking about?
>>
>> Firmware attacks!
>>
>> Yes - malware has already reached printers ...
> All the more reason to avoid wireless. (I had been thinking more
> along the lines of someone intercepting sensitive print files, e.g.
> tax returns, as they were being sent to the printer.)
>
> A printer connected to a hard-wired network, behind a firewall with
> no tunnelling to it allowed, is not going to get anything sent to it
> from outside. Granted this does not protect against malware jobs
> sent from a local machine, but it at least avoids having malware
> sent wirelessly to the printer by someone parked out front, thus
> there's one less pathway needing to be secured.
>
> It may also be a reason to _avoid_ printers that accept PDF directly.
> Since PDFs are often downloaded and printed, an attacker could post
> a bogus firmware download under an innocent-sounding name like
> "manual.pdf" leading someone to do
>
> $ fetch http://.../manual.pdf&& lpr manual.pdf
>
> Oops.
>
> However if said PDF has to first be locally converted to PS (e.g.
> by xpdf) before being sent to the printer, an attacker would have
> to (somehow) formulate a PDF that would cause xpdf to emit a
> "PostScript" file that looked to the printer like a firmware
> download. I don't know enough about either PDF or xpdf to say
> whether that's possible, but I imagine it would at least be a
> whole lot more difficult than in the direct PDF case.
Sounds pretty good to me. I'd implement it.
More information about the freebsd-questions
mailing list