[Faccus] WARNING: Printer Security w/ Greetings from Serbia

Colin Bell colin.bell at uwaterloo.ca
Thu Sep 8 12:38:05 EDT 2011


I would like to pass along a cautionary tale regarding printer security. Attached is a scan of a printout from a group on campus that had a stack of these appear between Sept 3 and Sept 5.  The printers involved printed an entire paper tray worth of solid black printouts.

If over the past few months you have seen your printers periodically print 'gibberish', you have probably seen the Information Security Services Vulnerability Management scanners probing your printers.  If IST-ISS can make you print blank pages and gibberish, these attackers can do the same.

We have been working to add exemptions to prevent paper and ink wastage but, please note, these exemptions are temporary.  We have been slowly trying to identify all printers on campus so we can get them locked down or moved to private networks.  This campaign represents a great deal of work and we understand the need for a coherent strategy for securing these devices.

Please take note of the following IST-ISS standards document:

If you manage printers in your area please consider making changes to secure the printers yourself.  I understand that this is a major undertaking but, as we have now seen, people have started attacking these unsecured printers.  It may be funny to the attackers but the approximately 1000 insecure printers on campus represent a costly attack surface for the University.

Please, find the time to secure your printers!

If you have any questions, comments, or concerns let me know.

Many thanks,
Colin Bell <colin.bell at uwaterloo.ca> [+1-519-888-4567 x31245]

| Systems Integration Specialist, Information Security Services
| Information Systems & Technology
| University of Waterloo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Greetings_from_Serbia.pdf
Type: application/pdf
Size: 151008 bytes
Desc: Greetings_from_Serbia.pdf
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20110908/5de44773/attachment-0001.pdf>

More information about the Faccus mailing list