[Faccus] FW: [Sec-wg] WARNING: Printer Security w/ Greetings from Serbia
jatestart at uwaterloo.ca
Tue Oct 11 15:55:24 EDT 2011
I have received reports today from several areas of campus that printers
are being "toner bombed". If you are responsible for the management of a
printer that has been subject to such an attack, this is a reminder that
you should review the printer security standards document
http://ist.uwaterloo.ca/security/policy/mfp.shtml and implement the
recommendations. I have included Colin Bell's original alert below.
Jason Testart, BMath, CISSP
Director, Information Security Services
Information Systems & Technology
University of Waterloo
Waterloo, Ontario CANADA
On 11-09-08 12:38 PM, "Colin Bell" <colin.bell at uwaterloo.ca> wrote:
>I would like to pass along a cautionary tale regarding printer security.
>Attached is a scan of a printout from a group on campus that had a stack
>of these appear between Sept 3 and Sept 5. The printers involved printed
>an entire paper tray worth of solid black printouts.
>If over the past few months you have seen your printers periodically
>print 'gibberish', you have probably seen the Information Security
>Services Vulnerability Management scanners probing your printers. If
>IST-ISS can make you print blank pages and gibberish, these attackers can
>do the same.
>We have been working to add exemptions to prevent paper and ink wastage
>but, please note, these exemptions are temporary. We have been slowly
>trying to identify all printers on campus so we can get them locked down
>or moved to private networks. This campaign represents a great deal of
>work and we understand the need for a coherent strategy for securing
>Please take note of the following IST-ISS standards document:
>If you manage printers in your area please consider making changes to
>secure the printers yourself. I understand that this is a major
>undertaking but, as we have now seen, people have started attacking these
>unsecured printers. It may be funny to the attackers but the
>approximately 1000 insecure printers on campus represent a costly attack
>surface for the University.
>Please, find the time to secure your printers!
>If you have any questions, comments, or concerns let me know.
>Colin Bell <colin.bell at uwaterloo.ca> [+1-519-888-4567 x31245]
>| Systems Integration Specialist, Information Security Services
>| Information Systems & Technology
>| University of Waterloo
>Sec-wg mailing list
>Sec-wg at lists.uwaterloo.ca
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 151008 bytes
More information about the Faccus