On Mon, 02 Apr 2012 08:09:07 -0700 per...@pluto.rain.com articulated: > Polytropon <free...@edvax.de> wrote: > > > On Sat, 31 Mar 2012 14:01:43 -0700, per...@pluto.rain.com wrote: > > > I personally don't trust wireless, because it's well nigh > > > impossible to truly secure it. > > > > In that case, one should also pay attention to secure the > > printer. Wait - secure the printer? What am I talking about? > > > > Firmware attacks! > > > > Yes - malware has already reached printers ... > > All the more reason to avoid wireless. (I had been thinking more > along the lines of someone intercepting sensitive print files, e.g. > tax returns, as they were being sent to the printer.) > > A printer connected to a hard-wired network, behind a firewall with > no tunnelling to it allowed, is not going to get anything sent to it > from outside. Granted this does not protect against malware jobs > sent from a local machine, but it at least avoids having malware > sent wirelessly to the printer by someone parked out front, thus > there's one less pathway needing to be secured. > > It may also be a reason to _avoid_ printers that accept PDF directly. > Since PDFs are often downloaded and printed, an attacker could post > a bogus firmware download under an innocent-sounding name like > "manual.pdf" leading someone to do > > $ fetch http://.../manual.pdf && lpr manual.pdf > > Oops. > > However if said PDF has to first be locally converted to PS (e.g. > by xpdf) before being sent to the printer, an attacker would have > to (somehow) formulate a PDF that would cause xpdf to emit a > "PostScript" file that looked to the printer like a firmware > download. I don't know enough about either PDF or xpdf to say > whether that's possible, but I imagine it would at least be a > whole lot more difficult than in the direct PDF case.
Obviously you are not aware of the latest trend towards the movement to standardize PDF as the standard print format. I would recommend you start by reading the documentation located at: <http://www.linuxfoundation.org/collaborate/workgroups/openprinting> and continue on from there. While there might be some rational for your security concerns on a business network in regards to wireless networks, they are not really relevant on a home networks. The simple ease of use that a wireless network gives a user on a home network far outweigh any pseudo claims of espionage. Furthermore, there are means of encrypting print data. I leave the mastery of that matter up to the student. By the way, since you seem so concerned over your printers security, I assume that you all ready have it at least password protected. Personally, I prefer using certificates. Now that is real security. Again, I assume you are using printers capable of that security. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ Faith goes out through the window when beauty comes in at the door. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
