Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 04 Apr 2012 08:19:53 -0700
From:      perryh@pluto.rain.com
To:        freebsd-questions@freebsd.org
Subject:   Re: Printer recommendation please
Message-ID:  <4f7c6699.ysDEG9sqC2v4v5Xl%perryh@pluto.rain.com>
In-Reply-To: <20120403084005.576af98e@scorpio>
References:  <4F75D37C.2020203@lovetemple.net> <20120330232307.41e420b1.freebsd@edvax.de> <4f7770b7.BkVKquuSmumStBb/%perryh@pluto.rain.com> <20120401112923.47e6c8a7.freebsd@edvax.de> <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com> <20120402073303.1ae0ea96@scorpio> <4f7b3fe0.PWM597T4KrLqJxhq%perryh@pluto.rain.com> <20120403084005.576af98e@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help 
Jerry <jerry@seibercom.net> wrote:

> > > Furthermore, there are means of encrypting print data ...
> > 
> > Utterly irrelevant to the topic under discussion, which is
> > the additional malware exposure that a PDF-accepting printer
> > has relative to a printer that accepts only PCL and/or PS.
>
> FROM YOUR ORIGINAL POST:
> "All the more reason to avoid wireless.  (I had been thinking more
> along the lines of someone intercepting sensitive print files, e.g.
> tax returns, as they were being sent to the printer.)"

I think you must have missed the parentheses, and the "had been".
When I initially stated my distrust of wireless (in a post prior to
the one you quoted here), I didn't specify a particular security-
related reason, just general concern that it effectively bypasses
the firewall.  Here I note that Poly's concern about a printer
being corrupted by receiving a malicious "firmware update" job is
important, and acknowledge that my original concern about sniffing
pales by comparison.

> I again restate my original statement that there exists means of
> encrypting data sent to a printer.

Yes, provided the printer supports the corresponding decryption
operation, but that capability is still irrelevant to the question
of whether the printer's firmware can be corrupted by a malicious
"firmware update" job.  According to the report that Poly linked
to, there are at least some printers that are vulnerable to that
kind of attack.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4f7c6699.ysDEG9sqC2v4v5Xl%perryh>