Polytropon <free...@edvax.de> wrote:

> On Sat, 31 Mar 2012 14:01:43 -0700, per...@pluto.rain.com wrote:
> > I personally don't trust wireless, because it's well nigh
> > impossible to truly secure it.
> In that case, one should also pay attention to secure the
> printer. Wait - secure the printer? What am I talking about?
> Firmware attacks!
> Yes - malware has already reached printers ...

All the more reason to avoid wireless.  (I had been thinking more
along the lines of someone intercepting sensitive print files, e.g.
tax returns, as they were being sent to the printer.)

A printer connected to a hard-wired network, behind a firewall with
no tunnelling to it allowed, is not going to get anything sent to it
from outside.  Granted this does not protect against malware jobs
sent from a local machine, but it at least avoids having malware
sent wirelessly to the printer by someone parked out front, thus
there's one less pathway needing to be secured.

It may also be a reason to _avoid_ printers that accept PDF directly.
Since PDFs are often downloaded and printed, an attacker could post
a bogus firmware download under an innocent-sounding name like
"manual.pdf" leading someone to do

$ fetch http://.../manual.pdf && lpr manual.pdf


However if said PDF has to first be locally converted to PS (e.g.
by xpdf) before being sent to the printer, an attacker would have
to (somehow) formulate a PDF that would cause xpdf to emit a
"PostScript" file that looked to the printer like a firmware
download.  I don't know enough about either PDF or xpdf to say
whether that's possible, but I imagine it would at least be a
whole lot more difficult than in the direct PDF case.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to