Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Your printer: An open door for hackers?

From misdirected faxes to printer hacking
Security Strategies Alert By M. E. Kabay , Network World , 04/17/2008
Sign up for this newsletter now!

Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.

  • Share/Email
  • Tweet This
  • Comment
  • Print

In 2003, a staff member at the Public Health Laboratory of the Ministry of Health and Long Term Care of the Province of Ontario in Canada tried to send a fax to a doctor’s office. (By the way, for U.S. readers, Canada is the large blank pink region north of the border on your maps and which, contrary to popular belief, actually includes people as well as moose and beavers.) Alas, the clerk mistyped a 5 as an 8 in the fax number and inadvertently sent medical records to a local gasoline station. The owner very kindly gave the fax to a doctor who was a regular customer and the doctor reported the breach of the Freedom of Information and Protection of Privacy Act

Everyone knows that fax misdirection is a problem; even properly directed faxes pose a security risk when confidential documents are sent, unprotected, to a nonsecure fax machine that prints everything out whether the proper recipient is ready to receive the documents or not. Now hold those ideas for a moment - and let’s go back to when I was a young man, oh so long ago. (Compare Data Leak Protection products)

In April 1981, I was sent to HP headquarters in Cupertino, Calif., on a six-month assignment to be trained as an HP3000 operating systems internals and performance specialist and also to work on a pioneering computer-based training system I invented for the company. I brought my flute along and met a friendly lab engineer named Dale Morris who played excellent guitar. We had a good time playing duets that summer. I remember that he was working on a new series of HP3000 machines with a vastly increased memory space: 4GB.

I laughed and wondered why anyone could possibly need so much main memory - especially since a 1MB memory board still cost $64,000 at that time (about $200,000 in today’s currency).

Today, I have 2GB of RAM on my main tower PC and Dale Morris is a Distinguished Technologist at HP in Fort Collins, Colo. Recently he told me about an interesting security issue involving printers, and I invited him to tell us about it in this column. It turns out that the old problem of misdirected faxes has a new twist: networked printers are posing the potential for misdirected printouts - including printer hacking.

The remainder of today’s contribution is from Dale and his colleague Gary Lefkowitz, with minor edits.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comments (10)
Login
Forgot your account info?

"reconfigured the routing tables ..."By Anonymous on April 17, 2008, 11:28 amreconfigured the routing tables - so that the print job shipped to Russia! I find that hard to believe. If it was a printer from the 1999 the web interface would...

Reply | Read entire comment

Moose?By Anonymous on April 17, 2008, 3:50 pmYou forgot Dudley Dooright!

Reply | Read entire comment

Gosh how I hate this kind of "teaser" articleBy Anonymous on April 17, 2008, 6:04 pmFor Mr. Kabay: There are few things that I, personally, find more frustrating than an article that promises to tell me about hacking printers, and then (after...

Reply | Read entire comment

I agreeBy Thi. on April 18, 2008, 6:49 amI agree with the anonymous comment that this is somewhat of an inane teaser article. How silly. Good god.

Reply | Read entire comment

What I learned from this article: Dale has a condescending attitBy Anonymous on April 18, 2008, 8:32 amWhat I learned from this article: Dale has a condescending attitude towards Americans, plays the flute and is impressed with his program development skills.

Reply | Read entire comment

M. E. Kabay has No Credibility By Anonymous on April 18, 2008, 4:04 pmMr. M. E. Kabay, Your holier than thou attitude is such a turn off, that from now on when I see your moniker attached to any article, I will gladly forgo reading...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed