Xerox announced security enhancements to its line of Xerox AltaLink Multifunction Printers (MFPs). Now IT professionals have an extra layer of protection and a more proactive approach to network threats.
(more…)

Submit to:

HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers.

The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the targeted printer.
(more…)

Submit to:

The security of the IoT devices has become an issue of intense concern lately especially in the modern office environments which grow their mobility and networking capabilities. Printers and MFPs have got an Internet connection to help enhance office productivity and effectively manage workflows. These means, first of all, that anyone could reach a printer from his mobile device (in some cases already even outside of the office) and, secondly, that printers save and queue printing jobs (which may contain significant and secure information).

So, to turn mass attention to the problem, HP is producing its own web series called “The Wolf”. Hollywood actor Christian Slater is playing a hacker in the first 6-minute-long episode, where he manages to take crucial to the imminent acquisition information via unsecure network printer. The other 4 episodes will hit the Internet during this year, and this is the new approach to the advertizing HP has gained with its “Keep Reinventing” tagline.

P.S. The company is producing the most secure devices in the category which can efficiently integrate with already secured networks, PCs and servers within the office.

Submit to:

Recently, a computer hacker has claimed responsibility for sending anti-Semitic fliers to networked printers at different universities all over the country. This coordinated cyberattack has included the University of Maryland and Princeton, academic departments and administrative offices at schools in Illinois, California, New Jersey, Massachusetts and Maryland.
(more…)

Submit to:

A flood attack has been popular among hackers for years. It’s a kind of attack to take down a website by raising false traffic. Usually, such action is done through a malware on an infected PCs. (We could have seen it in the top movies like Transformers and Die hard 4). The new type of this attack has been detached by two security companies: Internet-connected printers, home routers and sometimes webcams are used to knock targeted sites offline.

Recently, Chinese security company NSFocus in its report announced that the amount of networked home and office devices in hackers’ attacks has increased to 30 %. NSFocus gets the information from its hardware sold to large firms aiming to defend against denial-of-service attacks. The control over routers has been taken using malware that looked for devices with default passwords.

The company has found another way to take a router or a printer under control with no need of a malware. There is a communication protocol called SSDP, which many devices use to check in with its owner or operator. The protocol is designed so that it could ask a device to send information to a different server. That feature can be used during an attack by directing many devices to repeatedly send information to a server of a certain website.

According to specialists, the use of home devices could become more common for these purposes, but individual users shouldn’t be much worried, because such attacks usually appear to gain money.

Submit to:

Symantec has announced the discovery of a new worm, which launches “trash” print jobs. Symantec identifies the worm as W32.Printlove. This malware exploits a vulnerability in Microsoft Windows Print Spooler Service Remote Code Execution (CVE 2010-2729), which was discovered back in 2010.

The worm behave differently on computers with installed update for CVE 2010-2729 vulnerability and on without such update. Symantec Experts have tested this threat in a simple network of two computers and a network printer that is connected through the switch.

• Computer Configuration A: Windows XP Professional. The computer was updated with the CVE 2010-2729 patch and was infected with W32.Printlove. A local or network printer was not connected.
• Computer Configuration B: Windows XP Professional. In the first scenario, the computer runs without update, and in the second, it is updated. A network printer open for public access is connected.

Computer A must have permission to send print jobs to computer B. Guest access to shared printers in Windows XP is enabled by default; in newer operating systems, computer A must be authenticated by the computer B.

There are two scenarios in which the threat may work:

• W32.Printlove running on computer A will look for network print resources. When such discovered, it sends itself to computer B, using the StartDocPrinter query. The vulnerability of the print bufferallows for copying of whatever file a request transmitted to the printer to any folder. The malware successfully runs on your computer, taking advantage of this vulnerability.
• W32.Printlove running on computer A, behaves this way and passes its code to the computer B. Since computer B has the update, the worm can not exploit the vulnerability. The principle of the corrected vulnerability does not allow print queries to transfer files to any folder (that is printing to file). This prevents the worm from copying itself to the system directory and autostarting itself using the exploit. Instead, it is saved in the printer buffer folder on computer B as .spl-file. After that, computer B will start printing the file on a shared printer attached.

W32.Printlove retains the connection to a remote computer, and periodically tries to infect it using the vulnerability of the print buffer. Computers can be infected again,  and there may be multiple “trash” printings that are sent from different computers until the worm is fully removed from the network. Tracking the source of unwanted prints can be much more complicated in the case of multiple infections present on the network. Network administrators can identify infected PCs looking for .shd-files in the printer buffer folder on the computer, which provides connection to a public printer.

SHD files are created by the operating system and contain detailed information about the request to the printer. To view them, you can use SPLViewer. Because the data files are used by the print buffer service, the service must be first stopped. Administrators are able to detect the compromised computer by the Computername field, which allows you to identify the source sending the print job. Trash printing is the side  effect of eliminating CVE 2010-2729 vulnerabilities on a computers attacked by W32.Printlove.

According to experts, there might be a connection between Trojan.Milicenso and W32.Printlove, but at the moment it is not confirmed. A team of specialists in Symantec continues to investigate to determine the possible relationship of these two threats.

Submit to:

Hard times are coming to those who like to abuse copy machines, soon they’ll have to look for workaround. And all because Canon Japan together with Hitachi introduces a new security system for office printers based on biometric human parameters. Simply put, now to scan or print a document, you will need to confirm you identity with a fingerprint.

The creators claim that the technology isneeded to patch the vulnerabilities that are characteristic for access with password or magnetic cards. Indeed, a sheet of paper with a password scribbled on it or a card may be dropped anywhere, but you can hardly leave your thumb on the table.

The company is planning to introduce the technology into operation on the basis of Canon imageRUNNER ADVANCE line of multifunction printers. Estimated cost of the devices is about $1460. Protected printers will be available on the Japanese market any day. Perhaps, the technology will find its place in other markets, in addition to printer access security.

Submit to:

Previously we reported the discovery of yellow dots made by color laser printers and the reaction of European Union Committee on this issue.

A study done by Electronic Frontier Foundation finds that most color laser printers add an identifying code on every page you print. This code is actually microscopic yellow dots printed on each page in a grid pattern. Normally these dots are invisible to the naked eye and can only be seen using a blue LED light.

The information in the yellow dots varies, some have just the serial number of the printer and others also have the date printed. On the picture below you can see the date and time when page was printed and the serial number of the printer.

Originally the technology was implemented to help secret services track and find counterfeiter who use color laser printers to forge money or securities. But now that color laser printers are becoming more affordable and more user gets them home, these tracking dots are making privacy advocates worry.

“There’s nothing about this technology that limits its application to counterfeit investigations,” stated Seth Schoen with the Electronic Frontier Foundation. “Some people who aren’t doing anything wrong may have their privacy threatened.”

Submit to:

You may know that DMCA (Digital Millennium Copyright Act) prohibits your downloading and sharing any copyrighted material – pirated movies, music, book, TV shows, etc. If your computer IP is detected to take part in such activity, your ISP will receive a DMCA takedown notice – a formal message to report infringing content. The ISP will, in turn, warn your or whoever is know to be associated with detected IP to stop illegal activities. Briefly, this is how copyrights holders protect their intellectual property.

What does it have to do with printers, you may ask?

I’ll tell you what. Some guys (two teacher and a student namely) from University of Washington examined BitTorrent file-sharing networks using specially designed BitTorrent clients to monitor the traffic on these networks. They didn’t actually upload or download any files, but somehow the researchers received over 400 takedown requests. Each of those notices was a false positive accusing them of copyright infringement. The results of the study show that virtually any Internet user has a risk of receiving the DMCA takedown notice.

It still has nothing to do with printers, you may remark.

Yes, but we are almost there. The researchers say in the study that of all the numerous takedown notices they received, 13 were issued for 3 laser printers and a wireless access point. Interesting, right?

The results of the study make it clear that being an advanced user you can make your printer download movies for you and come out clean. On the other hand, the study shows how inconclusive is the method used to identify infringing BitTorrent users.

So if your ISP forwards you a takedown notice, cast the blame on your printer.

Submit to:

Epson has announced an extreme solution to the problem of users who print sensitive documents to network queues but then forget to pick them up — a printer that requires a smartcard before it will print.

Documents to be printed using the EpsonNet Authentication Print system are first stored on a server much as they would be with any network print queue. But where a conventional print queue simply spools the documents in the correct driver format, the Epson system holds them on the server until a user causes the job to be printed by presenting one of a number of types of access cards; contactless or proximity smartcards are supported.

According to Epson, the technology should interest companies in a range of sectors such as banking, healthcare, education, hotels and, inevitably, the military, basically anyone who has cause to worry about the undisciplined use of laser printers.

The kit comprises an interface card, which slots into the printer itself, a contactless card reader and 10 swipe cards, and requires server management software. Epson models supported include the EPL-N2550, EPL-N3000, Aculaser 2600, Aculaser C2600, Aculaser C3800, Aculaser C4200, and Aculaser C9100.

Assuming that companies can face the hassle of managing yet another piece of insecure hardware — the smartcards — this system could have some advantages. The issue it addresses is certainly on the rise for all sorts of reasons, including regulatory compliance.

The system is relatively expensive on a per-printer basis — each printer kit costs £567 ($1114) — but it is likely that an organization would only need a small number of printers to be secured per site. The EpsonNet Authentication Server software costs £707.

Submit to: