Symantec has announced the discovery of a new worm, which launches “trash” print jobs. Symantec identifies the worm as W32.Printlove. This malware exploits a vulnerability in Microsoft Windows Print Spooler Service Remote Code Execution (CVE 2010-2729), which was discovered back in 2010.

The worm behave differently on computers with installed update for CVE 2010-2729 vulnerability and on without such update. Symantec Experts have tested this threat in a simple network of two computers and a network printer that is connected through the switch.

• Computer Configuration A: Windows XP Professional. The computer was updated with the CVE 2010-2729 patch and was infected with W32.Printlove. A local or network printer was not connected.
• Computer Configuration B: Windows XP Professional. In the first scenario, the computer runs without update, and in the second, it is updated. A network printer open for public access is connected.

Computer A must have permission to send print jobs to computer B. Guest access to shared printers in Windows XP is enabled by default; in newer operating systems, computer A must be authenticated by the computer B.

There are two scenarios in which the threat may work:

• W32.Printlove running on computer A will look for network print resources. When such discovered, it sends itself to computer B, using the StartDocPrinter query. The vulnerability of the print bufferallows for copying of whatever file a request transmitted to the printer to any folder. The malware successfully runs on your computer, taking advantage of this vulnerability.
• W32.Printlove running on computer A, behaves this way and passes its code to the computer B. Since computer B has the update, the worm can not exploit the vulnerability. The principle of the corrected vulnerability does not allow print queries to transfer files to any folder (that is printing to file). This prevents the worm from copying itself to the system directory and autostarting itself using the exploit. Instead, it is saved in the printer buffer folder on computer B as .spl-file. After that, computer B will start printing the file on a shared printer attached.

W32.Printlove retains the connection to a remote computer, and periodically tries to infect it using the vulnerability of the print buffer. Computers can be infected again,  and there may be multiple “trash” printings that are sent from different computers until the worm is fully removed from the network. Tracking the source of unwanted prints can be much more complicated in the case of multiple infections present on the network. Network administrators can identify infected PCs looking for .shd-files in the printer buffer folder on the computer, which provides connection to a public printer.

SHD files are created by the operating system and contain detailed information about the request to the printer. To view them, you can use SPLViewer. Because the data files are used by the print buffer service, the service must be first stopped. Administrators are able to detect the compromised computer by the Computername field, which allows you to identify the source sending the print job. Trash printing is the side  effect of eliminating CVE 2010-2729 vulnerabilities on a computers attacked by W32.Printlove.

According to experts, there might be a connection between Trojan.Milicenso and W32.Printlove, but at the moment it is not confirmed. A team of specialists in Symantec continues to investigate to determine the possible relationship of these two threats.

Submit to:

Hard times are coming to those who like to abuse copy machines, soon they’ll have to look for workaround. And all because Canon Japan together with Hitachi introduces a new security system for office printers based on biometric human parameters. Simply put, now to scan or print a document, you will need to confirm you identity with a fingerprint.

The creators claim that the technology isneeded to patch the vulnerabilities that are characteristic for access with password or magnetic cards. Indeed, a sheet of paper with a password scribbled on it or a card may be dropped anywhere, but you can hardly leave your thumb on the table.

The company is planning to introduce the technology into operation on the basis of Canon imageRUNNER ADVANCE line of multifunction printers. Estimated cost of the devices is about $1460. Protected printers will be available on the Japanese market any day. Perhaps, the technology will find its place in other markets, in addition to printer access security.

Submit to:

Previously we reported the discovery of yellow dots made by color laser printers and the reaction of European Union Committee on this issue.

A study done by Electronic Frontier Foundation finds that most color laser printers add an identifying code on every page you print. This code is actually microscopic yellow dots printed on each page in a grid pattern. Normally these dots are invisible to the naked eye and can only be seen using a blue LED light.

The information in the yellow dots varies, some have just the serial number of the printer and others also have the date printed. On the picture below you can see the date and time when page was printed and the serial number of the printer.

Originally the technology was implemented to help secret services track and find counterfeiter who use color laser printers to forge money or securities. But now that color laser printers are becoming more affordable and more user gets them home, these tracking dots are making privacy advocates worry.

“There’s nothing about this technology that limits its application to counterfeit investigations,” stated Seth Schoen with the Electronic Frontier Foundation. “Some people who aren’t doing anything wrong may have their privacy threatened.”

Submit to:

You may know that DMCA (Digital Millennium Copyright Act) prohibits your downloading and sharing any copyrighted material – pirated movies, music, book, TV shows, etc. If your computer IP is detected to take part in such activity, your ISP will receive a DMCA takedown notice – a formal message to report infringing content. The ISP will, in turn, warn your or whoever is know to be associated with detected IP to stop illegal activities. Briefly, this is how copyrights holders protect their intellectual property.

What does it have to do with printers, you may ask?

I’ll tell you what. Some guys (two teacher and a student namely) from University of Washington examined BitTorrent file-sharing networks using specially designed BitTorrent clients to monitor the traffic on these networks. They didn’t actually upload or download any files, but somehow the researchers received over 400 takedown requests. Each of those notices was a false positive accusing them of copyright infringement. The results of the study show that virtually any Internet user has a risk of receiving the DMCA takedown notice.

It still has nothing to do with printers, you may remark.

Yes, but we are almost there. The researchers say in the study that of all the numerous takedown notices they received, 13 were issued for 3 laser printers and a wireless access point. Interesting, right?

The results of the study make it clear that being an advanced user you can make your printer download movies for you and come out clean. On the other hand, the study shows how inconclusive is the method used to identify infringing BitTorrent users.

So if your ISP forwards you a takedown notice, cast the blame on your printer.

Submit to:

Epson has announced an extreme solution to the problem of users who print sensitive documents to network queues but then forget to pick them up — a printer that requires a smartcard before it will print.

Documents to be printed using the EpsonNet Authentication Print system are first stored on a server much as they would be with any network print queue. But where a conventional print queue simply spools the documents in the correct driver format, the Epson system holds them on the server until a user causes the job to be printed by presenting one of a number of types of access cards; contactless or proximity smartcards are supported.

According to Epson, the technology should interest companies in a range of sectors such as banking, healthcare, education, hotels and, inevitably, the military, basically anyone who has cause to worry about the undisciplined use of laser printers.

The kit comprises an interface card, which slots into the printer itself, a contactless card reader and 10 swipe cards, and requires server management software. Epson models supported include the EPL-N2550, EPL-N3000, Aculaser 2600, Aculaser C2600, Aculaser C3800, Aculaser C4200, and Aculaser C9100.

Assuming that companies can face the hassle of managing yet another piece of insecure hardware — the smartcards — this system could have some advantages. The issue it addresses is certainly on the rise for all sorts of reasons, including regulatory compliance.

The system is relatively expensive on a per-printer basis — each printer kit costs £567 ($1114) — but it is likely that an organization would only need a small number of printers to be secured per site. The EpsonNet Authentication Server software costs £707.

Submit to:

Onece upon a time we reported a discovery of mysterious dot markings found on pages printed with color leaser printer.

A European Union commissioner issued an official statement about the legality of printer tracking dot systems last month in response to a query from a member of the European Parliament. The commissioner states that no laws presently address the issue, but notes that it could possibly constitute a violation of the right to privacy guaranteed by the European Union’s Convention of Human Rights and Fundamental Freedoms.

Privacy advocates have been aware for years that many color printers and photocopiers sold in the United States use patterns of nearly-invisible yellow dots to encode identifying information about the originating printer in every printed page. Although few details are available regarding the ultimate function of the watermark or the manner in which the information is used, it is generally characterized as a means through which law enforcement agencies can identify counterfeiters. There is no way to know, however, whether the government’s use of the watermarks extends beyond that function.

The watermark could easily be used by the government to perform identification without any kind of judicial oversight. Some believe that the information could be potentially be used to identify and harass political dissidents. Critics argue that the system threatens to undermine the practice of anonymous pamphleteering—a time-honored vehicle for political dissent that has been used in America since before the Revolutionary War.

“The Commission is not aware of any specific laws either at national or at Community level governing tracking mechanisms in colour laser printers and photocopiers,” wrote Commissioner Franco Frattini in an official statement. “To the extent that individuals may be identified through material printed or copied using certain equipment, such processing may give rise to the violation of fundamental human rights, namely the right to privacy and private life. It also might violate the right to protection of personal data.”

In the United States, the Electronic Frontier Foundation is leading a campaign to increase awareness of potential abuses associated with the watermarking. The organization hopes to eventually amass enough information about it to be able to challenge the practice in court. If the European Union decides to pursue the matter itself, it could potentially pressure U.S. printer manufacturers into providing more specific details that illuminate the extent to which watermarking threatens individual privacy.

via Ars Technica

Submit to:

Once upon a time, printers were printing devices no different from a typewriter in terms of security. As years lapsed, time printers have become more sophisticated, network-enabled devices with hard drives and even operating systems. Pretty much like personal computer. And people keep on taking printers for what they actually are – devices that produce images and texts.

However, modern printers, especially if incorporated into organization’s computer network, can compromise the network security. Printers became as dangerous as computers – they, too, are vulnerable to hackers attacks from inside and outside, and are good place for viruses and other malware to reside. This is what many security expert say and few printer users realize.

In an afford to addressed this issue, Hewlett Packard announced Secure Print Advantage – a new printing security system. According to the company, Secure Print Advantage is the industry’s first hardware-based security solution to minimize business risk.

“HP Secure Print Advantage automates traditionally manual processes and delivers an industry first: consistent, comprehensive and enforceable security policy for the print infrastructure,” said Chris Whitener, chief strategist, Secure Advantage, HP. “This solution provides the necessary automation and simplification of security tasks, like key management, to reduce the costs and burdens generally associated with them.”

Secure Print Advantage a actually a set of devices that encrypt and decrypt data transferred between the workstation and the printer using government-grade FIPS 140-2 Level 4 encryption, maximum level of security encryption. The system consists of modules installed in the user’s desktop or laptop, Secure Printing Modules and the Secure Document Server.

Module of the user’s workstation encrypts the outgoing data and sends it to the Secure Document Server. The server then scans the document for malware, re-encrypts it and either sends it to a Secure Printing Module or to another user. The Secure Printing Module, in turn, decrypts the information and transfers it to the printer. The printing module can also be equipped with a keypad or card-reader to ensure that only an authorized user prints the document.

The system will be available on the market in February, 2008. HP didn’t announce the price yet, but the system is said to be expensive, thus affordable only to those companies where high level of security is vital.

Submit to:

If you considered yourself a happy owner of a color laser printer, you probably won’t be so happy any longer.

In 2005 Electronic Frontier Foundation, an organization supporting customers’ freedoms in the world of electronics, made a discovery that didn’t have much publicity. Every document printed on most color laser printers includes a set of yellow dots used to identify the printer. These dots are invisible to naked eye, but can be clearly seen under microscope or intense blue light.

The dots make up a pattern unique to each printer, so it’s possible to identify the serial number, make and model of printer. Given that most of color laser printers sell directly from the manufacturer or through well-documented service providers, it becomes easy to track the owner of printer. So, everything you print can, and pretty much will, be used against you.

Why on earth, something like this would happen? One of the reasons why might be an agreement of US government and most printer manufacturers to help track down currency counterfeiters. Technological advancement of printing and photocopying devices made it easier to forge money, and with the yellow marks the counterfeit can be tracked back to its origin.

On the other hand, the same technique may be used to track any other printed materials, including those you considered personal. No law requires printer manufacturers to use that kind of embedded markings. No law prevents government services from tracking and collecting the information using these markings.

However, there is something you can do about this. Remember that color laser printers don’t make hidden dots, if printing in black-and-white mode. Monochrome laser printer, as well as inkjet and dot-matrix printers are also dots-free. The Electronic Frontier Foundation maintains and regularly updates a list of printers that do and don’t have the tracking dots. Just check it out to see if your printer is spying on you or not.

Submit to: