Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Printer Buffer Security??

from [Etaoin Shrdlu] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Printer Buffer Security??
Date: Sat, 29 May 2004 06:37:58 -0700 
[edited only for readability]

Dave Aitel wrote:


Tiger Rhoades wrote:

| I'm trying to figure out if the Epson Color Stylus 800 printer
| looses it's buffer memory when unplugged.  I've got to use it for
| some classified processing and don't want to have to destroy it
| when I'm finished.


Well, lucky you. Speaking as an ISSO (which for you, means that I can speak
with authority, rather like a lawyer quoting law to you), I can tell you
this. It isn't an option, as to whether or not the memory can be cleared.
It contains non-volatile memory. You do *not* have an option to restore it
to non-classified processing. Depending on your SSP, you may either remove
and replace the memory, or just leave the entire printer for classified
destruction. For those two people too lazy to get a dictionary:

http://www.webopedia.com/TERM/N/non_volatile_memory.html


| Epson says that it won't retain any information once it's turned
| off, but they can't tell me anywhere that they state that it
| doesn't.


They lie. Who ever you are talking to may not be deliberately lying, but it
doesn't matter.


| I was wondering if anyone knew a good place (internet
| site/documentation) to find out which printers or if this specific
| printer retains it's buffer memory when unplugged?



Is "Strangers who answered my question on the Internet" among the
sources you want to quote when you find out it does, even though you
thought it didn't? This is one of those cases when you want to err on
the side of safety, I think. It's just a printer.


Please note the good advice Dave is giving you here. You've already posted
from your work account (which has interesting headers), and you must
remember that this mailing list is archived in countless places, FOREVER.
The internet has a very long memory. Me, too.

Let me repeat this, so that it's clear. You do *not* have an option. If you
are handling even DoD confidential material, the memory needs to be
destroyed. That printer is only a piece of crap, anyway. Just put in an
order for new memory (or a new printer) now, and get on with it.

--
A Note From Chaos Manor:

http://www.jerrypournelle.com/quiz.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] rsynd-too-open.c posted on fd is backdoored. Don't run it!!!, DownBload / Illegal Instruction Labs
Next by Date:  RE: [Full-Disclosure] http://www.chase.com/ vulnerability, James Patterson Wicks
Previous by Thread:  Re: [Full-Disclosure] Printer Buffer Security??, Dave Aitel
Next by Thread:  RE: [Full-Disclosure] Printer Buffer Security??, Jeff Schreiner
Indexes:  [Date] [Thread] [Top] [All Lists]