Sunday, May 18, 2008

Hackers In Your Printers?

A man with a paunch sits at a complicated terminal of intersecting wires and machinery, slurping caffeinated drinks, pale skin glistening, fingers tapping. As a computer hacker he could illegally gain access to compromised networks that hold essential company data. He could, in his own words, "look around the system...see how the system was architectured, see how the directory structures differed from different types of other operating systems, make notes..." and perhaps sell them to those competitors who would be interested? His name was Erik Bloodaxe, and in the 90s he may have paid your computer a personal visit.

You'd think nowadays that protection and security is of self-conscious concern online and with PCs. But, have ISP companies really considered arming your fax machine as a defense from malware, or malicious software? Multi-function printers (or MFPs) are often placed in unobtrusive positions - or worse, in a single, humming room - and ignored or tolerated during the daily humdrum of working life. Networking them with computers makes better use of workers' productivity by allowing faxing, printing and scanning from a single (increasingly sleek) device. Naturally these machines work more like a small server than a traditional printer, operating with a processor, RAM, operating system, Apache, relatively big hard drive and an open source database.

Consider how much information you share within your working day, via printer, fax, email and scanner, and how easy it would be to back up copies of this communication on an MFP's hard drive. Thereafter, a malicious party can find that machine's IP anonymously via Google, and your data is officially leaked. Even worse, if employees are required to enter usernames and passwords to use the machine, this information can similarly be stored and abused. Brave hackers can also simply appear as a one-time technician, hole up in your hot and uncomfortable MFP room (where people spend the minimum of time) and steal your company's secrets.

What can the savvy big businessman do to protect his trade secrets? According to Thomas Ptacek, principal founder at New York-based penetration testing firm, some MFP vendors are working to release more secure code. His recommendation is that IT administrators and consumers openly request better security reviews, which include issue patches and the fixing of security bugs. Vendors may also assist the problem of vulnerability by offering IT staff improved visibility and control over the MFP system. In this way, if you choose an ISP that looks after your security needs as a matter of course, you can be well protected from peeking eyes.

Where is Erik Bloodaxe nowadays, you ask? He's the president of SDI, Inc., which is a Virginia-based corporation that provides information security consulting. What does he actually do? He provides IT security, of course.

References:

http://en.wikipedia.org/wiki/Erik_Bloodaxe_%28hacker%29

http://www.eweek.com/c/a/Printers/Multifunction-Printers-The-Forgotten-Security-Risk/

Sandra wrote this article for the online marketers Star Business Internet internet service provider and website hosting one of the leading Internet service companies specialising in business website hosting in the UK

?gclid=ckek2ny Ojmcfq9nbwodda3ivw
?streamyx=www&bang=fr9erzona&i=klang&isp=tanjung
Availablenow T
Login
?gclid=clo53z73nzmcfrs3egodszi4ra
Ez Streamyx
?gclid=cnggqz6qm5mcfrcdewodfhojqq
Ez
?gclid=coms0kfulzmcfrszewodvmkstq
Storev01 Ptalk1
?gclid=cldqzibknzmcfrc1egod Sfkra
?gclid=ckh2ge3pkzmcfrwbewodozeitg
Diagram02
Terms And Conditions
?gclid=cpx4zzkqnzmcfry1egodsk1nqg