Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: I Know What Your Office Equipment Did Last Summer... - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
I Know What Your Office Equipment Did Last Summer...

Yesterday there was a great article in the Toronto Star that discusses a potential security
risk that may not be obvious to some Business owners.  You can find that article here.

G.N. White
ISC Handler on Duty
 

G. N.

23 Posts
I found this article an interesting read but thought it curious that the angle was along the lines of "this is what is on your office equipment that you don't know is walking out the door".
But in my experience, why wait for the equipment to leave to worry about data spillage? You can likely find these kinds of vulnerabilities currently online and alive and well within your infrastructure.
Almost all of the networks I have had experience with were configured such that anyone could print from anywhere to anywhere. Very few had any kind of authentication on the front end of these printers like a centralized print server with some kind of active directory implementation or logging. (This is also great from the standpoint of figuring what account was used to print documents related to possible data leakage incidents).
We always talk about how the insider threat is the bigger and harder threat to detect. It is clear how a vulnerability like this could take a company down and possibly never know how their their inner-most documents ended up in the hands of competitors.
Personally, I would love to see a story of an executive who hires a hacker-come-personal assistant whose job is to simply exploit these kinds of vulnerabilities and make sure the executive always has that "edge" that keeps him on point and on bonus.

_MM_
Anonymous

Sign Up for Free or Log In to start participating in the conversation!