Security Director Alert: Check for Unsecured Wi-Fi Printers

A group of hackers linked to Russian spy agencies are using "internet of things" devices like printers and internet-connected phones to break into corporate networks, Microsoft announced on Monday. more

We see this vulnerability at approximately a third of the corporations where we conduct inspections. It is a very common issue. Very dangerous. 

Q. "So, why does this happen so often?"

A. When initially outfitting the office the IT Department usually does a good job of turning on encryption for Wi-Fi Access Points, and the things connecting to them. 

Later, someone decides they need their own printer. It arrives. It is plugged in. Nobody thinks about turning on the encryption.

Often, the Wi-Fi feature of the printer is not even used, but it's on by default. The company network is now subject to compromise.

The only way to know if you have this issue is to look for it. Have your IT Department check periodically, or have us do it, but do it. ~Kevin

IT Director Alert - Patch Those Printers... now

Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers.
Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities simply by sending a fax.

In July, Positive Technology shared a proof-of-concept attack that shows how attackers can compromise a corporate network via installing a customized Xerox printer firmware on a targeted printer. 

In August, HP Inc. patched hundreds of inkjet models vulnerable to two vulnerable remote code execution flaws (CVE-2018-5924, CVE-2018-5925).

Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don't. more

Security Director Alert: Must See Video About Printer Security

My team and I have been giving the IT folks nightmares about this for years. 
Now, you can too!
Watch this... 
~Kevin

At a time when hacking dominates much of the news, HP is turning to Mr. Robot himself to highlight its new security platform designed to protect business printers. The Palo Alto-based company has tapped Christian Slater for a year-long digital series called "The Wolf" in order to draw attention to cybersecurity in the workplace.

"Sheep never realize a wolf's around until it's too late. Then they do exactly what the wolf expects them to do. They run into each other, they fall down—they become dinner. Time to eat," says a spectacled Mr. Slater in the series' 30-second trailer.


The first six-minute episode shows the actor lurking outside offices, sending sheep cartoons to oblivious workers, crashing birthday parties and sending suspicious spa gift certificates via email. At one point, he even howls. more

Security Director Alert: A Brilliant Answer to Shredding Security Worries, and Cost

Epson Develops the World's First Office Papermaking System
Turns Waste Paper into New Paper 
  
PaperLab promises to revolutionize office recycling by securely destroying documents and turning them into office paper using a dry process.

Seiko Epson Corporation has developed what it believes to be the world's first compact office papermaking system capable of producing new paper from securely shredded waste paper, without the use of water.

Epson plans to put the new "PaperLab" into commercial production in Japan in 2016, with sales in other regions to be decided at a later date.

Businesses and government offices that install a PaperLab in a backyard area will be able to produce paper of various sizes, thicknesses, and types, from office paper and business card paper to paper that is colored and scented.

Until now enterprise has had to hire contractors to handle the disposal of confidential documents or has shredded them themselves. With a PaperLab, however, enterprise will be able to safely dispose of documents onsite instead of handing them over to a contractor. PaperLab breaks documents down into paper fibers, so the information on them is completely destroyed. more



This could be the biggest information security news of the year for many corporations and government agencies. ~Kevin

Kangaroo Knocks Out Drone

The kids are scared. What's a mother to do?

Forensically Find Fake Photos Fast - Further Discussion

As most readers of the Security Scrapbook know, I do not sell products, nor do I profit in any way from items brought to your attention. The sole purpose when mentioning a product is to inform and educate. Sometimes, my readers provide additional insights and information. This helps all of us.

The other day I posted, "Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited." Wow! Cool stuff. Gimme, gimme.

Reality Check...
While this statement is technically accurate, one reader cautions that the company's other marketing information may lead one to expectations the product can not fulfill.

Read the review by Jim Hoerricks, and the response by Kevin Connor of Fourandsix Technologies, Inc.. Their discussion is very useful and illuminating, especially if you are in need of this technology.

P.S. The answer to the last "What's wrong with this picture?" (Rolling Stones album cover) is... "Former Rolling Stones’ bassist Bill Wyman was digitally removed from the cover..."

Next up...

What's wrong with this picture?

Video: Multi-Billion Dollar Industrial Espionage Explained

Real Life Example: Titanium dioxide is a commonly used substance. It is in paint, but also shows up in sunscreen and food coloring. Hundreds of thousands of tons are shipped around the world every year.

Decades ago, DuPont developed secret processes to make high-quality titanium dioxide in a manner that is less toxic than the traditional production method. The process, which made it the most efficient maker in the world, is a closely held trade secret. Global sales of the product, which is dominated by DuPont, are $12 billion annually.

Titanium oxide makers in China use an older, more toxic, less efficient manufacturing process. But in 2010, Jinzhou Titanium Industry announced that it had achieved high-quality status production like DuPont. That claim may be tied to the apparent theft of DuPont trade secrets. (more)

Security Director Alert - Networked Copiers & Cameras

Millions of copiers and printers in thousands of companies worldwide are ripe targets for cyberthieves in the hunt for sensitive business documents. 

Researchers from Web security firm Zscaler ran a simple search and easily located 118,194 Hewlett-Packard printer-scanners, 9,431 Cannon photocopiers and 3,554 D-Link webcams equipped as Internet-connected Web servers.

Any intruder could do the same thing, then take over control of devices protected by weak passwords, says Michael Sutton, Zscaler's vice president of research. The intruder could then steal images of documents stored in a copier's memory or take control of webcams placed inside a work area.

"I'd be surprised if attackers weren't already taking advantage," says Sutton, who released the findings Thursday at the Black Hat cybersecurity conference here. "They'd be foolish not to. It's just too easy." (more)

This is old news for our our client family; we warned them about this years ago. The fact that the media is finally paying attention means this espionage trick is gaining exposure. Expect more people to take advantage of it. Double-check your defenses. Electrons move fast. I wish I could tell you this is the only information security vulnerability around your office. It isn't.

Security Director Alert - Yet Another Printer Security Issue

Add one more device to the list of things you need to protect from hackers: The humble printer.

In two separate presentations scheduled for the Shmoocon hacking conference in Washington, D.C., next week, researchers will show how hackers can use printers to compromise a company's computer network. One presentation will reveal how poorly secured printers can even be grouped together to act as online storage for cybercriminals. (more)

Testimonial - The Photocopier Security Problem

"Regarding photocopier security, I recovered 8,308 files from a high-capacity Xerox copier in the summer of 2008. The copier was several years old, shared by perhaps two dozen employees, and had a 4 gigabyte IDE hard disk. I recovered both scanned and photocopied TIFF images from user activity as well as TXT, HTML, DOC, PDF, and GIF files. I also recovered about 900 email addresses and file names." ~ from a newsgroup posting this week by a professional electronic evidence recovery specialist.

Photocopier security is only one element of an overall counterespionage strategy. If your organization does not have one. (Or, if you are not sure of the effectiveness of your current one.) Please engage the services of an independent counterespionage security consultant. Don't know where to find one? Click here for a jump start.

Spybusters Tip #732 - Copy Center Warning

Many office photocopiers - especially the larger and networked models - store the data they copy on an internal hard-drive memory. While this is helpful, it also poses a very serious espionage vulnerability. Old copy jobs remain on the disk and may be easily reprinted by other people who have access to the machine. Even when the job is deleted the data remains on the drive waiting to be over-written. When the lease is up or the machine is sold anyone could get your information.

Recommendations...
1. Photocopy confidential information without using the memory feature. If this is not possible...

2. Use the delete feature immediately after photocopying sensitive documents. If the risk is extreme...

3. Photocopy using a simpler machine; one without an internal memory.

"If you don't wipe, they will swipe." ~Kevin

Some photocopiers have easily removable hard drives which may be placed in a safe at the end of the day. Others have disk wipe options available. Keep these options in mind when purchasing a high-end photocopier.

Manufacturer’s security solutions:
• Canon - imageRUNNER Security Kit   
• Sharp - Data Security Kit
• Xerox - Image Overwrite Option
• Konica Minolta - Security Strengthen Mode
• Lanier - DataOverwrite Security System (DOSS)
• Savin - DataOverwrite Security System (DOSS)
• Ricoh - DataOverwriteSecurity System (DOSS)
• HP - Security Documents (1) (2)

Still don't believe?

Watch this...

Print Center Blues

Want to know what expenses your boss claimed last month? How much your colleague makes? What the co-worker down the hall is really working on? 

Forget about hacking their computers – you might want to hit the nearest photocopier instead... copy machines in your office keep a wealth of copied data on a hard drive that anyone can hack. 

In the age of everything digital, the photocopier is probably the one workplace item you never thought to worry about. It's just making a copy of a document, right? How risky could that be?

Very risky, as it turns out. (more)

Most print center manufacturers have add-on security software; one option worth opting for.