Slashdot Mirror
Xerox Confirms To David Kriesel Number Mangling Occuring On Factory Settings
An anonymous reader writes with a followup to last week's report that certain Xerox scanners and copiers could alter numbers as they scanned documents: "In the second Xerox press statement, Rick Dastin, Vice President at Xerox Corporation, stated: 'You will not see a character substitution issue when scanning with the factory default settings.' In contrast, David Kriesel, who brought up the issue in the first place, was able to replicate the issue with the very same factory settings. This might be a serious problem now. Not only does the problem occur using default settings and everyone may be affected, additionally, their press statements may have misled customers. Xerox replicated the issue by following Kriesel's instructions, later confirming it to Kriesel. Whole image segments seem to be copied around the scanned data. There is also a new Xerox statement out now."
Swapping numbers while copying may seem like bizarre behavior for a copier, but In comments on the previous posting, several readers pointed out that Xerox was aware of the problem, and acknowledged it in the machine's documentation; the software updates promised should be welcome news to anyone who expects a copier to faithfully reproduce important numbers.
69 dude!
Now if 6 turned out to be 9, ...if all the hippies cut off all their hair,
I don't mind, I don't mind,
I don't care, I don't care.
Dig, 'cos I got my own world to live through
And I ain't gonna copy you.
“He’s not deformed, he’s just drunk!”
Dude, read the thread linked in the summary, copying doesn't even work right.
Copying is still high quality.
Incorrect. The way these Xerox - machines work is that they first scan the document, then compress it and store it on the storage medium, and then use that compressed file to print out the copy from. It's braindead.
Yes, he did. If you'd care to read the story you would've known the answer without having to ask here and then complain about something that's not even applicable here.
The potential for damage with this kind of error almost can't be overstated. Besides errors in billing, construction, manufacture or products, medicine dosages, etc. already outlined, there are other likely problems:
Publications may contain wrong data.
Scientific conclusions may be based on wrong data.
Government policy may be based on wrong data.
Money may go to wrong accounts or be taken from wrong accounts.
You think you paid your taxes? The government may not agree.
Did this tool try to notify Xerox first or did he just start shouting from the mountain tops?
It isn't a security issue so the only purpose served by his going public without him contacting Xerox is to stroke his ego.
How would any of you like it if someone found a bug in your stuff and instead of notifying you, went to your managers and bad mouthed you?
You'd think he was a prick.
Why does he owe this courtesy to Xerox? Xerox isn't his coworker, Xerox doesn't have feelings. Xerox is a corporation. And corporations don't always fix problems, even serious ones, until they receive wider attention.
So should he have quietly alerted Xerox, then monitored their progress in fixing the problem, keeping the company apprised of how it was doing -- sort of an unpaid QA position? I guess that's an option, but not the only acceptable one.
I am not a crackpot.
It isn't a security issue so the only purpose served by his going public without him contacting Xerox is to stroke his ego.
It isn't a security problem? Seriously?
What if a doctor copies a prescription or your medical journal? Government officials copies personal information for use with a visa? Police officers copies statements? Or any other place where you'd want to copy something, that must be copied correctly?
Sure, it's not a computer security issue, but it's definitly, among other things, a security issue.
Corporations are people too!
Coming soon ... Xerox voting machines.
Your are making the mistake of imagining that the person who discovered this flaw owes Xerox something.
He does not.
He discovered the information, and he is free to (a) remain silent (b) tell Xerox (c) tell the press (d) tell everyone (e-z) anything else he likes. He might CHOOSE (b) but he is certainly under no obligation to do so, and it is of course incorrect for anyone to fault him if he does not choose (b).
We see this same mistake being made by the inferior minds who advocate the farsical concept of "responsible disclosure" when it comes to security issues. There is no such thing. There never has been. It's simply a fabrication by the mouthpieces of corporations who fret about bad publicity or negative impact on their stock price. Those who say they practice it are conceited and arrogant: they are making the foolish mistake of presuming that they, and they alone, possess this information, even though that's almost certainly not true. (What one can discover, another can discover.)
In all these cases, what we find are people who are afraid of the truth. They are afraid to speak it, afraid to hear it, afraid to have it propagated, afraid that others may have it: afraid, afraid, afraid. This is antithetical to the scientific method, to free speech, to forward progress: we must have the truth, no matter how inconvenient or unpleasant, if we're going to get anywhere.
I'm sure that some of the people at Xerox are furious about this. That's just too damn bad. If they want to find the root cause of their anger, they should look in a mirror, as it is their incompetence, sloppiness, laziness and negligence that has made all this happen.
Do you work, or have you worked, directly for Xerox on these sorts of products?
No, but I do possess a skill most people in this modern world seem not to possess: I can read stuff.
If you have not, how did you come upon this information? Is it based on actual specifications or design documents? Or is it based on speculation?
http://arstechnica.com/information-technology/2013/08/confused-photocopiers-randomly-rewriting-scanned-documents/
They meant to admit this to the public last week, but their press release got its letters changed around for some reason...
At the federal level, our entire legal system is based on the concept that a machine copy of a document is as good as the original. In addition to all the other problems pointed out by other readers -- engineering errors, medical errors, financial errors, this type of error also greatly harms our legal system as well. A problem since the legal system is essentially the operating system for our society. I don't see how Xerox is going to survive the wave of lawsuits that is going to follow. They need to immediately warn everyone to stop using their systems, and then recall all affected units. Going forward, I suspect that the name "Xerox" will now mean: "to mangle or randomly distort".
I am a Xerox technician.
Yes, some models store and compress jobs before printing.
Dude, read the thread linked in the summary, copying doesn't even work right.
Says you. I advised one of my clients to get one of these machines when this issue was first made public. This "feature" gives them plausible deniability for the numbers in their documents to be wrong when they submit them to various entities.
I should send a big bouquet of flowers to Xerox. Falsifying documents is not falsifying documents when the copier does it.
http://www.dkriesel.com/en/blog/2013/0808_number_mangling_not_a_xerox-only_issue
And one of the comments to that posting says:
I have experimented with the open source jbig2enc library available at http://github.com/agl/jbig2enc, which has a encoding parameter called the “threshold”, described like this:
“sets the fraction of pixels which have to match in order for two symbols to be classed the same. This isn't strictly true, as there are other tests as well, but increasing this will generally increase the number of symbol classes”
The included command tool accepts values for this parameter between 0.4 and 0.9, with 0.85 as the default.
I have found replaced digits in single-page numerical tables encoded with this parameter set as high as 0.82. As with the other examples you have found, the errors are not in any ways obvious to the eye which is, of course, the real problem.
Since JBIG2 has been supported in PDF since 2001, it would be surprising if only Xerox have fallen into this trap.
It is not brain dead. It is the only way the copier can efficiently forward the image to the NSA.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
It's the scanner bit. Basically it applies a heavy amount of compression to the final result by looking for blocks that match and duplicating them. Which is all fine until the copier sees what it thinks is a 0 but is actually an 8.
You are not alone. This is not normal. None of this is normal.