A Hacker Just Pwned Over 150,000 Printers Exposed Online

Last year an attacker forced thousands of unsecured printers to spew racist and anti-semitic messages. But this year's attack is even bigger. An anonymous reader writes: A grey-hat hacker going by the name of Stackoverflowin has pwned over 150,000 printers that have been left accessible online. For the past 24 hours, Stackoverflowin has been running an automated script that searches for open printer ports and sends a rogue print job to the target's device. The script targets IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.

The printed out message included recommendations for printer owners to secure their device. The hacker said that people who reached out were very nice and thanked him.
The printers apparently spew out an ASCII drawing of a robot, along with the words "stackoverflowin the hacker god has returned. your printer is part of a flaming botnet... For the love of God, please close this port." The messages sometimes also include a link to a Twitter feed named LMAOstack.

Oh, the humanity!

[Latent+Heat]

Of all the bad outcomes of a printer being hacked, that it "spews" racist printouts (everything racist, I guess, is spewed) until you switch off the printer or fix your security doesn't seem to be the worst thing?

Does your printer keep spewing pages that you find offensive until you make a Bitcoin payment to a racial supremacist group?

Re: Oh, the humanity!

I hope the dipshit plants a few trees to compensate for the 390 reams printed.

Re:Oh, the humanity!

Color prints of Dollar-Bills could be another Story...

Re:Oh, the humanity!

Don't bother logging in to comment if you don't understand that modern printers have a CPU inside capable of universal computation.

Re: Oh, the humanity!

[will_die]

with the price of printer ink and the size of blank paper some printers hold you could cost a company a few hundred dollars. even more uf someone refills tge unk and paper and allows the job to continue.

Re:Oh, the humanity!

Modern, you say. The first mass-marketed Turing-complete networked PostScript laser-printer was the Apple LaserWriter introduced in 1985. Are you aware that 1985 was 32 years ago?

Re:Oh, the humanity!

Did he say "modern printers have", or "only modern printers have"?

Re: Oh, the humanity!

[Mashiki]

FYI: In the west, trees are planted just after harvest. That's why we have sustainable forestry in the first place.

Re: Oh, the humanity!

Maybe he _intended_ to say "modem printers" and everyone just assumed that his printer was dirty. (Like printing "kerning" and having it look like "keming".)

Re: Oh, the humanity!

[cthulhu11]

Forests are clearcut and monoculture tree farms planted. Sustainable only in weakly relative terms.

Re: Oh, the humanity!

[RockDoctor]

Speak for yourself in the West. Here on the East side of the Atlantic, we've long known the demerits of forestry monoculture, and haven't done that for some 40 years. Of course, that also means that we've got 80-odd years of monocultures to work through, but forestry practice has included dotting other species into any spaces that come available though wind-blow, trail cutting etc. Which isn't perfect, but that argument was over a generation ago in professional forestry management.

Re: Oh, the humanity!

[eric_harris_76]

The paper companies will do it for him. (Turns out, they sell paper made from trees. Who knew?)

Let's hope that paper is sequestered in a landfill, keeping the carbon in the cellulose away from oxygen.

Uh, wait

[DivineKnight]

Are a bunch of printers on the Internet with public IPs (a thought that previously has never crossed my mind, as it's not even a criminal offense...we'd need to invent a new category for it)?

Re:Uh, wait

IPv6 most probably , and/or port forwarding on IPv4 for some stupid reason

Re:Uh, wait

From the images on Twitter, looks like several are POS receipt printers.

https://twitter.com/lindsucks/status/827665984467066880/photo/1

https://twitter.com/summer_fuss/status/827881901591506945/photo/1

https://twitter.com/faithers99/status/827920542007037955/photo/1

https://twitter.com/lttle_wolf/status/827904686472699904/photo/1

Smart way to run a business y'all.

Re:Uh, wait

[cusco]

Oh, most certainly, some of them in branch offices of multinational corporations. The better ones have hard drives for storing print jobs, FTP and configurable web pages, etc. I know of one local company which was appalled to find that their printer was being used to host a kiddie porn FTP site.

This is actually a fairly common configuration when the IT guy doesn't know how to set up a VPN (don't they teach that in computer classes any more?). They just drop it on the outside of the firewall, maybe set up DDNS from the built in configuration, and VIOLA! Now their clueless boss thinks they're a wizard because they can print from anywhere.

More disturbing to me is the amount of security equipment hanging off the Internet, an appalling amount of it with default or stupid passwords. I'm a physical security professional, key cards, security cameras, alarm systems, and the like. On the LinkedIn forums the question is fairly often posed "How do I let my customer view video from off-site?" Nine out of ten of the resulting answers are, "Put it on the Internet outside the firewall and configure DDNS." A ridiculous percentage of the IoT DDOS attack last year consisted of security cameras and DVRs/NVRs.

Re: Uh, wait

[cthulhu11]

I wonder how the hell these things are exposed. Residential and small business CPE does NAT and non-routeable space. Larger businesses with routable space manage theirs or pay someone too. I can only guess colleges, who have routable space and snooty faculty who prevent security.

I think I know...

[_xanthus_47]

CmdrTaco is that you?

This keeps happening because mfgs won't fix it

[El+Cubano]

I've been giving some thought to this whole botnet epidemic. It occurs to be that there is a very straightforward solution:

Every manufacturer, software vendor, etc., should ship their hardware, software, device, etc., in a mode in which all remote/external access is completely disabled. Then the user would be required to at least take a positive action to enable the remote or network capability.

However, I am relatively certain this won't happen, for these reasons:

1. If people can't just &plug and play" their devices, then the manufacturer will end up having to bear a greater support burden (i.e., more people calling with problems like "I can't make my printer work on the WiFi")
2. If people have more problems many will complain, costing the manufacturer brand reputation
3. The way things currently stand it is cheaper for the manufacturer, and when things go wrong the customer bears the cost of cleaning up the mess
4. The vast majority of people either never have a problem or never realize that they have a problem (i.e., they are on a private network, a techie friend or family member does the setup and properly secures the device, etc.)

Given that manufacturers are in no rush to do anything that costs them more money (hardware margins are razor thin for just about every hardware company not named "Apple"), I really don't see this changing anytime soon, which is sad because this sort of mentality is making the Internet a worse place for everyone all around.

Re:This keeps happening because mfgs won't fix it

You have something there, and maybe this is a worthwhile analogy:

I have mod points, but how can I use them?

Re:This keeps happening because mfgs won't fix it

[AmiMoJo]

One simple way this kind of attack could be mitigated would be to simply limit connections to the local IP subnet. Requests from other subnets would be ignored unless the user had configured and set a password.

Most people only want to use the printer locally.

Re:This keeps happening because mfgs won't fix it

If people can't just &plug and play" their devices, then the manufacturer will end up having to bear a greater support burden (i.e., more people calling with problems like "I can't make my printer work on the WiFi")

That's a burden?
Isn't that Microsofts ENTIRE business?

User unfriendliness is a business venture in itself.

Re:This keeps happening because mfgs won't fix it

[CaptainDork]

This.

The cure for botnet infections and data breaches is litigation.

Re:This keeps happening because mfgs won't fix it

I really don't see this changing anytime soon, which is sad because this sort of mentality is making the Internet a worse place for everyone all around.

Yep, a necessary evil for change to happen. People don't care about security. Heck most people don't know that if they put the damn thing on the network, that someone else could use it. They think it's secured "automagicly."

(No seriously, they do. I once showed someone that (as the network admin) I could access anything on their network storage and copy it indefinitely without their knowledge. Their mind was blown, as they thought that I couldn't have the possibility of doing that.)

Long story short, until it effects enough people there will not be change. That's what happens when money not people rules the world. People's lives, safety, and security become afterthoughts if they are thought about at all.

Re: This keeps happening because mfgs won't fix it

The cure for something that moved and changed near the speed of light is a thing that moves at a glacial pace and isn't dynamic at all?

We're fucked.

Re:This keeps happening because mfgs won't fix it

[tlhIngan]

Uh, disabling those protocols means the printer won't print at all, since many printers in corporate and home settings already are networked and not connected via USB or other things.

The bigger question is - how come said printers were hooked up to the Internet directly? Even the most basic firewall would fix it. For home users, said printer will be on WiFi or Ethernet, behind their NAT router, so all is good. And on a corporate network, it too should be behind the firewall and blocked.

Did some company f**k up and have their corporate network completely unfirewalled and exposed? I mean, what possible reason is there for having a printer open? Road users should VPN in (and really, on the road they don't usually need to print to a printer at corporate HQ).

Re:This keeps happening because mfgs won't fix it

[cusco]

how come said printers were hooked up to the Internet directly?

Stupid/lazy IT guy and stupid/lazy bosses. Boss wants to print from his laptop when he's lazing in the coffee shop downstairs. Too stupid and/or lazy to use a VPN, so the stupid and/or lazy IT guy (probably a contractor) drops it outside the firewall. I've been told to do this with security equipment so that the customer could view their cameras from home, and refused. Customer was pissed off. My boss was pissed off. Customer's IT staff thanked me and wrote a letter of appreciation to my employer.

Re:This keeps happening because mfgs won't fix it

[RockDoctor]

how come said printers were hooked up to the Internet directly?

Stupid/lazy IT guy and stupid/lazy bosses.

Or, as likely, non-existant IT guy(-ess) and a boss that simply doesn't understand that there is a question here. Until the printer starts spewing a page of "your printer is fucked up" every few hours.

Nope, I'd agree with the classification of this guy as a "grey hat".

Botnet?

[caution+live+frogs]

Having port 9100 open doesn't make my printer part of a botnet. It just allows me to print from anywhere. I often set the printer as the DMZ address on my network, because I'd rather have people sending crap at a printer than at my actual computers. This kind is crap is really annoying, not helpful. We COULD turn off external printer ports, but in some cases they are needed or desired. Wasting paper tellling me the port is open? Stupid. Pressuring printer companies to implement a way to only allow authenticated users to print to external ports? Knock yourself out.

(If your printer has the web configuration/admin page unsecured, or telnet config open - that's a different story.)

Re:Botnet?

[OrangeTide]

Remember when fax machines printed immediately so that anyone in the world could waste a few sheets of your paper?
We didn't consider that a security issue either.

Re:Botnet?

We did when the paper triggered the motion sensor security alarm.

Re:Botnet?

[Bert64]

On some models of printer, port 9100 can do a lot more than just accept data to be printed...

For instance, some Xerox printers let you upload firmware updates via port 9100, and vulnerabilities exist allowing remote code execution (see https://www.exploit-db.com/exp...)

Printers are fully capable computers, having processors far more powerful than even highend servers from a few years ago. If someone gains the ability to execute arbitrary code on one, then they have a foothold on your network capable of launching further attacks against other hosts.

Re:Botnet?

[guruevi]

You know CUPS and any self respecting laser printer have had authentication and encryption for like ages. You could even run CUPS on your router and allow your computer to print from anywhere on the Internet.

On the other hand, this is indeed not a hack, this is just a public printer server.

Re:Botnet?

[athmanb]

The question is how confident are you that your printer firmware doesn't have a buffer overflow exploit that allows random code execution?
Considering that the average printer gets patched just about never, I wouldn't be.

Re:Botnet?

[haruchai]

Remember when fax machines printed immediately so that anyone in the world could waste a few sheets of your paper?
We didn't consider that a security issue either.

A few sheets? Ever heard of the Black Fax Attack?
Pranksters used to loop black construction paper through fax machines so that the recipient would run out of toner or have their machine gummed up real good.

Re:Botnet?

[aaarrrgggh]

Just set up a VPN already. Unattended devices should have zero unfiltered WAN access.

What is really needed is advanced network security for dummies-- things like an LCD display on your router to hand out tokens for computers to access the WAN, and 802.1x to segment each machine into a different VLAN unless the traffic is valid.

Re:Botnet?

[eneville]

This.

The message needs to use words that the reader will react to. If 'botnet' wasn't used, would this even had made news?

Re:Botnet?

or you could just turn off the DMZ option?

Re:Botnet?

[nnull]

This! I don't understand why these printers are left out in the open? Or why are they being DMZ'd? I don't understand this mentality.

Re:Botnet?

[fisted]

I often set the printer as the DMZ address on my network, because I'd rather have people sending crap at a printer than at my actual computers.

This is the dumbest thing I've read in a while.

Re:Botnet?

The bigger problem is that there is no way to re-install a printer from official firmware. New firmware can only be installed through the running firmware, which could ignore the new firmware, accept the updated version number, but ignore everything else, or even accept the new firmware but re-insert it's backdoor while installing it. Your only chance is using the same hardware tools used to get the very first firmware in, and these tools are not standard and usually intellectual property, the kind of IP companies need to keep secret to keep it theirs.

Re:Botnet?

[hawk]

>For instance, some Xerox printers let you upload
>firmware updates via port 9100, and vulnerabilities
>exist allowing remote code execution

Damnit, I *knew* I should have listened when he warned me not buy the gatling gun with servos option . . . :)

hawk

Re:Botnet?

[swillden]

I often set the printer as the DMZ address on my network, because I'd rather have people sending crap at a printer than at my actual computers.

You don't want people to send crap to your actual computers, so you open a huge hole through your firewall, right into a powerful computer that has horribly buggy, rarely-updated firmware and frequently communicates with all of your actual computers, through their (also likely buggy) print drivers -- which on many systems execute with system permissions?

You need to rethink that strategy.

My recommendation (with some caveats, see below) is to use Google Cloud Print. Your printer opens a secure (TLS) outbound connection to a Google server, from which it receives print jobs. No need to open any inbound ports. Likewise, when you print your print jobs are send from your computer (or phone / tablet / Chromebook, works on all of them) over a secure connection to a Google server, which queues them for delivery to your printer.

Just like your solution, you can print from anywhere. More conveniently, you don't need to know your home IP address (or have DNS set up), and you don't have to fiddle with your firewall configuration. The downsides are (1) you need a printer that supports Cloud Print (or have it connected to an always-on computer -- not a good option, IMO) and (2) you have to be comfortable with letting Google see your print jobs -- and, theoretically, datamine them. AFAIK that doesn't actually happen, but you should assume it does. Personally, 99% of what I print is content written in Google Docs anyway.

Re:Botnet?

[gerf]

Problem is that some firmwares make it so that I can't use remanufactured toner cartridges (e.g. my Samsung CL-325W). Thanks DRM and the DMCA.

Re:Botnet?

Black Fax Attack? Is that the one where they put the pyrus with the virus in the printer with the pestle, and the Canon with the LAN in holds the queue that is true?

Re:Botnet?

That's what's so irritating. The message lies about what it's doing. It's not a botnet. It's not pwning the printer. It's the network equivalent of running up to someone's house, pressing the doorbell, and running away. It's not helpful.

I left port 9100 open because I didn't want to deal with the hassle of specifying particular machines as the only ones that could access the printer. It was lazy. Is that a *serious* security flaw? Not as bad as it sounds, because there's a router in front of the printer that's filtering everything out except for port 9100 traffic, which it is forwarding to the printer. What could you do with that? Not much unless there's a specific flaw in that protocol for that printer. I already checked the printer for exotic things like updating firmware or other things that could be done over that port. I disabled them. If you did take over the printer via a flaw it wouldn't be able to do much from behind the router unless it's also outgoing port 9100 traffic, though I suppose it would be a foothold to get started on trying to hack the router from the other side.

I left the port open intentionally, he's sending print requests to it. Like the doorbell, the printer is doing what it is supposed to do. It has run that way for close to 10 years without incident until some idiot decided to waste my paper. Resolution? I'll filter by subnet on the router or put in the relevant IPs, which *still* isn't secure but will end this pointless "hack". Until then I just turned the printer off until I actually need it.

I suppose this guy is drawing attention to the possible vulnerability of networked printers, but bragging about "hacking" the printer and claiming it is part of a botnet is misleading people about what is actually happening. The message doesn't accurately describe the problem or give anyone less knowledgeable a solution to the problem. Thus, for 90% of people affected by this it will amount to nothing but a huge waste.

The real flaw this nonsense exposes is lack of filtering of outside print requests at the domain level, which probably should default to blocking it unless specifically enabled by VPN or other techniques. People will update their rulesets and block this guy's requests en masse. I hope that like the person running around the neighborhood pressing everyone's doorbell for kicks he gets cited for being a nuisance. Junk printouts aren't much different from junk faxes.

Re:Botnet?

The message could have informed people about what the vulnerability actually was and how to go about fixing it rather than lying about it. Instead we've got the equivalent of someone pressing all the "unsecured" doorbells in the neighborhood. I suppose if someone half way around the world can press your doorbell it would get annoying enough so fast that a manufacturer would have to come up with a solution, but it's still pretty silly to lie about what's actually going on and to take the opportunity to brag about it as if it's some kind of "l33t" accomplishment.

Re:Botnet?

[RockDoctor]

My recommendation [...] is to use Google Cloud Print. Your printer opens a secure (TLS) outbound connection to a Google server, from which it receives print jobs. No need to open any inbound ports. Likewise, when you print your print jobs are send from your computer (or phone / tablet / Chromebook, works on all of them) over a secure connection to a Google server, which queues them for delivery to your printer.

And if the data I'm printing is both commercially confidential AND detrimental to the interests of US-based companies, and regulated by countries that are not the USA, and I have stringent confidentiality clauses in my contract?

Actually, I've had exactly this conversation with computer techs from the American company on whose premises we were working when they wanted to use our (the company that was renting them and their equipment) printer as a backup in case their printer went down. And he'd already accepted why I refused to give them access to the confidential data.

Re:Botnet?

I'd rather have people sending crap at a printer

You'll change your mind the moment some sick f**k sends CP to your printer.

And what is to keep the government from doing that to plant evidence and set you up? The government has tried it before.

Re:Botnet?

[OrangeTide]

Teenagers egged my house, let's call the SECRET SERVICE!

If you hack my printer

[OrangeTide]

I'll throw it out because I don't use that thing anymore. I can't even imagine what I would need with hardcopies anymore.

Re:If you hack my printer

Invoices, permits, tax forms, things that actually deal with making money.

Re:If you hack my printer

Billionaire bloggers don't invoice, the ad networks direct deposit their winnings. Billionaire bloggers don't need permits, they never ask permission. Billionaire bloggers don't pay taxes, because they're billionaires.

Re:If you hack my printer

Maybe if a faggot like you would take that dick out of his mouth for a few minutes maybe you could figure it out. Faggots like you don't know anything aside from how to suck cocks and take it up the ass. Dirty little faggots like you have no place in a civil society.

Ah, printers, the grand-fathers of IoT insecurity

[ffkom]

Printers were probably the first devices to be connected to the Internet in vast amounts without any consideration of security. Things do not seem to have changed.

just tie up someones phone with end less faxes!

[Joe_Dragon]

https://www.youtube.com/watch?...

So what?

[ddtmm]

A bunch of printers publicly available on the internet. And that's the manufacturer's problem? This has noting to do with anything other than some people setting up their printers for public access, intentionally of accidentally. Noting to see here...

Re:Ah, printers, the grand-fathers of IoT insecuri

[sims+2]

At work we have open wifi to date the most interesting thing I've seen connected to it was an HP printer.
Why is that interesting?

Because as best as I can tell the printer is somewhere the next city block over we only noticed because stuff here started offering to print to it.

The public wifi also shuts of at 6PM so maybe it's a business? IDK.

Haven't had any problems with people printing stuff to our printer however due to the network size and having more than one printer of the same model we have had issues with accidentally printing to a printer in the wrong building.

Giant Penis (attention grabber)

Funny story, third hand but from a source I 100% believe.

Walking back from a bar to his car in the downtown of a mid-size American city a friend of my friend notices open WiFi. *Score!* He connects to the network and gets a list of connected devices. He sees the usual stuff, but also something he'd never seen before. He does a quick search and finds out it's a commercial banner printer. It does 600dpi prints up to 30" wide off of rolls that can be 250' long. *SCORE!*

At this point WiFi is pretty new to most people, and security is barely on anyone's mind. He does a relatively nice thing - he finds a standard HP Laserjet and prints off a letter explaining that their WiFi is open, their 5-figure printer is exposed to the world, and it would be a really good idea to fix that. He even gives them a link to their AP's documentation showing how to set up password access.

As you might imagine, he was a pretty frequent visitor to the bar - so he watched and waited for a while. Seeing no change in their openness, he repeated the warning letter and made it pretty clear they should take the potential for damage seriously. He ended up traveling away for work reasons, and when he returned over two full weeks later he was eager to return to his local spot.

Of course there was still no change in the open network, and the printer was still available. After some thought, he got pretty well inebriated, and knew exactly what to do. He downloaded the printer's driver software to his laptop, found a good high resolution picture and printed a 30' long veiny erect penis on their big buck banner printer. The next week, the WiFi was password protected at that location.

Re:Giant Penis (attention grabber)

All this anecdote says is illiterate people understand photos.

Re:Giant Penis (attention grabber)

Sure, I believe that is a true story... #alternativefacts

A new meaning to "reams" of paper?

[Latent+Heat]

At least it wasn't as offensive as racist slogans?

Re:Ah, printers, the grand-fathers of IoT insecuri

It seems that these days it is hard to find a laser printer that can connect directly to a computer via USB. They all seem to be made to be network only printers. I don't want my printer to connect to my home network via Ethernet cable. A Wi-Fi connection for a printer is definitely NOT happening! I don't print much, and only print from my desktop computer.

People are catching on that ink for inkjet printers is a huge ripoff! An inkjet cartridge with a few millilitres of ink can cost as much or more than a laser toner cartridge that will print 2000 or more pages. So more people are buying laser printers to use at home. Most home users will probably only ever want to print from one computer, so a networked printer is not needed. Even if a family wants to be able for all its members in the house to print to one laser printer, a connection to the local network (but not to the internet) is all that is needed.

Not everything in the home needs to connect to the internet! Most of this IoT crap is nothing but devices that can spy on their purchasers and send data to their real owners, the companies that made them.

this in a printer being printed to not a hack!

[Joe_Dragon]

this in a printer being printed to not a hack! It's just that some people have them with PUB IP's now with IPV6 and an ISP router it may be giving out pub IPv6 ip's with DHCP.

Re:this in a printer being printed to not a hack!

[CaptainDork]

Semantics.

It's illegal in the US:

Unauthorized access" entails approaching, trespassing within, communicating with, storing data in, retrieving data from, or otherwise intercepting and changing computer resources without consent.

Re:this in a printer being printed to not a hack!

Semantics.

It's illegal in the US:

Unauthorized access" entails approaching, trespassing within, communicating with, storing data in, retrieving data from, or otherwise intercepting and changing computer resources without consent.

In other words, it actually is not illegal. Because I got consent. The printer gave it to me. I asked the printer "hey, print this document" and the printer said "ok!".

It's like if you give a house key to the person you are dating, later break up with them, but forget to change your locks. It isn't my fault if your ex hosts your place on AirBnB while you are out of town.

who does this?

anyone who opens their printer to the internet deserves it.

Nothing new

In 1998 I was in university during what i like to call the internet middle-ages. The unwashed masses were already flooding and the bubble was inflating. Anyway, security and IT practices were sloppy at my uni. They had big HP printers in a few of the labs for students to print their work for submission. So l find that the printers were all on a public IP's and no passwords on the jet direct console. They didn't throw out prints right away, just put them aside or in a bin. So that night I go home and setup one of the printers on my PC and printed a page that someone wouldn't think twice about. I go in the next day and had to the lab and soft through the discarded pile. Bingo, my print. Oh joy. I found the IP of as many printers on campus as I could and proceeded to terrorize them with hundreds of prints of goatse and other extremely unpleasant things. Within a week they closed the ports on the router. I also took the liberty of changing the admin passwords on some of the printers and then changed their IP so they couldn't print. Took them a week to sort it out. Also didn't help them that I worked in the IT Dept for the engineering Dept and knew all their IP address and the head of IT was lazy and let his alcoholic subordinate do all the work. Fun times.

Re:Ah, printers, the grand-fathers of IoT insecuri

Your comment's title is hilarious

Another anecdote

[Megane]

Back in the early 2Ks, I worked for a certain networking gear manufacturer who gets confused with a food service company. Two or three times, a particular virus popped up that looked for open Windows file shares and would drop a copy of itself on said file share, naively hoping that a moron would later see it and click on it. Well, some bright spark had decided that for some reason, printers needed to be set up as a pseudo file share. This would then dump raw ASCII to the printer. (I suppose it might have been possible to get into some HP graphics mode with the right escape characters)

The problem was that in this mode, a form feed character would cause a page eject. Now imagine what happens when a binary file is thrown at this. We had at least one printer (I think it was an LJ4 series) wear out from all the pages it was quickly spewing if its paper tray was particularly well filled.

Read the latest research in printer security?

[l1404223]

Using a public printer to "print" is the least evil thing you can do. Read this weeks research on printer security: http://hacking-printers.net/ https://github.com/RUB-NDS/PRE... Whenever you can print a document on a printer (for example, using port 9100 or cross-site-printing from a malicious website) you can do much worse stuff like: - Capture print jobs (all PostScript printers since 32 years are vulnerable!) - Access the file system (most PostScript printers allow this, some PJL devices do) - Dump the printer's NVRAM or memory ("feature" of all Brother laser printers and some Xerox devices) - Obtain credentials for Scan-to-Mail, Active Directory etc. stored on the device (Brother, OKI, some HPs, ...) - Install new firmware on the device (modification however is difficult as many vendors use code-signing) - Destroy the printer's NVRAM using legitimate PJL commands (various HP, Brother, Lexmark, Dell, Konica Minolta, ...)

PWNED in ARTICLE HEADLINE?

EditorDavid's home page.

Spewing?

[Latent+Heat]

So the issue at hand is that the printer hacking used up printer supplies and that the hacked pages were racist, misogynist, homophobic, homoerotic, xenophobic, jingoistic, pornographic, plain disgusting, or simply annoying are peripheral concerns?

Think of the environment

[GeezerGeek49]

He just caused printers to use about 18 trees worth of paper.