| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Jan 2011 11:33:59 -0500 From: Michael Holstein <michael.holstein@...ohio.edu> To: Christian Sciberras <uuf6429@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Vulnerability discloses PIN used in Microsoft Excel secure printing >> Wtf, I've never heard heard of a 'secure' print :S >> >> Most large multifunction devices do this .. it's not "secure" in the traditional (crypto) sense of the word, it's just a part of the job sent via the postscript driver. Look at the PSD files for any large multifunction and you'll find the options for it. How it works is instead of printing the job immediately, it queues and holds until the operator goes and enters the code on the console .. so that you have time to walk over to the printer and grab it, versus having it sit there while you walk down the hall. What's interesting is that Excel is embedding the PIN (part of the printer driver) in the default printer settings it saves in the document metadata. The PIN itself isn't particularly private (it's sent in the clear when printing) but embedding it is dumb. Cheers, Michael Holstein Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists