lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <40B89236.77180D03@deaddrop.org> From: shrdlu at deaddrop.org (Etaoin Shrdlu) Subject: Printer Buffer Security?? [edited only for readability] Dave Aitel wrote: > Tiger Rhoades wrote: > > | I'm trying to figure out if the Epson Color Stylus 800 printer > | looses it's buffer memory when unplugged. I've got to use it for > | some classified processing and don't want to have to destroy it > | when I'm finished. Well, lucky you. Speaking as an ISSO (which for you, means that I can speak with authority, rather like a lawyer quoting law to you), I can tell you this. It isn't an option, as to whether or not the memory can be cleared. It contains non-volatile memory. You do *not* have an option to restore it to non-classified processing. Depending on your SSP, you may either remove and replace the memory, or just leave the entire printer for classified destruction. For those two people too lazy to get a dictionary: http://www.webopedia.com/TERM/N/non_volatile_memory.html > | Epson says that it won't retain any information once it's turned > | off, but they can't tell me anywhere that they state that it > | doesn't. They lie. Who ever you are talking to may not be deliberately lying, but it doesn't matter. > | I was wondering if anyone knew a good place (internet > | site/documentation) to find out which printers or if this specific > | printer retains it's buffer memory when unplugged? > Is "Strangers who answered my question on the Internet" among the > sources you want to quote when you find out it does, even though you > thought it didn't? This is one of those cases when you want to err on > the side of safety, I think. It's just a printer. Please note the good advice Dave is giving you here. You've already posted from your work account (which has interesting headers), and you must remember that this mailing list is archived in countless places, FOREVER. The internet has a very long memory. Me, too. Let me repeat this, so that it's clear. You do *not* have an option. If you are handling even DoD confidential material, the memory needs to be destroyed. That printer is only a piece of crap, anyway. Just put in an order for new memory (or a new printer) now, and get on with it. -- A Note From Chaos Manor: http://www.jerrypournelle.com/quiz.html
Powered by blists - more mailing lists