lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <40B89236.77180D03@deaddrop.org>
From: shrdlu at deaddrop.org (Etaoin Shrdlu)
Subject: Printer Buffer Security??

[edited only for readability]

Dave Aitel wrote:

> Tiger Rhoades wrote:
> 
> | I'm trying to figure out if the Epson Color Stylus 800 printer
> | looses it's buffer memory when unplugged.  I've got to use it for
> | some classified processing and don't want to have to destroy it
> | when I'm finished.

Well, lucky you. Speaking as an ISSO (which for you, means that I can speak
with authority, rather like a lawyer quoting law to you), I can tell you
this. It isn't an option, as to whether or not the memory can be cleared.
It contains non-volatile memory. You do *not* have an option to restore it
to non-classified processing. Depending on your SSP, you may either remove
and replace the memory, or just leave the entire printer for classified
destruction. For those two people too lazy to get a dictionary:

http://www.webopedia.com/TERM/N/non_volatile_memory.html

> | Epson says that it won't retain any information once it's turned
> | off, but they can't tell me anywhere that they state that it
> | doesn't.

They lie. Who ever you are talking to may not be deliberately lying, but it
doesn't matter.

> | I was wondering if anyone knew a good place (internet
> | site/documentation) to find out which printers or if this specific
> | printer retains it's buffer memory when unplugged?

> Is "Strangers who answered my question on the Internet" among the
> sources you want to quote when you find out it does, even though you
> thought it didn't? This is one of those cases when you want to err on
> the side of safety, I think. It's just a printer.

Please note the good advice Dave is giving you here. You've already posted
from your work account (which has interesting headers), and you must
remember that this mailing list is archived in countless places, FOREVER.
The internet has a very long memory. Me, too.

Let me repeat this, so that it's clear. You do *not* have an option. If you
are handling even DoD confidential material, the memory needs to be
destroyed. That printer is only a piece of crap, anyway. Just put in an
order for new memory (or a new printer) now, and get on with it.

--
A Note From Chaos Manor:

http://www.jerrypournelle.com/quiz.html

Powered by blists - more mailing lists