[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing
- To: Christian Sciberras <uuf6429@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing
- From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
- Date: Mon, 31 Jan 2011 11:33:59 -0500
>> Wtf, I've never heard heard of a 'secure' print :S
>>
>>
Most large multifunction devices do this .. it's not "secure" in the
traditional (crypto) sense of the word, it's just a part of the job sent
via the postscript driver. Look at the PSD files for any large
multifunction and you'll find the options for it.
How it works is instead of printing the job immediately, it queues and
holds until the operator goes and enters the code on the console .. so
that you have time to walk over to the printer and grab it, versus
having it sit there while you walk down the hall.
What's interesting is that Excel is embedding the PIN (part of the
printer driver) in the default printer settings it saves in the document
metadata.
The PIN itself isn't particularly private (it's sent in the clear when
printing) but embedding it is dumb.
Cheers,
Michael Holstein
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/