back to article EU security agency warns over insecure printing

Reckless printing isn't just creating a huge carbon footprint by turning forests into the contents of landfill sites via office rubbish bins. Running off copies of documents also creates a forgotten security risk, according to ENISA, the European Network and Information Security Agency. A survey of 350 European business by …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    OK - I'm convinced....

    ... but I'm not the end-user - and they are all cretinous morons.

    7 years ago I was fitting out a building for 500 people over 3 floors. The design was such that no-one was more than 10 metres from a printer - 4 printers per floor. Printers had secure printing by default. Cartoon picture training provided etc.

    Users moaned about having to "walk miles" and remember a "huge code" (4 digits) endlessly. IT dept stood firm, no more printers so they went and got their own insecure expensive-per-page local printers and bitched about the centrally provided printing ad infinitum. Then started whining about the local printers dying because they bought printers with low duty cycles rather than the 30ppm beasts we fitted.

    How about eliminating some of the security risks inherent - .303 between the eyes of the users incapable of using the technology.

  2. Nomen Publicus
    Thumb Down

    Duh?

    So, the EU has finally discovered dumpster diving? They'll be worrying about this interwebnet thing next.

    Remember to remind any Irish friends to vote against the Lisbon treaty.

  3. Matt

    Good point AC but

    It's been a while since I worked with any large customer where you didn't need to swipe your badge before the printer would print Of course that saves paper but adds to lost time standing around waiting for the print ;-)

    The only time this sort of thing works is if you can change the way people think. That is to say you make them want to use less paper or be more secure. If they don't want to they'll find a way round you which'll probably be worse than what they were doing originally!

  4. Anonymous Coward
    Anonymous Coward

    RE: OK - I'm convinced....

    Hehe, had a similar thing at a previous job, swapping out the deskside printers for MFDs at a london local authoritys town hall. Suffice to say the users went mental.

    Suffice to say they threatened to buy their own equipment.

    Suffice to say it was arranged that this would be a security and health and safety risk through changes of support regs, and thus forbidden.

    Suffice to say there have been very few 'leaks' from this area to the local papers since then, now that they all have PIN controlled MFDs and you can't just pick up printouts from peoples DeskJets.

    Users - death is too good for 'em...

  5. Nic Brough
    Unhappy

    Drive by printing

    My last office had MFDs hooked up to the network. You print, then go to whatever printer you feel like, swipe your security card, and then it prints.

    More secure and more green than the old "print to printer x" set up. But the managers whined (the geeks were perfectly happy, all they ever printed was their CVs anyway), they got their static printer names back, and by the time I left, they were back up to around 90% of prints never being picked up, and leaving confidential papers in public recycling bins.

    I'm sure there's a phb joke somewhere - why don't we have a Dilbert icon?

  6. James Anderson
    Unhappy

    What security risk?

    99.9 reccuring % of printed documents are so boring as to represent a health hazzard.

    When was the last time you saw anything remotly interesting sitting on the office printer?

    The EU really needs to apply some basic quality control over the drivel thier overpaid drones produce.

    More importantly the UK civil sevice really, really desperately, needs to learn how to ignore this drivel just like all the other EU members do. Honestly they never actually expect anyone to pay any attention to this rubbish, they are only churning out documents to meet some internal words per year target and are too busy filling in expense claims to enforce anything.

  7. Anonymous Coward
    Flame

    there's such a thing called secure printing!!!!!!

    my last job in a large banks hq - well there was no such thing as thing as secure printing, it was basicly in the wing i worked in - three networked hp printers just churning off printing most of the day. The amount of customer data that i saw, was unbelievable - espcially when there were secure disposal bins next to the printers!!!!!!

  8. Seán

    @nomen

    Lisbon will be passed by a convincing margin. Read the treaty rather than xenophobe interpretations.

    Printing is primitive stuff, it should be possible to throw a load of "paper" into a washing machine and then dry and press it back into blocks of a4,

  9. Ken Hagan Gold badge

    Modern printing devices keep digital copies of scanned or printed documents.

    Care to elaborate? I doubt the average printer has the storage to retain even the current document if it runs to more than a few pages. If you want to spy on data, you'll need to plonk some malware on the printer. I've not heard of any such thing, though I suppose it's no less likely than a remotely exploitable flaw in SMB on a PC. Hmm, haven't heard of any of those recently either.

  10. Anonymous Coward
    Anonymous Coward

    RE: OK - I'm convinced....

    Yes, too true. Been there, seen it, done it.

    At one stage about 10% of the support calls were desktop printers that had been bought/installed by individuals out of their departmental budgets so policy was changed to fully maintained centralised printers with backups and got the same problems of users complaining despite the fact it was a far better situation for everyone (a 50 page report printed in a few minutes, including auto stapling and sorting, rather than 20 on a colour inket).

    I even used to walk up two flights of stairs to get my printing when I needed it, but unlike some users I didn't feel the need to print every e-mail I received and put it in my inbox!

    Don't get me started on the centralised fax server with routing to individuals user's PCs and faxing from the desktop. Opposite problem this time - sales guys seemed to enjoy standing by the fax machine for 5 minutes waiting for their signed contract to come through. Now they had to carry on working at their PC as normal and not waste time!

    Users are never happy and they always think "the old way" was better!

  11. Anonymous Coward
    Anonymous Coward

    @ac

    How about eliminating some of the security risks inherent - .303 between the eyes of the users incapable of using the technology.

    Us Yanks prefer .308 or .30-06 for the old timmers

  12. Anonymous Coward
    Anonymous Coward

    @ac

    > "How about eliminating some of the security risks inherent - .303 between the eyes of the users incapable of using the technology."

    It sounds good, apart from the problem that if you shoot all of the ones that were a problem you'd make a fair dent in the office population, and then HR would just recruit more ad infinitum. You'd run out of ammo before they ran out of morons.

    > "Care to elaborate? I doubt the average printer has the storage to retain even the current document if it runs to more than a few pages."

    MFD's do have. Most come with at least an 80GB HDD, which stores at least a couple of documents.

  13. Aubry Thonon

    Mistake?

    "ENISA describes printing as the "forgotten link" in the security chain."

    Shouldn't that read "forgotten ink"?

    Mine's the one with the multi-coloured stains.

  14. Anonymous Coward
    Boffin

    @Ken Hagen

    Some printers and basically all MFDs have large hard disks (several GB+) that allow jobs to be stored and reprinted if required. This technology was originally put in for printing of large graphic and design files (normally from Apple Macs) where the spool time could be around 1 hour due to the amount of large high resolution colour images used. It allowed the graphic designer to proof a job and then re-print it directly from the hard disk without having to go through the lengthly spool process again (and you also made sure that the final prints were the same as the proof as it was the same file). The first "copiers" to also be printers were colour machines where the quality was needed.

    This technology has also come though to the black and white devices that you will find in the office. At a previous company, we used share a printer with the IT director who was always really secretive and never shared any info with the team. Every time we saw him walk up to the printer, we would re-print his job as soon as he walked away....

    Happy printing!

  15. Anonymous Coward
    Anonymous Coward

    Interesting descriptions of user stupidity

    I heard one from a colleague about the london insurance/finance market where he worked some years before. Apparently some of them were so fuckwitted they couldn't work out how to print selected pages of a document. Therefore they'd print the lot and bin the bulk of it.

    Hard to understand stupidity of that intensity.

  16. Anonymous Coward
    Anonymous Coward

    printing stupidity

    [redacted & reposted for our moderator, for whom sweary words are indecorous]

    I heard one from a colleague about the london insurance/finance market where he worked some years before. Apparently some of them were so ox-witted they couldn't work out how to print selected pages of a document. Therefore they'd print the lot and bin the bulk of it.

    Hard to understand stupidity of that intensity.

  17. David Dylan
    Jobs Halo

    Nothing new

    Nothing new... at a former employer me and a co-worker made it a hobby to google for certain terms in printer status pages, figuring out their IP address from the hits, telnetting into them and mucking with settings.

    AFAIK there's still a printer over at MIT that speaks french.

  18. Anonymous Coward
    Dead Vulture

    What are you talking about?

    > "As the spread of the Code Red worm demonstrated, modern networked printers can be affected by malware."

    Uh, no it didn't. Well, anything with a webserver - or indeed anything at all listening on port 80 - will have received a few requests, but they won't have *done* anything to it; Code Red was entirely specific to IIS.

    I think you may have been misremembering: Code Red exploited a buffer overflow in the IIS web printing facility. Not in the printer itself.

    Do remember to check facts. You're supposed to be doing journalism.

This topic is closed for new posts.

Other stories you might like