Low tech solutions to high tech problems

| No Comments

I think the time has come to wake everyone up again about the importance of securing your computer. You do lock your doors when leaving your house or parking your car, and your valuables are stored in a vault somewhere, right? The time that you used your computer just to type out a letter or play some game is long gone. Your computer will contain traces of your identity, may have bank account information stored on it, your passwords and ID for the online stock market, e-mail account information, you name it. If you never thought about it, now is the time to start doing so.

Why do bring up all this? Because I've got an excellent story to share with you all, and while the specifics are beyond me and I never actually thought about it, the story in itself hardly comes as a surprise. Thanks for the scoop, Dad. I probably would have missed it otherwise (too many news feeds to follow).

According to these articles (article 1, article 2), researchers have found a way to print directly to your network connected printer, by including some malicious code to a web page. Yes, obviously that would allow spammers to deliver spam directly to your printer (aaargh!) but also could lead to your confidential data being printed on some printer halfway across the world. And nothing you would be able to do about it.

Well, as long as XSS (aka Cross Site Scripting) exploits and vulnerabilities exist, you can bet your money that they'll be (ab)used sooner rather than later. While browser developers scramble to close the holes, there is something you can do : turn off your printer and only turn it on when you actually need it. Simple as that.

While that would partially restrict the impact of this exploit, the underlying cause remains. Another option - if you use Firefox, that is - is to install the NoScript browser addon. It was specifically coded to prevent and catch XSS exploits. It's not the prince on the white horse, nor the savior of the universe, but the less options the bad guys get to manipulate your data and your browser sessions, the harder it'll be to succeed.

Note : I specifically point to this firefox addon because I tend to use and love it. If there are similar scripts or extensions for IE, Opera, Safari or whatever browser you may be using, please feel free to let me know. I'll happily include a link in this post.

Leave a comment

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.13-en

About this Entry

This page contains a single entry by ServMe published on January 21, 2008 5:06 PM.

Grin was the previous entry in this blog.

Cute bunnies and skunks is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.