Top

Printer Diving

November 21, 2009 by  

I had an interesting conversation this week. A gentlemen told me that he frequently sees things on printers that are of interest to him. It’s understandable that people often print new diagrams, Org charts, or special project material that others may find interesting. Nothing out of the ordinary there… However, he went further and said that many times he has no idea where the items come from or who they belong to, but if they sit on the printer too long he feels that the documents belong to him.

I found this statement quite humorous at first. Actually, I laughed for a few seconds because I thought he was kidding. As it turns out, he was very serious. I thought about it for a while and realized that this is likely going on all the time in large enterprise environments.  A user could print out a sensitive document to a print station, someone grabs it by accident, and then the document owner shows up to nothing at the printer. Thinking that the printer may have malfunctioned, the document owner may re-print it and think nothing else about it. The other person that grabbed it by accident may eventually decide to return the document to the printer. At that point, the document just sits on the printer to be glanced over by anyone using that printer. Someone could then decide to go “Printer Diving” and pick up the sensitive document without a valid need-to-know.

While this may seem a bit trivial since only authorized employees should have access to print stations, let’s not forget about non-cleared visitors, disgruntled employees, competitors, or simply authorized users without a need to know.  In that regard, printer diving can be compared to dumpster diving.

Comments

2 Responses to “Printer Diving”

  1. Paul on December 15th, 2009 5:01 pm

    This happens more often than some organizations may admit. . It is a concept that should be talked about at all Security Briefs geven to employees. I have spoken with a few personel within the INFOSEC community and they had not been exposed to this concept, and will be bringing it to their organizations. Thanks for the post….

  2. Marcos Christodonte II on December 22nd, 2009 1:39 pm

    Thanks for your comment, Paul, and for sharing with others. Printer Diving, although seemingly trivial, does warrant some attention within the enterprise — if simply for awareness. Leaving sensitive documents on a shared printer for hours is a bad habit. Doing so not only exposes what could be “intellectual capital” to passing visitors or employees heading to work for the competition, but it may also cause chaos in the likely event that a new organizational chart is printed with a few names missing…

    Marcos

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!





Bottom

Warning: Unknown: open(/home/content/30/5076530/tmp/sess_1rkceq92ufdggb2oemjrgl12o3, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0