Hacking the Dot-Matrix Printer

It sounds like something out of a bad spy movie, but researchers at Saarland University have published a paper on a new hack targeted at those old trusty dot-matrix printers. These researchers discovered that by recording the sounds the printers made and running them through a speech-recognition algorithm, they were able to extract the words printed on the page.  They were even successful in running their tests inside an actual doctor’s office – with permission of course, so this is not something that only works in the lab.

So what? No one still uses these dinosaurs, right? Not so fast, in a survey conducted by the same university, 30% of the banks, and 58.4% of doctor’s clinics still use them. In many cases, these devices were used to print out semi-sensitive information like receipts and prescription information.

And why do businesses still use dot-matrix printers? Well, for fairly standard reasons – they cost less than more modern printers, are very durable, and work with older hardware and computer systems. One company I talked to about this study said that it was cheaper to keep these old printers working than to upgrade the systems and software that utilized them.

After reading the paper, it seems the attack would have to be tailored to a particular model of printer, but even with that limitation, some interesting possibilities are available. Will the next Mission Impossible movie include a scene with Tom Cruise planting a recording device in a bank to get account numbers of his target? And what will we find out next, that the contents of a CRT or LCD can be replayed by measuring the radiation output? Oh wait….

Original study: How Printers Can Breach Our Privacy: Acoustic Side-Channel Attacks On Printers

Cellphone Tethering: Is it a big deal?

Is a smartphone really that smart if providers put limits on how its data connection is used? Cellphone tethering, or using your cell phone to access internet services on your computer, is in the news because of recent actions by Apple, Palm, and Google.

Apple is releasing their new OS for their phones, dubbed iPhone 3.0, that includes tethering – unless you live in the US because AT&T tethering support isn’t available yet. Earlier this spring, Google pulled all tethering apps from the Android app store at T-Mobile’s request. Palm has sent a polite cease and desist to the “Pre Dev Wiki” website asking for tethering instructions to be removed because they might upset Sprint, Palm’s exclusive service partner in the US. Given that tethering has been available on phones for several years now, why are cell providers suddenly so concerned? Are they worried that customers would cancel their land based internet connections in favor of cellular based ones? Or that tethering would cut into the USB data card market? Read more

EPC, Inc. Hosts Before Hours Yellow Tie Event

Be sure to take a moment to add a great “Before Hours” networking event June 23rd, 2009 that we’ll be hosting from 7:30am to 9am. Read on below for more details and don’t forget to use the link below to RSVP with Frank Polstion, our Vice President of Retail Services. We look forward to seeing you there!

Come shake some hands where smart business people come for their computer supplies and data security needs.

Enjoy Yellow-Tie networking with breakfast and coffee, and a back-store tour.

What could be better?

Hosted By….  EPC, Inc.

— http://www.epcusa.com

Host Contact. Frank Polston — 636-443-1999 x1013, frank@epcusa.com

Date……… Tuesday, June 23, 2009
Time……… 7:30 to 9 a.m.
Location….. EPC, Inc.
Address…… 3941 Harry S. Truman Blvd., St. Charles, MO 63301

Cost……… Free

Register now at: http://www.yellow-tie.org/events/stcharlesco/june2009handshakes

EPC is Employer of the Year – Energy Efficiency

At a recent St. Charles Chamber of Commerce luncheon, EPC was awarded the 2009 Employer of the Year in the newly created Energy Efficient category. This award was mainly focused on our environmental commitment and their efforts to reduce energy consumption.
Presenting the award was St. Charles Mayor, Patty York who said in announcing the award, “EPC’s commitment to a clean environment by recycling paper, plastic and computer equipment, refurbishing components and avoiding landfills is excellent.” York added that EPC’s “involvement of your employees in state and national recycling organizations is commendable.”
In addition to the award, EPC was presented with 6 framed proclamations from the St. Charles City and County, the Missouri House and Senate, as well as the US House of Representatives.
President Dan Fuller accepted the award and commented on EPC’s 200+ employees, “While I had the pleasure of receiving the accolades for the award, this is much more about all of you and your commitment to EPC. Without a dedicated, hard working commitment by you none of these awards would be possible.”

Saying Goodbye to an Old (36″) Friend…

I can remember the first time I saw a “large screen TV.”

It was a 36”, gigantic Magnavox CRT (Cathode Ray Tube) television that was in the Electronics department at my local Walmart and had our family name written all over it.  As our first wedding anniversary eased into our crosshairs, along with my wife’s Walmart-based discount, we eventually pulled the trigger on our new, electronically-inclined family member and brought it home – heaved it home was probably more apt.  Going from a 20 inch television to an epic 36” motherload of black plastic and huge CRT tube was literally vision-changing in our house.  Everything was more crisp.  Colors POPPED out from our newly-cornered visual companion. Closed captions were like miniature billboards and life was good as we welcomed our tandem anniversary present and newfound family member home.

That was 1996.

Read more

Buy a used hard drive on eBay, get government secrets for free!

Imagine it, you purchased a computer on eBay, plug it in, and find top secret missle defense secrets. What would you do? This is the situation a research group at Longwood University found themselves in after purchasing a used hard drive from the popular auction site.

This hard drive reportedly contained files from Lockheed Martin, a large US military contractor. The data recovered included: test launch procedures for the Terminal High Altitude Area Defense (THAAD) ground-to-air missile defense system, security policies, blueprints of facilities and social security numbers for individual employees.

A representative from Lockheed Martin is quoted in the article as saying:

Lockheed Martin is not aware of any compromise of data related to the Terminal High Altitude Area Defense program. Until Lockheed Martin can evaluate the hard drive in question, it is not possible to comment further on its potential contents or source.

Fortunately, this drive as purchased as part of a controlled study to see what information could be recovered from used hard drives and did not fall into the wrong hands. The study also uncovered other sensitive information including bank account details, medical records, confidential business plans, financial company data, personal id numbers, and job descriptions.

The drives were bought from the UK, America, Germany, France and Australia by BT’s Security Research Centre in collaboration with the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US.

A spokesman for the project said they found 34 per cent of the hard disks scrutinized contained ‘information of either personal data that could be identified to an individual or commercial data identifying a company or organization.’

Even though the information in this case did not fall into the wrong hands, this story illustrates the importance of having a controlled data destruction process in every organization. Ask yourself this: can you track every computer, every hard drive after it is pulled from production? Do you know for a fact that every hard drive is wiped or destroyed? If you cannot answer yes to both questions, you owe it to yourself to work with a vendor that can fill this gap.

A hat tip to ExportLawBlog for their analysis of the incident.

Cell Phones Tell Secrets From The Grave!

Recent research, from Regenersis, suggests that close to 100% of all cell phones disposed of contain information that could be brought back to life.

If not removed, all those pictures from Cancun… all the music you’ve downloaded… and yes, all those text messages to your mother can be retrieved! So next time you upgrade to the latest and greatest smart phone, make sure you dust off the manual for the old one and take the time to run through the steps to perform a complete reset of the unit.

On the other hand, you could also take it to a company, such as EPC, who will completely shred the unit to help protect any overlooked data within.

Would you like paper, or plastic?

House Democrats recently re-introduced a bill that would impose a $0.05 fee on all single-use plasic bags. The fee would take effect January 1st, 2010 and actually be increased to $0.25 in 2015.

This would really make reusable grocery bags an absolute no-brainer for everyone. You can pick them up at your local grocery store, or Wal-Mart, for about a buck, or even summon the Martha Stewart in you (pre chain gang) and make your own!

However, if you do end up using a plastic bag, please remember to drop them off at your local grocery. Almost all provide a recycling solution.

Tech News: Seesmic Desktop Edition

  • Seesmic Desktop Beta available: Thanks to the great video podcast, Tekzilla, I found a great twitter client in the style of TweetDeck that improves on the original in several ways. You have to sign up for their mailing list to be added to the beta test, but it is completely worth it.
  • Hack Twitter, Get a Job? The teenage hacker that recently published a few twitter worms was hired by exqSoft, a web application developer. Says the exqSoft CEO: “Any publicity is good publicity.”
  • The Pirate Bay found guilty: In a decision that will likely have legal implications far outside their native Sweden, the admins of The Pirate Bay were found guilty of ‘assisting in making copyright content available’ and were fined $3.6 million and sentenced to 1 year in jail. Not so fast – this verdict will definitely be appealled.
  • Stanford to offer free iPhone app development courses: If you have always wanted to learn how to make an app for the current hotness, Apple and Stanford want you!

Turning obsolete technology into art

Now this is a pretty cool form of computer recycling: WebUrbanist has a new image gallery of 20 examples of art made from old technology. The examples presented utilize typewriters, old cassette tapes, phones, keys from keyboards, computer cases and more. See how many different pieces you can recognize!

My favorites are the Jimmy Hendrix portrait from a cassette tape, the giant robot (a.k.a. WEEE Man) and the model T-Rex.

20 Amazing Examples of Art from Obsolete Technology – WebUrbanist