24 June 2010

Overheard

Sometimes you innocently overhear the darnedest things...

Today I was standing in line at one of the nationwide chains of office services and supplies, that will OBVIOUSLY remain nameless, when I hear the lady in front of me ask the cashier if the company "deletes all of the documents" form their printers, faxes and copiers.

Well, it seems the one asking the question, though a great question, did not really understand what they were asking anymore than the cashier knew how to answer it.  The cashier's answer was that they (the nationwide retailer) were on a network and that they could delete what they print from the printers through the network.

The customer then asked if the actually do delete the documents as she was worried in case they disposed of the printers or sold them.

The cashier stated that yes, she deletes things that she prints all of the time when she is printing.

Customer is satisfied and walks away happy with the answer!

Okay, so many of you get the picture.  The customer must have heard form a friend or in reading something that data can be stored on various peripherals after the copies are made, faxes transmitted or the print job has been picked up.  This is true of many devices and I have found many documents available to me as I scanned, prodded and poked these devices at various places of employment and engagements.  I have seen sensitive documents that no one had a clue remained on the devices.  Many of these were personal in nature (I never read them fully as I get embarrassed for the person and feel once I have determined that the doc probably should not be stored there that I am finished with the document).  I can tell you I have seen bank statements, various attorney/client private docs and personal budgets.  Not to mention the files of the employers that may be of a sensitive nature.

It was always interesting trying to convince the admin responsible for the printer administration that the documents are actually stored there and that in most of these cases there was also an underlying default install of an operating system with a web, ftp and tftp server just for starters.  A couple times I dropped netcat/cryptcat or a port scanner on the devices so that I could then begin to scan the admins box or create some other traffic so that when I approached the admin and had him/her look at the network traffic coming to his box and the source IP address I really got to have a moment of good humor when the realization struck their face.  Forensically, you can be certain that data is there for a long time!

I will add more on this later this week; I know it is an old subject; but given that I heard that short conversation today, I just had to share quickly and will need to pull out some of my old "do's and don'ts".  To state the moral rather succinctly; "beware from where you print and copy!".  

No comments:

Post a Comment