Yellow dots a sympton of technology bird-flu?

[Guest guest]

Secret tracking codes in laser printers cracked

By OUT-LAW.COM

20th October 2005

 

The pages that are printed by your colour laser printer may include tiny

dots, almost invisible to the naked eye. The dots form a code that can

be read by the US Secret Service, ostensibly to track down

counterfeiters. Now, for the first time, the code has been cracked.

 

The Secret Service has admitted before that the tracking information is

part of a deal struck with selected colour laser printer manufacturers –

including Xerox, Canon and many others. If a colour laser printer is

used to forge a document and agents get sight of the document, the codes

can be read. However, the full nature of the private information encoded

in each document was not previously known.

 

 

 

" We've found that the dots from at least one line of printers encode the

date and time your document was printed, as well as the serial number of

the printer, " said EFF Staff Technologist Seth David Schoen.

 

You can see the dots on colour prints from machines made by Xerox,

Canon, and other manufacturers. The dots are yellow, less than one

millimetre in diameter, and are typically repeated over each page of a

document. In order to see the pattern, you need a blue light, a

magnifying glass or a microscope. But once you've cracked the pattern,

you may be able to trace the owner of a printer that produced a

suspicious document.

 

The major manufacturers tend to say little about the issue on record.

When investigating the issue earlier this year for Issue 12 of OUT-LAW

Magazine, a typical response was: " Epson is cooperating closely with

industry groups and the relevant authorities in each country to prevent

counterfeiters use [sic] its products in illegal activities. However,

due to the sensitive nature of this issue we are unable to comment about

the exact measures that are being taken. "

 

With a serial number, a supplier can identify its customer – although it

may not expect to receive such requests. OUT-LAW spoke to dabs.com, the

UK's leading online retailer of computing and technology products.

Spokesperson Louise Derbyshire said the company was unaware that

printers left their fingerprints on each printed page. She acknowledged,

however, " dabs.com uses serial numbers to track products as they move

through our warehouse and are shipped to customers " . So, if required,

" we could trace the delivery address. "

 

EFF and its partners began its project to break the printer code with

the Xerox DocuColor line. Researchers Schoen, EFF intern Robert Lee, and

volunteers Patrick Murphy and Joel Alwen compared dots from test pages

sent in by EFF supporters, noting similarities and differences in their

arrangement, and then found a simple way to read the pattern.

 

" So far, we've only broken the code for Xerox DocuColor printers, " said

Schoen. " But we believe that other models from other manufacturers

include the same personally identifiable information in their tracking

dots. "

 

Xerox previously admitted that it provided these tracking dots to the US

Government, but indicated that only the Secret Service had the ability

to read the code. The Secret Service maintains that it only uses the

information for criminal counterfeit investigations. However, there are

no laws to prevent the Government from abusing this information,

according to the EFF.

 

" Underground democracy movements that produce political or religious

pamphlets and flyers, like the Russian samizdat of the 1980s, will

always need the anonymity of simple paper documents, but this technology

makes it easier for governments to find dissenters, " said EFF Senior

Staff Attorney Lee Tien. " Even worse, it shows how the government and

private industry make backroom deals to weaken our privacy by

compromising everyday equipment like printers. The logical next question

is: what other deals have been or are being made to ensure that our

technology rats on us? "

 

2005, OUT-LAW.com (http://www.out-law.com/)

 

OUT-LAW.COM is part of international law firm Pinsent Masons.

 

 

- - -

The Register » Odds and Sods » Letters »

 

Yellow dots a sympton of technology bird-flu?

 

And get ready for a Time Lord fist-fight

 

By Lucy Sherriff

21st October 2005

 

Letters

 

Here's a weird thing we found out this week: if you are Cuban, and want

to buy a mobile phone in Cuba, you need a foreigner to sign up for one

for you. How's that for user-friendly? Almost as good as the Qatar city

of Doha where, in the 1980's at least, you had to be a registered

alcoholic in order to buy a drink:

 

Exactly how would you expect Castro to open the country to new

technology. Or to be more precise, under the stupid, pig headed US

embargoes of the country, exactly how would you propose they generate

the required foreign currency to pay for all these shiny new gadgets

you're so keen for the Cubans to have.

 

Now while I sympathise greatly, and wish they had all the shiny new

things their hearts could desire (After all, he who dies with the most

gadgets wins), perhaps time would be better spent forcing the US to stop

the crap & treat them at least as well as they treat other countries

that had revolutions such as China...

 

Hamish

 

With regards to your article on Cuban Pre Pay Issues. I used to work at

a large multinational supplier of Mobile Comms systems who's customers

were spread around the world from the Central African Republic, to

Switzerland, Latvia and the USA. We provided the computer systems that

allowed for Pre Pay services to be offered. THings such as the real time

rating of calls, to the handling of SMS.

 

Anyway, I worked on the design for the solution for Cubacel back in

2001/2. Cubacel had asked for all the usual things, but along with this

they needed the ability for dual currency (Pesos and USD) even though

the USD was technically illegal in Cuba, and the other strange thing was

that there had to be an interface to the national accounts to allow for

the government to credit every pre pay user's account with credit every

month.

 

We spent ages trying to get all this to work, and quoted for it at a

reasonable price (relatively of course). Then came the real kicker. Even

though we had to make it possible for rs to op up using USD, we

weren't allowed to use ANY American hardware. This initially pushed the

price beyond the limits of sanity, and finally lead to the collapse of

the deal.

 

So all in all, I'm not overly surprised that coverage is patchy, service

poor and problems arise. Mind you the people from Cubacel I dealt with

were the nicest of any of the operators I spoke to in my three years

there. Much nicer than those troublesome Bahamians.

 

Name withheld

 

On my visit to Cuba this summer the country was very welcoming!

Admittedly it took a little while at immigration but that was just

checking passports. Mobile phone coverage was limited to the tourist

areas but then the majority of locals only have enough money to live,

let alone own and use a mobile phone. And in my hotel there was

broadband - a little slow but worked fine! It wasn't even restricted

like other communist countries.

 

Plus it was a lovely country with very friendly locals.

 

Ben

 

Also surfacing this week were suggestions that management might be

starting to listen to advice from their organisation's computer security

staff. Or at least, that security staff are starting to feel optimistic

that management might listen to them, one day:

 

It's nice that some of my fellow security professionals thing they have

increasing influence in their organisations ( " According to the survey,

the efforts of many in the profession to sell their value to the

organisations they work for are beginning to pay off. Survey respondents

were generally optimistic about levels of influence within their

organizations, with a third (33.4 per cent) saying that information

security’s level of influence within business units and executive

management has significantly increased. " ).

 

But hey, let's call a spade a spade here - the reason IT Security has an

increased profile and budget within organisations has little to do with

a sales snow job from your friendly CISSP-qualified security person and

a lot more to do with two US politicians, Messrs Sarbanes and Oxley...

 

Repeal s.404 and s.302 of the Sarbanes-Oxley act and see what happens to

your IT security budget bro...

 

cheers, Steve

 

While it is heartening that security concerns have produced some reflex

response in the managerial notochord, unfortunately the flailing and

kicking produced is at best wasteful, and at it's worst harmful.

 

Until we stop building networks based on the world's flimsiest protocol

suite ( IP ) that are connected to database systems and applications

built on UNIX or Microsoft operating systems, we may as well try to

fire-proof a paper house.

 

Nathan

 

A week to celebrate the prevention of ID theft. Break out the shampoo,

er, champagne:

 

Three points: - isn't this " Week " just a 'spin twin' of its evil

counterpart, the ID card bill ?

 

- what were the sample sizes and demographics, so we may determine

whether this was applied to a couple of houses down the road from David

Beckham, or Nottingham's Meadows estate ?

 

- one extra tip in your 'how to avoid' list : always ask cold-calling

financials(GE Capital springs to mind - they like to ring at 8.30am on a

Sunday to remind you you've forgotten your payment) for (e.g.) the last

two digits of your account number, so /you/ can check who /they/ are,

before they take your security details.

 

Regards, Mike

 

A former security adviser to the President of the US has said cyber

security risks across the pond are being poorly managed by the

department of Homeland Security. Hands up if this surprises you... No?

No one? Oh, OK then.

 

I have worked in the computer support field for twenty years. I can tell

you that many of my colleagues and our management suffer from an

overwhelming lack of interest in security and in quality of work.

 

The prevalent attitude is that we won't address problems because they

will probably never lead to failures on our watch. People would rather

bet that a vulnerability will not be exploited than close the

vulnerability. People would rather continue to use a dysfunctional

system than fix it.

 

The only conclusion that I can draw from my work experience is that most

people are sociopaths and passive accomplices to business failures. I

would be willing to bet that most successful computer attacks could have

been foiled if the computer administrator and his/her management had

done their jobs properly.

 

The bit in the article about holding individual people responsible for

flaws is not so unrealistic. First, how about just holding the

corporation that created the software responsible. That would be a big

step in the right direction. Secondly, the entire product is not always

at fault. Often there is one small part of a large product that is flawed.

 

Therefore it would not take the mind of Sherlock Holmes to ascribe

responsibility for whomever was responsible for this or that flawed module.

 

Anon

 

You weren't hallucinating. You could see yellow dots on your colour

print outs. The printer company put them there for the FBI to use in

case you went on a counterfeiting rampage. Feel better?

 

Right... I'll be paying cash, picking up in person and wearing a hoody

and a baseball cap next time I buy a printer then....

 

Anon

 

Just buy your PCs in cash at PC World like me, and then forget to send

in your Warranty registration card, like almost everyone...

 

Nathan

 

There is surely a simple workaround for this tracking info - simply add

a watermark or background of a very pale yellow, so it prints mostly

white with scattered yellow dots. Or solid yellow, so the tracking dots

are washed out, or a bitmap pattern encoding the serial no of some

printer at, e.g., the Pentagon...

 

--Nigel

 

I'm sure the NSA or FBI or whoever think they've done a really clever

thing, trying to find out which printer printed whatever damning

documents they didn't want printed. The forgers who want to print

banknotes will either not buy these printers or just use their own

technology.

 

For the whistleblowers and activists who don't want to get caught (and

can't afford to use ordinary black-and-white photocopying...), I'm sure

that a background of randomly distributed light yellow dots will be

enough to throw the spooks off the trail.

 

Paul

 

As if we could get through letters without some reference to the Dr. Who

spin-off:

 

A Doctor Who spin-off? Hopefully it won't end up like K-9 and Company.

 

Tim

 

I don't think Russell T. Davies successfully 'revived' Dr Who,

Christopher Ecclestone was poor, the directing was worse and the music

was abysmal. I didn't like the story arc either.

 

Captain Jack was a humorous, but ultimately light-weight character and

your description of Torchwood is not exactly inspiring. Although it does

remind me of the Chief Wiggum spin-off show, where he would have 'sexy'

adventures every week.

 

If they had chief Wiggum in the Bayou instead of John Barrowman in

space, it might be worth watching.

 

John

 

Even better than hearing that Captain Jack would be gracing our screen

in a series of his own, though, was the revelation that bird flu, while

being a virus, is not likely to affect computer systems. Thank you

Gartner. We shall all sleep easier:

 

Fantastic! I was in no end of worry with sleepless nights and cold

sweats about what would happen to my ebay sales should I meet a horrific

end via a transmuting virus chocking the life out of me. Now who is

going to cover the procedures to ensure our IT systems are safe should a

meteor the size of Australia come crashing in to the Earth.

 

Jon

 

HaHa!

 

As the sole admin for a medical college, this is exactly what my

workplace intends to do with me:

 

Lock infected employees in their homes with broadband access and then

paint a red cross on the door, so I can remotely reboot the servers for

the next generation emerging blinking into the post-apocalyptic landscape.

 

Ah, The Reg, always on the money ;-)

 

Matt.

 

Hmmm...

 

" Make your workforce aware of the avian flu threat and the steps you're

taking to prepare for it. "

 

There's a global bird flu threat? Really? *shocking*

 

" Assess your business continuity preparedness for this type of workforce

outage scenario and try to improve it (if necessary). "

 

Simple: It's doomed! No point in worrying about it - go down the pub

instead.

 

" Assign someone in your business to track biological threats such as the

avian flu. He or she should regularly review business continuity plans

and update them in response to new information. "

 

So, what happens if that person gets bird flu and kiffs it?

 

" Establish or expand policies and tools that enable employees to work

from home with broadband access, appropriate security and network access

to applications. "

 

Coffins with broadband pre-installed?

 

" Expand online transaction and self-service options for customers and

partners. "

 

If everyone is going to be dead or at least very ill, then there are two

minor issues with this statement:

 

a) Who's going to be buying stuff? Dead people? b) Who's going to be

delivering the stuff should anyone have survived to purchase it?

 

" Work with customers and partners to minimize any disruption by

developing coordinated crisis response capabilities. "

 

Buy adjacent allotments in a graveyard so you can continue your business

relationships in to the afterlife?

 

Yup, I'll be sticking with the Reg's top tips instead. Particularly the

bloke on the roof with a minigun and a baseball bat for when he runs out

of bullets.

 

I'd like to add some more to your list if I may:

If you see a tree, either shake it (scare the birds away) or chop it down

Breed *lots* of cats - at least 200 per household

Poison those " nuts in red fishnet bags " things that you hang in your garden

Fill the local duck pond with piranhas (sp?) or crude oil

Eat as much crispy duck as possible as it'll soon be off the menu

(replaced by crispy tit, etc)

Buy shares in Rentokill or any company that makes Scarecrows

 

If all else fails:

Build a desert sub-bunker and start stocking up on supplies, then learn

the fine art of googlewhacking to pass the time

 

Guy

 

Giants of '70s rock they may have been, but what makes The Who experts

on global pandemics, avian or otherwise?

 

Mike

 

Groan. Any more of that, and you're barred, Mike.

 

Lock infected employees in their homes with broadband access and then

paint a red cross on the door, bugger that! I'm going to lock myself in

my own home, with a big cross on the door and a note to Domino's asking

them push the food through the pizza sized slot provided and the drink

through the cat flap.

 

Oliver

 

I think the part of your article that worries me the most is that, out

of everything else I have read regarding bird flu, the advice you add at

the bottom of your article is the most sensible I have read yet.

 

Makes you wonder about the intelligence of some people in charge and if

the next crisis will be caused by bird flu or bird brains.

 

Frank

 

And finally, the news that Microsoft is one of the sponsors of the new

Wembley Stadium has caused some concern already:

 

Personally I won't be walking under that arch until it's had at least 2

service packs.

 

Richard

 

Fair play, Richard, fair play. ®

 

I-NET+ CERTIFICATION from the Register's training library

Promote your Events and Training courses for free

Latest Mobile Gadgets Software Downloads

IRIS Readiris Pro MAC (V6)

FrogPad USB Right-Handed Keyboard

FrogPad Bluetooth iFrog Right-Handed Keyboard

FrogPad Bluetooth iFrog Left-Handed Keyboard

CardScan Executive 700

WordJuice — Slide letters, form words, get juiced!

Aqua Words — A word game with a well-known hero - Aquatic!

Word Link — An interesting variation of a word search puzzle...

e-Campaign — A sophisticated group e-mail and e-mail marketi...

 

 

Join the Reg SETI group Join Reg Cancerbusters

© Copyright 2005

Privacy PolicyAdvertisingSite MapContact UsAbout UsSyndication