I've attached a copy of the fax Henry Norr forwarded to me to the end of this note.
I don't know how knowledgable Peter Fink is. He certainly knows more about PostScript than I do, but that's easy, since I don't know any PostScript.
I've also included a copy of a posting by Woody Baker which appeared on comp.virus today. This posting claims that it is possible to read EEPROM and hence determine the "evil password." This is important, since it means that it would NOT be necessary to replace the EEPROM as claimed by Fink.
I'm passing all of this on to the rest of you in the hopes that some Masher is a PostScript expert and can make some sense out of all of this.
From: Peter Fink, DesktopTo Press, 617-527-1899, FAX 617-332-1533
To: PostScript Imagesetting Community - Manufacturers, Software Vendors, Press
Date: July 22, 1990
Subject: Password-change vandal and protective Password Alert! PostScript code
Peter Fink Communications, Inc.
DesktopTo Press
26 Wetherell Street
Newton MA 02164.
Dated July 22, 1990
Message:
It appears that some sort of "Trojan Horse" PostScript file has been
vandalizing PostScript RIPS and printers by resetting their passwords to an
unknown value. This forces the owner to replace the printer's EEROM.
The problem has occurred in several separate areas of the USA during the past few weeks. MacPrePress reported the problem two weeks ago. Friday we
received a report from New York City of a password change that day.
The nature of the password vandal is not yet known. We have developed simple protective PostScript code, however, and are disseminating it free of charge. This code will also help find the offending file.
Details and Password Alert! PostScript code follow. Please feel free to
distribute this material inside and outside your organization as needed.
[note - I have transcribed this from a fax of a fax, and I do not know any
PostScript. It was particularly difficult to distinguish between curly braces
and parentheses in the copy I received. So there may well be errors in the
code displayed above - JLN]
Password Alert! is designed to do three things:
1. It protects your RIP by redefining the setpassword operator. This
redefinition remains in effect from the time you donwload Password Alert! until the time you reset or reboot the RIP.
2. If a print job tries to reset your password, Password Alert! crashes the
job (which probably doesn't produce a page anyway), sends an PostScript
message to the printing application, and screams bloody murder via its alert
page.
3. Password Alert! also captures the "evil" password you were about to receive
and stores it harmlessly in userdict so you can reveal it to the world. (If
we're lucky, the vandal substitutes the same evil password for zero in all
cases. If this is so, knowing the evil password will save future victims
considerable time and money. By the way, the evil password might not be an
integer, despite what it says in the Red Book.)
If an alert page shows up in your shop, you should apprehend the file being
printed, complete with associated graphics and fonts (likely candidates for
the vandal code). You should also immediately use the Print Evilpassword
utility on the next page to obtain a printout of the evil password - and of
course you should contact us and the entire PostScript community.
Associated with Password Alert! are three brief utility PostScript files:
1. Test - Attempts to change password (to confirm that Password Alert! is
installed)
serverdict begin 0 exitserver
statusdict begin 0 1 setpassword
Test tries to change the password from 0 to 1. Download this file after
downloading Password Alert! - you'll probably see the alert message and the
alert page should print. If this doesn't happen, Password Alert! hasn't
downloaded successfully (or has been transcribed incorrectly). You will
probably see the standard %%[exitserver... message. If so, Test has changed
your password to the number 1.
2. Revert to Zero - Changes the password from 1 back to 0 if needed.
serverdict begin 1 exitserver
statusdict begin 1 0 setpassword
Revert to Zero changes the password from 1 back to 0. Download Revert to Zero
if Test gives you the standard %%[exitserver... message and no alert.
3. Print Evilpassword
/Helvetica findfont 12 scalefont setfont
70 70 moveto (The evil password is: ) show
userdict /evilpassword load 256 string cvs show
showpage
[The word "cvs" in the third line above may have been "cvg" or something else
- it's very unclear on the fax of the fax. I think it must be "cvs" for the
PostScript "convert to string" operator - JLN]
If Password Alert! prints an alert page, someone has attempted to change your password. You may have foiled the vandal - and captured the evil password! If so, download Print Evilpassword to print a page with the evil password. Do this before rebooting the RIP, because rebooting will remove the captured /evilpasswor that generated the alert page, plus all associated fonts and graphics files!
If you obtain the evil password (and/or a suspected vandal file), contact
Peter Fink and DesktopTo Press at the address, phone or FAX below. Password
Alert! should work on all PostScript implementations, and probably also on
clones that use exitserver and the PostScript password sheme. I'd like credit
for writing this program but claim no commercial rights - this code is free
and (as always) used at your own risk. Every service bureau with PostScript
or PostScript-compatible printers should use this or similar code immediately.
Here is the piece of code that resets the password in a PostScript printer,
which I've obtained. I'd like to make a point of clarification. Some people might know that Woody Baker offered to make copies of his code available to people who wrote in to him, subject to slightly more onerous conditions than at least one other person on the net thought correct. I then offered to make this code available, making an oblique barbed reference to Woody in the process. I have since had the opportunity to speak to Woody about this, and I would like to emphasize that Woody's code is more complex and contains more powerful, and dangerous operators than mine, and considerable potential for harm. Woody's terms are entirely appropriate and generous considering what he had on offer. I think I've provided a cleaner and simpler solution but those who need the additional power of Woody's code can still write to Woody. This program resets the password to zero, using the standard PostScript operator setpassword. Woody and I both feel that in this form, the code is useful to those who have forgotten the laserwriter password and don't feel apple ought to charge and arm and a leg to correct the problem, and not particularly dangerous, though of course such things by their nature can cause harm. Please use with care. I can't guarantee this will work but it's not likely to blow your laserwriter to bits in the process, at least. It will most likely fail on clones and won't work with Emerald RIPs.
