582: On the CUPS of Disaster
29 September 2024
We explain the one-packet attack on CUPS and discuss its real-world implications. Plus, a Meshtastic update and more.
Episode Links
- π₯ Gets Sats Quick and Easy with Strike
- π» LINUX Unplugged on Fountain.FM
- Attacking UNIX Systems via CUPS β A remote unauthenticated attacker can silently replace existing printersβ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).
- Marcus Hutchins Scan finds 107,287 servers responding to the UDP port 631 β Instead of relying on Shodan data, I performed my own internet-wide scan using a distributed network of servers. This resulted in discovering drastically more exposed cups-browsed instances, causing my total count to rise from 13,289 to 107,287.
- Shodan on X: 75,000 exposed CUPS daemons on the Internet
- Annual Membership β Put your support on automatic with our annual plan, and get one month of membership for free!
- nodeboard β Your Ultimate Digital Inventory Manager
- Lightning Pay
- activate-linux β The “Activate Windows” watermark ported to Linux
- Install Frog on Linux | Flathub β Extract text from images, websites, videos, and QR codes by taking a picture of the source.
- Clapgrep β Ever had a folder full of PDF files, where you knew, somewhere in there, is what you’re looking for. But you did not know in which file. So you had to search each of them at a time…