582: On the CUPS of Disaster
14We explain the one-packet attack on CUPS and discuss its real-world implications. Plus, a Meshtastic update and more.
Sponsored By:
• Jupiter Party Annual Membership (https://jupitersignal.memberful.com/checkout?plan=117630r) : Put your support on automatic with our annual plan, and get one month of membership for free! (https://jupitersignal.memberful.com/checkout?plan=117630r)
• Tailscale (http://tailscale.com/linuxunplugged) : Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! (http://tailscale.com/linuxunplugged)
• 1Password Extended Access Management (https://1password.com/unplugged) : 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. (https://1password.com/unplugged)
Support LINUX Unplugged (https://jupitersignal.memberful.com/checkout?plan=52946)
Links:
• 💥 Gets Sats Quick and Easy with Strike (https://strike.me/)
• 📻 LINUX Unplugged on Fountain.FM (https://www.fountain.fm/show/dWiuBeqpDSM86AwXRXov)
• Attacking UNIX Systems via CUPS (https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/) — A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).
• Marcus Hutchins Scan finds 107,287 servers responding to the UDP port 631 (https://x.com/cyb3rops/status/1840276733682974906) — Instead of relying on Shodan data, I performed my own internet-wide scan using a distributed network of servers. This resulted in discovering drastically more exposed cups-browsed instances, causing my total count to rise from 13,289 to 107,287.
• Shodan on X: 75,000 exposed CUPS daemons on the Internet (https://x.com/shodanhq/status/1839418045757845925)
• Annual Membership (https://jupitersignal.memberful.com/checkout?plan=117630) — Put your support on automatic with our annual plan, and get one month of membership for free!
• nodeboard (https://nodeboard.io/) — Your Ultimate Digital Inventory Manager
• Lightning Pay (https://app.lightningpay.nz/)
• activate-linux (https://github.com/MrGlockenspiel/activate-linux) — The "Activate Windows" watermark ported to Linux
• Install Frog on Linux | Flathub (https://flathub.org/apps/com.github.tenderowl.frog) — Extract text from images, websites, videos, and QR codes by taking a picture of the source.
• Clapgrep (https://flathub.org/apps/de.leopoldluley.Clapgrep) — Ever had a folder full of PDF files, where you knew, somewhere in there, is what you're looking for. But you did not know in which file. So you had to search each of them at a time...
Other Videos By Jupiter Broadcasting
| 2024-10-18 | 134: YouTube Unplugged |
| 2024-10-16 | Welcome to Inflation Valley |
| 2024-10-16 | 591: FOSS does what Nintendont |
| 2024-10-13 | 584: Captain Meshtastic and the Solar Cowboy |
| 2024-10-09 | The Satoshi Distraction |
| 2024-10-09 | 590: Google’s Loss is Our Win |
| 2024-10-06 | 583: Nix on Easy Mode |
| 2024-10-04 | 133: No Google October |
| 2024-10-02 | Buy the Invasion |
| 2024-10-02 | 589: Blame the Tools using the Tools |
| 2024-09-29 | 582: On the CUPS of Disaster |
| 2024-09-24 | Here Comes the Machine |
| 2024-09-24 | A Coder PSA |
| 2024-09-22 | 581: The Linux Escape Hatch |
| 2024-09-20 | Rate Cuts Like Your Job Depends on It |
| 2024-09-20 | 132: Uploading at the Speed of Light |
| 2024-09-18 | 588: Hulk Smash “PUNY DEVS” |
| 2024-09-15 | 580: Brent's Boogie Bus Broadcast Bash |
| 2024-09-11 | How Housing Prices Prove the Money is Broken |
| 2024-09-11 | 587: Surfing the WSL Wave |
| 2024-09-08 | 579: Lost & Found |