Great vid and POC

Totally over rated, Most distributions have fixed it by ether removing the daemon, or disabling it. This is not Windows were it takes them for weeks to fix anything.

Nice explanation! Thanks

31:58 Your telnet expects " " newline sequences while the remote terminal only prints " ". After skimming the manpage, I think the onlcr option in stty can address that.

awesome poc. thanks for the video

Awesome demo. Great narration. Thank you! I am not a linux person, what surprised me is that apparently it seems common practice that network printers located outside your LAN can simply advertise themselves to your linux box. Mitigation imho would be fixing firewall settings or adding OS specific protection against accepting IPs outside your home turf. If this exploit is based on mDNS, I would doubt though that mDNS would be sble to cross your subnet in the first place. Or did I miss a crucial point? I have to admit I have definitely blind spots when it comes to Linux 😊 Thanks anyway for taking the time & explaining the mechanics behind this in such a well paced way, I am sure it helps many people better judge their personal risk.

Rather than trying to come up with a printer brand just call it "Print to PDF". I guarantee most enteprise workers would fall for it. You can even make the command actually produce a pdf file and they wouldn't notice the impact.

Dude, I was watching this video 2 days ago when you had 999 subscribers. Now you have 1.41k. Nice!! Great explanation indeed. Loved it

i strip all services and block all ports except ipsec protected ports needed for my servers. pretty much eliminates all kinds of low hanging fruit attacks. even if i never update my systems again. Of course a motivated attacker is a different story

Loved the lab demo. Great video!

Awesome. Thanks. 🥲

8:20 @PirateSoftware REF 💅

😈🖨 EvilPrinter

Ubuntu had the patched CUPS packages out early that morning ( West Coast US )

Not interesting really. Problem is.. cups.. desktop.. NAT.. != normally on public IP... So it makes it incredibly boring.. and no one in their right mind put it on the internet.. But as a horizontal vector.. sure

Brilliant walkthrough 😍😍😍

Really great explanation!

Great video, earned a sub bro!!!

Amazing video man. Loved the way you went into detail and explained everything.

Why this is so highly rated? Well I could bet on "now printers work fine, we will fix issue later". Later comes never and everybody forgets about it. :)

i will keep my macbook no linux

Proper NAT, and keeping your local network secure is important, obviously port 631 should be blocked on your public network facing nics.

this channel is such a gem bro hope you get more subs soon! Edit: btw do you know your site is down it may be my filters but i dont think so

So, for a user behind NAT, there's nothing to worry about?

You didn't really do anything wrong except not align xterm with your terminal sizing. You I believe were using xterm-256-color but regardless you can fix it with exporting the terminal size with stty rows and columns. Good video.

subbed

hey congrats on hitting 1000 subscriber. I'm the 1000th subscriber

The vulnerability is concerning, but of more concern is THE LINUX COMMUNITY (not the developers) trying to play down the seriousness.

Great video

Great video and explanation

Awesome stuff. Thank you for covering this!

thanks

Thanks for the thorough demo.

thx for the nice explanation and POC \o/

Great video. Thanks for sharing

Fantastic video, Andrew! Thank you for putting this together and sharing. Looking forward to more videos in the future.

I got the same email. John Hammond made a video about the same "fake captcha" phishing attempt this week too. Was funny to see it in the wild literally the day after watching that video.

Hey, great video! Saw myself in the VT community tab :D Keep it up!

I laughed so hard when i saw "press pasta then enter" asking me to run your malware on my computer for you is crazy lol

5:48 19/96 vendors spam it malicious and -50 community score for me on virustotal at the moment of writing this comment

5:48 19/96 vendors spam it malicious and -50 community score for me on virustotal at the moment of writing this comment

Literally at 3:20 I noticed the creation date and 4 seconds late you pointed that out, awesome And woah that captcha and JS was wild Thank you for this great contribution to the community

got the same email but mine was from 'thehackingsage/hacktronian'

Great video Andrew, its so unique what Copy Paste can do! John Hammond covered the same technique too!

Hi Andrew, I wanted to ask this during the Cyber Mentor live session, but I missed the notification, unfortunately. Do I need to learn Python and scripting for a SOC analyst role? If so, where should I start?

Very good walkthrough . Bravo

How well does port scanning run through this? Still hot garbage, or does this work a lot better?

THHHEEE new standard.