inb4 FBI on Marcus again

News soon leaks "Kremlin printers suddenly start auto printing".....

Hope ppl in charge will hear your call, thanks for your service brother ❤

Wow, this certainly is a leg up on the old "change the text string displayed on the HP printer" attack ☺️

Next up: "I accidentally messed up the entire internet using fake BGP requests"

My server has seen more than 50 recent attempts to connect to CUPS port. This is now being exploited. Anyone who has not secured their systems is probably compromised by now.

Can’t wait for the “I accidentally turned off the internet” video, keep up the good work Marcus!

I always knew that that bloody printer will be the end of me.

You're a very good teacher. Easy to follow what you're saying. Wonder why the default isn't setup tighter. 0.0.0.0 is full open door. Amazing.

Bro did not learn his lesson the first time

Man, if I had a nickel for every time that happened to me ... I'd be flat broke.

"Accidently"

A legend like u should be getting millions of views

that is not what 0.0.0.0 means, it means a listen is happening on every ip of the host on that port, the listen mask isn't a firewall

someone posted your video on mastodon -> first time watching this channel. really enjoyed your calm and easy to follow along explanation on the CUPS vulnerability.

Open the door 、its FBI

an informative video explained calmly with no background music and with a soothing voice. Great production, love your work

do not "scan the entire internet" kids unless you know, badged three letter indemnity

You are awesome Mr Marcus, have been looking at your videos for Manny years, and they are are absolutely awesome . My blessings to you 😊

You're a good person, I would have made a lot of money but you aren't me, you'e a good person indeed

You just created your own Orbitial Ion Cannon. Expect a knock on the door...

And that is why it was given a high rating…

Thank you for explaining every part of the process so clearly. It is thanks to people like you I develop an everdeepening interest in cyber security

Glad someone at my university notified my of that issue. I don't know if I would have heard about it another way.

Jail Bait meant something different when I was growing up.

Thanks Marcus for reigniting my desire to explore and curiosity ♥ This is sick!

4:23 320TB if my math is correct :D

"Accidentally" .. That's brave.

Would love to see a video covering, how you contacted the respective parties and how someone like me could go about it.

I LOVE THESE VIDEOS!!! Please keep making more

Wrote a high performance C++ scanner.. presumably because it's about three decades quicker than understanding massscan configuration.

Nice, U not only great at performing but also great at presenting your work.

Wow, you better get a Nobel peace prize soon mate!

bros trying to go back to jail

Wow. Learnt alot. Thank you Marcus.

your ISP in knocking on the door for espionage concerns 🤣🤣

Thanks for such high quality content.

Great video mate. Legend!

That amplification is incredible. Nice job chief

This needs more views. Great work. The world is in trouble 🤦‍♂️

NSA field day

Isn't this the guy that stopped one of the most infamous virusses of all time, ...

as an c2 owner (botnet but more powerfull). whould say this is not "accidental"

it seems to me that you likely just stumbled onto an existing botnet

Bro just gave the government back door access to those systems (if they didn't already have it) lol

Great breakdown Marcus! Now do ipv6 :-)

10/10 video I watched it without skipping a second

amazing video and discovery! you're a natural for deftly presenting complex ideas in a digestible manner; this is endlessly interesting, thanks for sharing :·)

Love your videos dude, thanks!

As a hearing impaired user, this was a really fun video to attempt to listen to.

Marcus, any thoughts on the frustration of the vulnerability disclosure process and how responsible disclosure was dismissed the the researcher had to prove their technical prowess? It looked like a no-win. From the story I heard he told the Devs and they dismissed it as something that wasn't a concern to them and had a less than productive discourse. Researcher posts results and a proof of concept and the Dev's are all bent out of shape that this happened. It didn't appear there was much way for the researcher to win, except let 'security through obscurity' reign.

Wait... This wouldnt happen to be the 3.8Tbps "ddos" cloudflare detected?

student here: so does this mean that this vulnerability for network-printer discovery gave access to these peoples networks or no? If so could someone explain how so.

"Obviously i not do this" Not sure how many ppl will create a botnet with some chatgpt knowledge just from your video about the cups exploit

Was IPv4 or IPv6 blast

Marcus's lawyer now: 👀! I feel a slight tingling in my arm.

"Hey guys look what I figured out how to do! Pretty cool huh? Guys?..."

You should have posted notice to these systems by sending a message to their printer.

A subset could be some distributed/microservice pdf/etc printers that were open to all instead of just the service/users they are supposed to provide capability for. Like an open bucket. e.g.: "hey, we need to have our xls export also output pdf, and I don't where to start, so I spun up a pdf printer docker and as networking is also not my cup of tea, opened the firewall. Task done, next ticket please!"

Now you gotta destroy another ransomware

Total noob here, but why would the systems have this port open in the first place? Is it for network printing or something along those lines? I wouldn't even know how to contact all of the authorities you had to, that is going above and beyond, well done sir.

Yeah FBI, he is at it again

is it already time to create the blackwall?

so unfortunate to know you just have 100k subscriber while I just came to know you as a WannaCry Hero.

Why are people not firewalling the cups port?!

Good video Marcus , thanks for sharing

I want to be like you when i grow up. I like how you do amazing things accidently😂

Still searching for the printer to finally pickup my printouts :D well done

Which ISP allows so many connections from one source?

Dude just accidently showed anyone how to ddos

id love to set up 2 servers on different network connections and see what the 30,000+ servers would do to a setup.

You Are my Hero!

Bro must like them awkward conversations with the alphabets boys 🤣

bro is building his own case file edit : his

yoo arnt u that geezer who stopped that one ransomware or smng

*4:34** Rookie mistake of not using a real language.*

Love your content, commenting for more

This might be the reason behind IA DDOS attack :(

The map with all the potential victims is definitely quite worrisome... Definitely something other malicious actors have definitely taken advantage of...

FBI warrant round 2

Mad how much of a ballache it is to connect to my OWN printer sometimes

Was that cloudflare mitigating your botnet last week? PC Per podcast said it was something like 8 gigabits per second.

I thought binding to 0.0.0.0 didn’t mean any address could connect but any local IP could service that port.

i’m just commenting to annoy the guy who got pissed at me for saying first

easiest botnet tutorial I've found, thanks for the information. now I must collect my billion dollars from the russian gobberment.

When will you make skynet?

thanks for that informative video. i really have to check if anything is port forwarded, which shouldnt be forwarded... ^^

Oh god I see myself on the map

Dam Africa is pretty secure

Did he just abuse a CVE 9.9 bug that was technically safe outside the local network?

Don't let the FBI see this video.😆

It's interesting. But I think there's a problem that another title for this video could be "How to DDoS without a botnet".

I’m not tech wavy how Di I check my own printer or wifi iv this vulnerability is patch able ?

Making the Case for Elixir, in the least practical way.

Does anyone know where can i find that ui that worked in the browser I saw it was soo cool Does anyone have idea or i fo where can i get that dashboard glob very cool ui ? I searched a while but didn't find anything yet ..

Oh No! Not again?! 😉🤷‍♂️

Pretty decent video other than the python statement being complete bullshit. I’ve made many pythons web servers that are capable of over 10GB/s on a single thread.

Ah, so it was YOU. FBI will be there shortly. ;)

A laughed my arse off all the way through this lol

Hi Marcus, love your content and your in-depth explanations. Your description how the binding IP address varies stuff is somewhat inaccurate/misleading. Was this deliberate comment bait for network nerds?