is this exploit over hyped? (9.8 CVSS btw)

preview_player
Показать описание
Go show Simone some love. Also, disable cupsd.

  1. Low Level
  2. hacking
  3. cybersecurity
  4. computers
  5. hackers
  6. apple
Рекомендации по теме
is this exploit 0:13:50

is this exploit over hyped? (9.8 CVSS btw)

Sheet mask HACK 0:00:23

Sheet mask HACK for a perfect fit. You NEED to try this! | Dr Adel #shorts

1.1 Million score 0:00:16

1.1 Million score in 15 seconds | Snapchat score hack | Free | IOS & Android

Mrunal Panchal CAUGHT 0:04:02

Mrunal Panchal CAUGHT LYING & EXPLOITING her Customers| Over-Priced & Over-Hyped?

trying the viral 0:00:15

trying the viral tattoo hack

Can A Flipper 0:00:44

Can A Flipper Zero Hack A PHONE? #Shorts

My BIGGEST Dairy 0:00:20

My BIGGEST Dairy Queen ice cream hack

Viral Eyelash Hack 0:00:08

Viral Eyelash Hack 🤞

Throne and Liberty 0:02:33

Throne and Liberty - CASTLE SIEGE HYPE | Universal Basic Income Alliance | Xeroth Server

Quick HACK for 0:00:35

Quick HACK for a perfect SKIN texture! #drawing #oppenheimer

I HIRED A 0:09:06

I HIRED A Da Hood Egirl & Trolled Her WITH EXPLOITS! *She Cried*

HACK To WIN 0:00:30

HACK To WIN at a Rigged Claw Machine #shorts

Foot Peel Mask 0:00:33

Foot Peel Mask || TIKTOK HACK || #shorts

Best mom and 0:00:09

Best mom and dad hack! How to prevent baby poop blowouts! #mom #momhack #lifehack #hack

trying the CRAZY 0:00:55

trying the CRAZY pineapple HACK!!

Nintendo Switch secrets 0:00:36

Nintendo Switch secrets 🤫. Free games hack!

Hyperrealistic Cake Hack! 0:00:25

Hyperrealistic Cake Hack!

Try this Hair 0:00:24

Try this Hair Hack Tomorrow ✨🫶🏼✨ #hair #hairstyle #shorts #longhair #haircare

Viral Eyelash Hack 0:00:16

Viral Eyelash Hack #makeup #makeuphacks #viralvideo #eyelashhack #eyelash #liner #shorts

✨EASY HACK✨ to 0:00:16

✨EASY HACK✨ to crop your tank tops WITHOUT cutting it! 🙅🏼‍♀️👀 #shorts

Useful styling hack 0:00:35

Useful styling hack #stylehacks #stylinghacks #styling #jeans

Have you ever 0:00:16

Have you ever tried this?? Nutella Food Hack

This Eyeliner Hack 0:00:59

This Eyeliner Hack is a GAME CHANGER! Perfect for Mature Eyes!

Lipstick on Pigmented 0:00:14

Lipstick on Pigmented Lips!? Try this HACK ✨ #shorts #makeup #makeuphacks

Комментарии
Автор

So, just to clarify for myself, if I (roughly) understood how this works:

Attacker: Hi, I am a printer!
Victim: Hi, nice to meet you, what files can you print?
Attacker: I support the ThisIsAVirus format.
Victim: Oh, interesting. How do I decode that file format?
Attacker: It's super easy, barely an inconvenience, here you have the appropriate ExecuteThisVirus decoder.
Victim: Thanks, I will implement the ExecuteThisVirus decoder the next time I need to print something.

highdefinist
Автор

This is why Windows is more secure. Printers just never work on it.

keyboard_g
Автор

RIP HP Printer. You didn't achieve much at all.

krityaan
Автор

printer autoconnects to new PC
normal person: oh cool
security researcher: *squints*

sush
Автор

I tried watching this video but I ran out of cyan

keco
Автор

Wow, executing arbitrary commands *by design*.

AlexSwanson-rwcv
Автор

Released 25 years ago, approaching net security like it was still Arpanet days. Way to go CUPS!

mattilindstrom
Автор

I will call this the '2 hackers 1 CUPS` CVE.

RobertFerentz
Автор

But... the important question is of course... does this exploit work on Tuesdays?

Uerdue
Автор

I find it funny how the internet just assumes that businesses never expose unnecessary services to anybody in their networks or the internet and that your usual employee would never ever consider clicking messages away or use the wrong printer that magically appeared in their settings. Good luck!

marianarlt
Автор

I feel a fun little honeypot idea coming up by setting up a dummy cups server, expose it publicly and see what kind of printers get added

rbgtk
Автор

This is pretty bad for places where you are already on the network like universities. You'll hop on to other systems from your primary ingress point.

engineeranonymous
Автор

...And as I'm watching this, my Mint updater pushes a CUPS update...

truckerallikatuk
Автор

I hope this gets a fix soon instead of everyone just disabling browsed, because IPP Everywhere (the stupidly-named protocol that enables this) is honestly the best thing to ever happen to printers for Linux users. It's basically a simple extension of IPP that instead of just allowing the printer to advertise itself but still need a vendor-specific driver unless it's some huge PostScript-enabled office machine, there's now a standard raster format printers are required to support that uses a driver that CUPS has built in. This isn't even a new thing - a large number of network printers have implemented it for well over a decade now, but software support only started appearing recently. Of course, the entire point of the protocol is that the printer doesn't need to instruct CUPS to execute any specific commands, just advertise support for a data format that it already knows how to handle, so it may be enough to just block foomatic-rip execution for PPDs loaded from the network (it sounds like the feature can't be removed altogether, but other use cases would involve a PPD provided by a locally-installed driver package that is more trusted).

ailivac
Автор

If you're ever in the market for a printer, get a brother. Those things are so easy to use and they just work no matter the OS, except Android which requires mopria, but that's just android being weird.
I had my printer up and running within 10 minutes and that was it. No custom bloatware or Linux incompatibility.
I can't rate my experience with brother highly enough.
The only silly thing is that it makes my power flicker when it runs but I just unplug the printer when im not using it.
If you dont use color then get a b+w laser printer. If you only print color once every 5 years you can just go to a store and get it printed, the $.15 a page or whatever will likely be cheaper than buying color ink anyways, or you can get a color lazer printer by brother, so you dont have to waste ink because toner doesnt dry out.

JessicaFEREM
Автор

im currently taking cybersecurity classes and i cannot explain how happy i got understanding what CVSS actually means
thank you for these videos btw!

jademonass
Автор

While reading the blog before most of the technical stuff went over my head but i did understood that the attacker needed to disguide the system as printer using port 631 and the vitcim needs to use it for it to work, so 9.9 CCVE obv didn't made any sense for a normal user however it does make sense for companies where there are more printers and its easier to disguise… and a company would also be the one to take the most damage of off the attack…

FurqanHun
Автор

Clarify, that script is executed as whatever the cups daemon user is. (nobody on most places). So all it does by itself, at most, is to execute a random script as the same user as the cups daemon. This is usually the first stage of an ownage, but just to clarify.

framegrace
Автор

Me and my product manager just talked about implementing a cve tracker for our custom cups project and thought it was low priority xD. The timing

connorkolan
Автор

Bluetooth has gotten really unsafe to use in my neighborhood.
I had an ESP 32 device kick my headset, spoof the headset. set up a virtual LAN connection, and then started trying other vulnerabilities before i caught it. It spread to 2 other systems on my network. And started trying to exfiltrate data.
Stay off bluetooth. Its not worth the convenience.

VioFax