582: On the CUPS of Disaster

We explain the one-packet attack on CUPS and discuss its real-world implications. Plus, a Meshtastic update and more.

Sponsored By:

• Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Attacking UNIX Systems via CUPS — A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).
• Marcus Hutchins Scan finds 107,287 servers responding to the UDP port 631 — Instead of relying on Shodan data, I performed my own internet-wide scan using a distributed network of servers. This resulted in discovering drastically more exposed cups-browsed instances, causing my total count to rise from 13,289 to 107,287.
• Shodan on X: 75,000 exposed CUPS daemons on the Internet
• Annual Membership — Put your support on automatic with our annual plan, and get one month of membership for free!
• nodeboard — Your Ultimate Digital Inventory Manager
• Lightning Pay
• activate-linux — The "Activate Windows" watermark ported to Linux
• Install Frog on Linux | Flathub — Extract text from images, websites, videos, and QR codes by taking a picture of the source.
• Clapgrep — Ever had a folder full of PDF files, where you knew, somewhere in there, is what you're looking for. But you did not know in which file. So you had to search each of them at a time...