 So I wanted to talk real quick about the Pewdiepie printer predicament and no I'm not a big fan of the whole controversy or whatever they're doing. It's it's amusing. It's pop culture Pewdiepie is the most subscribed YouTube channel on the internet T-Series is the second most subscribed YouTube channel on the internet and they are Income I guess pseudo in competition with each other. So the fans of Felix are now trying to gain more subscribers and where this gains interest to me is Is the methodology that someone called the hacker giraffe took so What this person had done was found a bunch of open printers Now I have actually covered this Because the news got a lot of this wrong and reached out to the news people they don't They're so busy looking for the next story. They didn't even reply to me when I sent this to them a long time ago When threats were sent out and ransom notices sent out to printers via the internet And I broke down some of the technical details back in June 19th of 2017 Because these printers are just left open to the internet. Now everyone's thinking it's some massive blah blah blah attack in reality is Anyone who has heard of shodan.io and types the words port colon 9 1 0 0 in parentheses here you can find and this is just one port by the way This is not all the printer ports. This is just a common one 586 1850 results now what these are is printers Not guaranteed to every one of these as a printer, but I'm gonna bet a lot of them are printers If you're not familiar port 9100 is the hpjet direct port and this hpjet direct port is left open to the internet because of I don't know bad it policies or not knowledgeable people who say I need to print from one office to another And we don't want to do vpn. That's complicated So we're just going to send things over port 9100 and we're just going to open it to the internet Well, unfortunately, you're opening it to other people and that's what was done here So hacker draft decided to increase People subscribing to poody pie. He would this is he sent out lots of print jobs Lots and lots of print jobs. I think over 50,000 To all these random printers now. We don't really know where these printers are I mean you can try to infer based on different ip addresses where they might be But you don't necessarily know and this was of course a mess of internet printers being sent this Subscribe to poody pie channel which caused mass confusion and everything else now This is a problem and I want to talk about a little bit how the problem occurs and still occurs And we've had to deal with this directly ourselves And this drives me nuts. So there are methodologies That are better than this there's vpns You can have so printers can be worked for more offices. Well, in fact, we've set these up with clients, but We have dealt with companies that are in the fortune 500 list now They're not our clients our clients service some of them in the transportation sector They tell us to do things like open up port 9100 across the internet because that's how they do it So it's not like just your average Some it guy that doesn't know what he's doing It dude, it's like hey, I'm just going to open up this to the internet. It gets much worse It's these large companies that have not bothered and I I almost want to send a scathing email to their security people Who by the way, I looked up and it was emailing back and forth with the person had security in their title at the Place that they think opening up these ports is just fine And i'm just like how do you Like how is it do you guys have made the fortune 500 list but not developed? I don't know an app a raspberry pi even my friend who works at the hospital They have their own custom developed apps so they don't have to deal with vpns all the time That is basically a cloud-enabled SSL secured app that you can send print jobs to and then a local raspberry pi brings them back to the printer I mean there's completely methodologies Here in 2018 to get around that you can't just call People and vendors and go hey open up port 9100 and yet they do Uh, the other people that we see this a lot and this has been another aggravation for us and we've done what we can We took over some Salons and I not going to call out the salon software because it would then alert you to anyone you know using it You can their printers are wide open But there's some salon software that works cloud enabled by doing rdp and instead of using rdp print services because that's difficult They decided to use instead Opening up port 9100 on every salon. They just open it to the internet. They tell them which printers to buy Um And when you do a print job it just sends it to that ip address over the internet without filtering. They just open up the firewall Lots of salons don't have nice filtered firewalls that block Other than certain ip addresses. They don't offer that as a service And we've run into this and we've put better firewalls in because they some of them Just started getting junk coming through their printers all the time. This is absurd here in 2018 But it's there's a lot of companies doing it. It's unfortunately led to this Now if you want to experiment and it's on your own network on things and devices you own one You can always check your external ports and you can scan yourself to see if you're open or have something open It's a good thing to check for your clients because you know, you don't want these problems on there audit the firewall rules Then we have the printer exploit toolkit And i'm gonna leave a link to this because it's also Interesting because this is the things you can check on your own network and this is what was used they they break down Inside of your own network, of course Please and networks you own that you have permission to do this on You can do things like test the probability of printers you have What can be done and it's it's a good exercise in security As you're understanding what can happen on a network and you know, we do this when we've come in and taken over networks We've run into clients who've had their entire guest network because they have a public venue And they've left all their printers exposed on there Which a great no one did it yet But uh through a quick scan of some of this and testing it like you can start see what threat models are there Based on this and you're thinking but it was just a printer It's a lot more than that when you look at what this toolkit can do It's a lot more than sending print jobs and it becomes an edge case into some networks There was even a case of a certain printer that had a Bridging option so if you got into it via wi-fi it would bridge into a private network So you really have to you know, think about these and this is also There's so much knowledge you can drag into on this There's a lot to learn but there's a lot of security threats that can come from just opening a printer Um, so some people think about that from the security aspect As opposed to the amusing aspect of people trying to get a putty pie to be the most subscribed person on youtube, which is novel and pop culturey and That's as much fun as I have with it. Thanks Thanks for watching. If you like this video, go ahead and click the thumbs up Leave us some feedback below to let us know any details what you like and didn't like as well Because we love hearing the feedback or if you just want to say thanks leave a comment If you wanted to be notified of new videos as they come out Go ahead and hit the subscribe and the bell icon that lets youtube know that you're interested in notifications Hopefully they send them as we've learned with youtube Anyways, if you want to contract us for consulting services You go ahead and hit launch systems.com and you can reach out to us for all the projects that we can do and help you We work with a lot of small businesses it companies even some large companies And you can farm different work out to us or just hire us as a consultant to help design your network Also, if you want to help the channel in other ways, we have a patreon. We have affiliate links You'll find them in the description. You'll also find recommendations to other affiliate links and things you can sign up for on Lawrence systems.com. Once again, thanks for watching and I'll see you in the next video