#bug

anonymiss@despora.de

#BLUFFS: #Bluetooth Forward and Future Secrecy Attacks and Defenses

Source: https://francozappa.github.io/post/2023/bluffs-ccs23/

TL;DR: If you are within range of a Bluetooth connection, you can force both devices into an insecure #encryption which can be cracked using brute force. The #workaround is to reject weak encryption via #software. Since there are never #updates for devices that have already been sold, any Bluetooth #connection with an old device must be considered insecure. Bluetooth can be monitored up to 100 meters with special antennas.

#bug #fail #security #hack #warning #danger #problem #update #news #CVE-2023-24023 #smartphone #vulnerability

anonymiss@despora.de

'I was #kidnapped by my runaway electric #car'

source: https://www.bbc.com/news/uk-scotland-67005620

He was also asked to hold the power button for a couple of seconds which also failed to stop it and the entire dashboard lit up with faults.

...

Police were forced to stop the runaway car by allowing it to slowly crash into their police van.

If you think why didn't he pull the handbrake, then you've never been in a modern electric car. Everything works via software, including the handbrake. There are no more mechanical controls. Since we all know how badly modern #software is developed and tested, as this example impressively shows, the #question remains why there is no #emergency switch that disconnects the #battery from the #engine?

#Bug #traffic #danger #crash #problem #fail #economy #security #news #police #error #disaster #technology

anonymiss@despora.de

#Qualcomm warns of extensive #security #vulnerabilities in drivers for its chips ...

source: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2023-bulletin.html

Please contact the device #manufacturer for information on the #patching status of released devices.

Thanks for this useless hint, because the vast majority of older #Android devices never receive a #patch.


#software #bug #danger #warning #problem #fail #news #smartphone #wifi

anonymiss@despora.de

CVE-2020-19909 is everything that is wrong with CVEs

source: https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current #system with #CVE Ids and lots of power given to #NVD is a completely broken system.

#software #security #problem #bug #risk #news #fail

anonymiss@despora.de

Hundreds more flights cancelled in fallout from #UK air #traffic #control #failure

source: https://www.theguardian.com/world/2023/aug/29/air-passengers-face-further-delays-after-uk-air-traffic-control-failure

“Our systems, both primary and the backups, responded by suspending automatic processing to ensure that no incorrect safety-related information could be presented to an air traffic controller or impact the rest of the air traffic #system. There are no indications that this was a cyber-attack.”

So just crappy #software that was cheaply cobbled together without #security.

#technology #flight #problem #fail #economy #news #cyberattack #bug #backup

magdoz@diaspora.psyco.fr

#Bug sous #firefox, non résolu ?
firefox : ouverture de blank à partir de moz-safe-about:blank

Je trouve ceci sur le net, mais lu à peine, car ça 4 ans déjà...
https://bugzilla.mozilla.org/show_bug.cgi?id=1575229

Cela vous arrive aussi parfois, d'avoir une fenêtre qui s'ouvre, lors de l'accès à un site, qui vous propose d'ouvrir le fichier blank ?
Si j'ouvre, j'obtiens un lien du type : file:///tmp/mozilla_moi0/dMwB6j4Y.html et page blanche.

Y a moyen de stopper ça ?

anonymiss@despora.de

#3D #printer #nightmare fuel: Bambu X1C and P1P started printing while owners were asleep

source: https://www.theverge.com/2023/8/16/23064592/bambu-print-asleep-cloud-outage

What happened? In an official blog post, #Bambu says it’s still investigating but suspects that a #cloud outage is to blame. The company says its servers had two brief outages on Tuesday morning where the servers couldn’t confirm that the printers had actually printed — but instead of failing gracefully, they wound up sending the same print job again and again until it went through, Bambu’s staff believes.

#bug #news #software #fail #hardware #economy #support

anonymiss@despora.de

#Microsoft comes under blistering criticism for “grossly irresponsible” #security

source: https://arstechnica.com/security/2023/08/microsoft-cloud-security-blasted-for-its-culture-of-toxic-obfuscation/

Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial #fix—and only for new applications loaded in the service.

#Azure #problem #software #bug #cybersecurity #econemy #cloud #news

anonymiss@despora.de

Easy-to-exploit local privilege escalation vulnerabilities in #Ubuntu #Linux affect 40% of Ubuntu cloud workloads

source: https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability

CVE-2023-2640 and CVE-2023-32629 were found in the #OverlayFS module in Ubuntu, which is a widely used Linux #filesystem that became highly popular with the rise of containers as its features enable the deployment of dynamic filesystems based on pre-built images. OverlayFS serves as an attractive attack surface as it has a history of numerous logical vulnerabilities that were easy to exploit. This makes the new discovered vulnerabilities especially risky given the exploits for the past OverlayFS vulnerabilities work out of the box without any changes.

#security #os #software #update #bug #problem #news #exploit #hack #hacker #server #vulnerability