ronark - Slashdot User

Submission + - Google and Intel Warn of High-Severity Bluetooth Security Bug In Linux (arstechnica.com)

Submitted by Anonymous Coward on Wednesday October 14, 2020 @07:42PM

An anonymous reader writes: Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information. The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published “soon.” A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth.

Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability. The advisory assigned a severity score of 8.3 out of a possible 10 to CVE-2020-12351, one of three distinct bugs that comprise BleedingTooth. “Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure,” the advisory states. “BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.” Intel, which is a primary contributor to the BlueZ open source project, said that the most effective way to patch the vulnerabilities is to update to Linux kernel version 5.9, which was published on Sunday. Those who can’t upgrade to version 5.9 can install a series of kernel patches the advisory links to. Maintainers of BlueZ didn’t immediately respond to emails asking for additional details about this vulnerability.

Submission + - Tesla Investigates After Parked Model S Appears To Explode In China (cnn.com)

Submitted by dryriver on Monday April 22, 2019 @06:13PM

dryriver writes: CNN reports on CCTV footage from China showing a parked Model S bursting violently into flames: "Tesla is investigating after one of its vehicles appeared to explode in China. A short video of surveillance footage posted on Chinese social media site Weibo (WB) showed white smoke emerging from what looks like a white Tesla car parked at a lot in Shanghai. After a few seconds, the electric vehicle bursts into flames and the clip ends soon afterward. The video, which was filmed just after 8:15 pm local time on April 21, appears to show a Tesla Model S sedan. It was posted on Chinese social media a couple of hours later and has since been shared widely. The clip attracted a mix of derision and outrage on Weibo. 'Us car owners demand an explanation,' wrote user Miao Hongyang. 'Jeopardizing our safety in a moment's instant and the fact it ignited so quickly is something we will not tolerate.' Another Weibo user registered under the name Your Dad, added: "One thing I've learned from this incident: from now on, don't ever park next to a Tesla.'"

Comment Offline mode (Score 1) 89

by ronark on Sunday May 04, 2014 @10:03AM (#46912847) Attached to: Google Shifts Editing From Drive to Docs and Sheets In 'Confusing' Switch

There is no offline mode. You can open a document, but if you try to edit it, the app will try to open the document in online mode. This is one of the most requested features, offline editing, so naturally Google ignores it.

Comment Better Than Before (Score 2) 58

by ronark on Thursday January 10, 2013 @01:54PM (#42549011) Attached to: OpenStreetMap Hits One Million Registered Users

Haven't been there in a while. The accuracy in my area (NEPA) was terrible. I had made some improvements, but became discouraged when someone reverted them to mimic what was on Google Maps. Google Maps in horrific in the NEPA area, so I was upset that my work was destroyed by someone who would just blatantly copy. After visiting today, it was nice to see that the NEPA area has been significantly improved. It is much more up to date than my Garmin at this point. It would be nice to get OSM on the thing if the accuracy is improving the way that it has for me. An encouraging project, I just hope that it doesn't get killed by the complaints that routinely get leveraged against Wikipedia.

Comment Re:Could be useful as well as interesting (Score 1) 460

by ronark on Sunday July 04, 2010 @08:02PM (#32794994) Attached to: Local Newspapers Use F/OSS For a Day

I've found that those kinds of people get replaced at decent companies.

Comment Re:Learning curve (Score 1) 460

by ronark on Sunday July 04, 2010 @07:57PM (#32794986) Attached to: Local Newspapers Use F/OSS For a Day

Tongue in cheek by the way. I've got to go read my APUE book.

Comment Re:Learning curve (Score 1) 460

by ronark on Sunday July 04, 2010 @07:55PM (#32794976) Attached to: Local Newspapers Use F/OSS For a Day

Worthless.

Comment Re:Freedom (Score 1) 569

by ronark on Monday October 12, 2009 @09:36AM (#29718707) Attached to: BSA Says 41% of Software On Personal Computers Is Pirated

> ZinePaint

Never heard of it, which is a problem with FLOSS software, it doesn't get the same marketing.

> Font Forge

Fontlab Studio. Never tried it, but it came up in Google on my first search.

> Pidgin

Pidgin is crap for one, but not the question. Trillian is much better, and both free and non-free.

> Firefox

Slow but not the question (Chrome or Iron are great). There are no non-free browsers of significance.

> Apache (Duh, IIS isn't)

That's your opinion, which is worthless. Apache can't do ASP.NET so it doesn't compare to IIS. IIS7 is excellent by the way, try it. I prefer Apache for some things, IIS for another, as each has its strengths (IIS being great internally where it's less open).

> SQLite

Using SQLite will prevent a company from getting government contracts. Government agencies want SQL Server because it is remote (SQLite is machine local), and is in fact highly secure for their purposes (my company has a lot of experience in this department).

> Windows as a server OS?

Windows Server 2003 and 2008/R2 are fine if you know how to set them up (same as Linux/UNIX/Solaris). You need Windows Server for Exchange and AD, Samba simply isn't there yet for large organizations with multi-domain setups and integrated Exchange (again, my company's experience is here). I do hope Samba gets there someday and for a free Exchange alternative that does email, calendar, meetings, scheduling, etc.

> Without LVM and software RAID?

Don't do software RAID. Do hardware RAID with SAS. I don't bother with LVM, it isn't necessary in any setup I've ever seen.

> Solaris with ZFS...

Is dying, and can't support a Windows network setup. I only use Solaris in Windows environments for DNS and routing.

> I'm a troll today

That's fine, just take it easy and remember that Linux and FLOSS are not the solution to every problem and simply never will be.

Comment Re:well let's stop right there. (Score 1) 554

by ronark on Monday May 18, 2009 @08:42AM (#27995239) Attached to: Mozilla Preparing To Scrap Tabbed Browsing?

I'm using Chrome 2.0.180.0 with the Adsweep extension. You can become a fanboy now.

Comment Re:Control (Score 1) 327

by ronark on Tuesday December 02, 2008 @03:13PM (#25964817) Attached to: Replacing Metal Detectors With Brain Scans

Stop asking questions! The technology works perfectly. You should have no reason to hide your biometric readings if you're not a terrorist anyway.

Slashdot Top Deals