overview for bless

It means they can impersonate the Bluetooth device connected. Input devices are particularly concerning (keyboards and mice) as well as BT IoT devices which already historically lack good security controls. A lot of vehicles have Bluetooth integrated as well these days.

2

Bluetooth security flaws reveals all devices launched after 2014 can be hacked (lemmy.world)

submitted 7 months ago* (last edited 7 months ago) by bless@lemmy.world to c/hacking@lemmy.ml

0 comments fedilink

Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

Bluetooth security flaws reveals all devices launched after 2014 can be hacked by bless in c/cybersecurity@lemmy.capebreton.social

[-] bless@lemmy.world 10 points 7 months ago

Haha I like the spirit but that's not really a fix that's just avoidance.

70

Bluetooth security flaws reveals all devices launched after 2014 can be hacked (lemmy.world)

submitted 7 months ago* (last edited 7 months ago) by bless@lemmy.world to c/cybersecurity@sh.itjust.works

5 comments fedilink

Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

Access home server from anywhere by bless in c/selfhosted@lemmy.world

[-] bless@lemmy.world 45 points 7 months ago

I would go with wireguard VPN or something like cloudflare tunnels or tailscale. With wireguard you'll need to open up an external port and forward to your VPN host, but wireguard uses UDP so no one can probe it for responses. CF tunnels and tailscale you don't have to open up holes in your firewall which is nice.

You also have the option of using a proxy and opening up 443 publicly on your firewall, but unless you know what you're doing I'd leave that closed until you learn more.

104

Bluetooth security flaws reveals all devices launched after 2014 can be hacked (lemmy.world)

submitted 7 months ago* (last edited 7 months ago) by bless@lemmy.world to c/cybersecurity@lemmy.capebreton.social

18 comments fedilink

Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.
The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.
Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

35

Bluetooth security flaws reveals all devices launched after 2014 can be hacked (lemmy.world)

submitted 7 months ago* (last edited 7 months ago) by bless@lemmy.world to c/cybersecurity@infosec.pub

1 comments fedilink

Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.
The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.
Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

Setup a DNS server on a dynamic public ip by bless in c/selfhosted@lemmy.world

[-] bless@lemmy.world 5 points 7 months ago* (last edited 7 months ago)

I would get a domain name and use ddns to update your rotating IP. Then I would setup wireguard VPN in split tunnel and have your parents network tunnel back to your piholes for dns resolution.

I use cloudflare API for ddns updates but there are plenty of choices for that. If you're using cloudflare for DNS just keep in mind you can't proxy the DNS entry for the ip for your VPN host as CF only forwards traffic over certain ports and they are not configurable (on free plan anyway not sure about paid).

11

Ardent Hospital ER's Disrupted in 6 States After Ransomware Attack (www.bleepingcomputer.com)

submitted 7 months ago by bless@lemmy.world to c/cybersecurity@sh.itjust.works

0 comments fedilink

Looks like it hit on Thanksgiving

51

APD releases suspect photos from shooting incident at Coronado Mall on 11/24/23 (lemmy.world)

submitted 7 months ago by bless@lemmy.world to c/abq@lemmy.world

8 comments fedilink

Looks very young