• 0 Posts
  • 22 Comments
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle



  • if you don’t need boosters.

    You can always get tested to see if you need boosters. However, there’s no harm to getting a booster and if your immunity level has dropped it’s a surefire way to make sure you are protected for the next 10+ years depending on what you got boosted for.

    Nobody is saying after getting the booster that you need to continue getting boosters for the same disease. 1 is enough to hopefully outlast this admin and insanity.

    MMR, in particular, would be a very good one to get as Measles appears to be back in force.

    I haven’t gotten a booster in 20 years and I’m due. I plan on getting them all.


  • Just reread it and no, it’s not a BT vulnerability. The “erase flash” command is something that has to be done by software running outside the BT stack. You can even see that inside the slides. The UsbBluetooth software is connected to the device with the flawed bluetooth chipset.

    The vulnerability is that if you have this chipset and compromised software, someone can flash the chipset with compromised flash. They even say that it’s not an easy attack to pull off in the article.

    In general, though, physical access to the device’s USB or UART interface would be far riskier and a more realistic attack scenario.

    In otherwords, the attack is something that can only be pulled off if there’s also a security vulnerability within other parts of the hardware stack.


  • cogman@lemmy.worldtoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    80
    arrow-down
    3
    ·
    3 months ago

    I just re-read the article and yes, you still need physical access.

    The exploit is one that bypasses OS protections to writing to the firmware. In otherwords, you need to get the device to run a malicious piece of code or exploit a vulnerability in already running code that also interacts with the bluetooth stack.

    The exploit, explicitly, is not one that can be carried out with a drive-by Bluetooth connection. You also need faulty software running on the device.



  • cogman@lemmy.worldtoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    3 months ago

    Security wise, unless you are being specifically targeted by someone, you are almost certainly fine. And if you are being specifically targeted, I think someone hacking your ESPs is the least of your worries. A malicious attacker that knows your physical location can do a lot more scary things than just spying through ESPs.


  • cogman@lemmy.worldtoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    180
    arrow-down
    16
    ·
    3 months ago

    You’re fine. This isn’t something that can be exploited over wifi. You literally need physical access to the device to exploit it as it’s commands over USB that allow flashing the chip.

    This is a security firm making everything sound scary because they want you to buy their testing device.


  • Sort of my feelings here. This isn’t like the FBI or CIA that actively go around trying to fuck people over. Airports wouldn’t function if they acted like that and politicians LOVE to fly.

    But also, the TSA is a place we need to defund and mostly dismantle. There’s no reason an airport needs so much security theater other than it makes rich people feel good. They need about as much security as a subway does (not much).

    That said, they aren’t first on my list for “defund the police”. That honor belongs to ICE.









  • So let’s be really fucking clear here on what Vivek and Musk want. It isn’t more immigration. They want disposable tech workers that they can ship back to their countries of origin when they misbehave. They want the power dynamic they have over H1Bs that they don’t have over US citizens.

    What Musk and Vivek can’t find isn’t “motivated” americans. They can’t find cheap american tech workers who have to take abuse or else they get deported.

    This is, BTW, why right wingers focus so heavily on border control but not employment enforcement. You could end 90% of undocumented workers today if you penalized businesses found employing them. And it’s real fucking easy to find those businesses. Go to just about any farm in the US.

    The reason for boosting ICE funding is so a business owner can turn to their undocumented employees and say “If you don’t fall in line, I’ll call ICE and deport your ass”. This allows them to issue all sorts of abuse at their employees that they can’t get away with for US citizens.

    This is why open borders or easy paths to citizenship is important.