Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patched MS Bluetooth Flaw Exposes Even Disconnected PCs

Posted by Soulskill on from the you-are-the-one-neo dept.

An anonymous reader writes "Among the 22 security holes Microsoft issued updates to fix yesterday is a critical kernel-level Bluetooth flaw that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network. An attacker could use the bug to gain access to any unpatched, Bluetooth-enabled Windows Vista or Win7 computer within 100 meters (or much further with specialized tools), all before the target system even gets an alert that another computer is requesting a Bluetooth connection."

6 of 147 comments (clear)

  1. Confusing by Haedrian · · Score: 4, Insightful

    "even when the targeted computer is not connected to a network."
    "target would merely need to have Bluetooth turned on."

    Meh, not as scary as I thought. You shouldn't be running around with bluetooth on anyway. Also, if you're using a 'hidden' connection there's no real way for an attacker to find you is there?

    So basically computers at risk are those who always leave bluetooth on and shown to everyone. Which unless you're trying to connect to a new device should be NEVER.

    1. Re:Confusing by bmo · · Score: 1, Insightful

      And this is how Microsoft gets away with this crap.

      It's always "blame the user"

      Got a virus? "you didn't use the right virus protection"
      Got spyware? "You shouldn't have gone to that porn site"

      etc.

      While there is no patch for stupid, there are ways to protect the user that don't involve encasing a machine in concrete and dropping it at the bottom of the Marianas trench.

      --
      BMO

    2. Re:Confusing by kevinmenzel · · Score: 2, Insightful

      Yeah, there are ways of protecting the user. WHICH IS WHY THEY PATCHED THE HOLE. This isn't an unpatched vulnerability. The title even notes that this vulnerability was patched. They found the hole. They patched the hole. No more hole. No more trench. No blaming the user.

      The only way a user would be vulnerable to this, is if they never updated. At which point, hell yeah, blame the user.

    3. Re:Confusing by peppepz · · Score: 3, Insightful

      You shouldn't be running around with bluetooth on anyway.

      Actually, I should be able to, because it's useful.
      It's my OS that should drop any packet I'm not interested in. Machines are supposed to do the work for me, not the opposite.

  2. Re:XP by Haedrian · · Score: 1, Insightful

    Right so basically.

    "If I want to use lots of complicated or modern features, I need to use Windows 7"

    But if I just want to chat with my buddies, browse the internet and write a document once in a while, and don't want to try linux XP is fine. Until it gets an open exploit which never gets closed.

    Most of the public doesn't use SSDs, doesn't need volume for each application nor does it need GPU accelerated rendering.

  3. Re:Consequences? by bloodhawk · · Score: 2, Insightful

    Sooooo you expect highly secure devices in military installations, cash machines, banks etc are blue tooth enabled and you think MS is the one that doesn't have a clue?