Microsoft's June Patch Tuesday release included a critical fix affecting all Windows Vista and XP systems, which could allow attackers to wirelessly steal confidential information from laptops by exploiting a flaw in the Bluetooth stack. The Bluetooth stack flaw, detailed in Microsoft bulletin CVE-2008-1453 and rated 'critical', could allow an attacker to take complete control of an affected system, install programs, alter data or create new accounts with full user rights.The MS08-030 patch modifies the way that the Bluetooth stack handles a large number of service description requests. Microsoft recommends applying the patch immediately and security experts advise users to turn off Bluetooth features until the patch has been applied. Matthew Aburn, director of security consultancy Halcyon, said the flaw was particularly dangerous because hardware manufacturers usually set the factory default for Bluetooth as 'active'.
Link: Microsoft KB Article MS08-030
View: Full Article @ ZDNet
So you've got to:
a) Have a computer with BlueTooth Capabilities or a BlueTooth dongle
b) Be within 10m of someone with a computer ALSO with BlueTooth or a dongle
c) Be within 10m of someone with a computer that has BlueTooth or a dongle that has the knowledge and ability and software to access your computer by manipulating the BT stack.
The chances? Slim to none. This is a little sensationalist for something that won't happen to 99.999999% of anybody.
Retracted due to overwhelming disagreement
Last edited by El Sid on 11 Jun 2008 - 21:14
b) some laptops (including mine) turn both wireless and bluetooth on together so when you're out in public if you use a wireless network you also have bluetooth on
c) ok, i'll admit the chances are slim but it could happen
c) Be within 10m of someone with a computer that has BlueTooth or a dongle that has the knowledge and ability and software to access your computer by manipulating the BT stack.
The chances? Slim to none. This is a little sensationalist for something that won't happen to 99.999999% of anybody.
Yeah, he's gonna be in black-hat heaven. This is good advice and awareness for users, don't make it sound like it could never happen.
I think this is directed a businesses, and laptop users. It says in the article that laptop users need to be aware. Since most people take there laptops to coffee shops & other wifi hotspots, it would be quite possible for this to be a security issue.
Ah, okay, so sticking with the Starbucks explanation others have used, some people might take advantage of the wifi to check their email, etc, and then turn bluetooth on to sync their smartphones.
...which is still a very, very small window of time for the attacker to make his move if you turn off bluetooth once it's done, but meh. Maybe you forget and leave it on while you waste time downloading last night's Colbert Report?
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.