I do hope that they were only scanning public repos and not private.
136 posts • joined 13 Sep 2010
I wonder how well Hold For Me performs. I have had too much experience recently of contacting utilities, etc on behalf of an elderly relative. The general pattern is to play muzak for a bit and then tell you how important your call is to them. I had my hopes raised the first few times, I don't think a bot would fare much better. The worst was AA insurance who I gave up on after 45 minutes on hold. Their repeated message was "we are here for you 24/7", patently not. They eventually responded to my earlier email after two days. I say the worst but I am into my third month of waiting for BT to switch to the Basic account we are entitled to.
Leaving aside support for Android 5 and earlier, Android 6 to 9 are vulnerable to click-free exploitation by BlueFrag if you turn on Bluetooth as required by the app. Android 10 can only be DOSed.
Security patches may be available, a security update of March 2020 addresses the issue. Unfortunately my Moto G5s is two years old and security updates stopped at August 2019. Customer support told me that no more security updates will be released. YMMV.
I have no other need to enable Bluetooth so I am left with a dilemma. Risk infection of my phone or myself and others. Proof of concept code for BlueFrag is publicly available so even skiddies can write exploits.
The app will not allow me to scan a QR code if Bluetooth is disabled, dumb logic.
In the early days of Unix on PCs (Interactive Unix, pre Linux) my team had 386 workstations. My colleague asked me to remove my user account from their machine to free up space I did that but left just a login with a home directory of root. That should have been that but the owner then decided to completely remove my account, blithely answering yes to questions such as remove home directory. The re-install involved a box of floppies.
Yes but as the saying goes it is not Toshiba's fault but it is its problem.
I could eke out more life by installing SSD. I did that with my old MacBook Pro as Apple were ahead of Microsoft on heavy disk I/O. But the keyboard is flaky and the battery needs replacing again.
On my personal laptop I happily run Arch Linux + LXQt on what is now venerable hardware.
I have just had a reply from Motorola customer services confirming that my Moto G5S will not have its security level patched beyond its current Aug 2019 level. That is despite it being less than two years old. So my Bluetooth needs to remain disabled. A security level of Feb 2020 is needed BlueFrag can infect Android 8 or 9 without user interaction.
Android 8 and 9 are vulnerable to BlueFrag. That can steal personal data without the owner clicking anything. Android 10 is also affected but it only crashes Bluetooth, no data is stolen.
This is not directly related to the NHS app or Google's alternative but it spreads over the same channel. The only mitigation for BlueFrag on unpatched phones is to keep Bluetooth disabled.
The dodgy Android code was fixed in the Android security patch of Feb 2020. You can find out your patch level in settings, somewhere near the bottom usually.
My phone, a Moto G5S, is less than two years old but is only at an Aug 2019 security level. The Motorola web site confirms that is the latest. It seems that security updates end 24 months after the launch of a handset. So I leave Bluetooth off. I might consider short sessions in private.
I've been there. The colours were bleeding on my CRT TV so I got it down off its shelf, back off in front of a mirror, manual open to get going on static convergence. But the picture was fine. At that point I twigged that putting my HiFi speakers either side of the TV was not my brightest idea.
Why have Fidus gone public with this now? It is customary to give reasonable private notice so that security holes can be plugged before every skiddie is given a chance to exploit. According to Fidus they reported the vulnerability on the 18th and it was patched on the 19th. That is way too recent to have rolled out to all users. Fidus should have kept quiet.
One of the drivers behind ISO8601 formats such as YYYY-MM-DD and YYYY-DDD is that they are precisely defined in the standard and not in prior use. So they are fairly unambiguous. Users of the formats will know that MM ranges from 01 to 12 and DDD from 001 to 366.
The server was compromised. The bad guys either exploited some as yet undisclosed weakness elsewhere on the server or did an inside job.
AIUI special relativity say that objects with non-zero mass cannot attain the speed of light because energy applied to them just makes them heavier. There is nothing to say that objects cannot travel at the speed of light or faster, just that they cannot achieve that state from sub-light speeds.
Biting the hand that feeds IT © 1998–2020