Posts by petef 120 posts • joined 13 Sep 2010
I have just had a reply from Motorola customer services confirming that my Moto G5S will not have its security level patched beyond its current Aug 2019 level. That is despite it being less than two years old. So my Bluetooth needs to remain disabled. A security level of Feb 2020 is needed BlueFrag can infect Android 8 or 9 without user interaction.
Android 8 and 9 are vulnerable to BlueFrag. That can steal personal data without the owner clicking anything. Android 10 is also affected but it only crashes Bluetooth, no data is stolen.
This is not directly related to the NHS app or Google's alternative but it spreads over the same channel. The only mitigation for BlueFrag on unpatched phones is to keep Bluetooth disabled.
The dodgy Android code was fixed in the Android security patch of Feb 2020. You can find out your patch level in settings, somewhere near the bottom usually.
My phone, a Moto G5S, is less than two years old but is only at an Aug 2019 security level. The Motorola web site confirms that is the latest. It seems that security updates end 24 months after the launch of a handset. So I leave Bluetooth off. I might consider short sessions in private.
https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/
It's not ESA but still https://xkcd.com/695/
I've been there. The colours were bleeding on my CRT TV so I got it down off its shelf, back off in front of a mirror, manual open to get going on static convergence. But the picture was fine. At that point I twigged that putting my HiFi speakers either side of the TV was not my brightest idea.
Why have Fidus gone public with this now? It is customary to give reasonable private notice so that security holes can be plugged before every skiddie is given a chance to exploit. According to Fidus they reported the vulnerability on the 18th and it was patched on the 19th. That is way too recent to have rolled out to all users. Fidus should have kept quiet.
One of the drivers behind ISO8601 formats such as YYYY-MM-DD and YYYY-DDD is that they are precisely defined in the standard and not in prior use. So they are fairly unambiguous. Users of the formats will know that MM ranges from 01 to 12 and DDD from 001 to 366.
Markus Kuhn has summarized ISO8601 though nowadays there is also Wikipedia.
I recommend https://feedly.com. Content is synchonized across all devices. You can import and export OPML when migrating from/to other readers.
Most people seem to be missing the point of these recent hacks. It is not important that the tool was Magecart, the language was JavaScript and the infected code was imported from a third party.
The server was compromised. The bad guys either exploited some as yet undisclosed weakness elsewhere on the server or did an inside job.
AIUI special relativity say that objects with non-zero mass cannot attain the speed of light because energy applied to them just makes them heavier. There is nothing to say that objects cannot travel at the speed of light or faster, just that they cannot achieve that state from sub-light speeds.
I use Notes at work and it is truly appalling. I have been objective and built a list of its faults which currently has 120 entries.What is the worst? Maybe that I cannot read webmail on my smartphone because most on my email is filtered into folders and Notes actively prevents you from reading them.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
SUBSCRIBE
Biting the hand that feeds IT © 1998–2020
