• 2 Posts
  • 16 Comments
Joined 1 year ago
cake
Cake day: June 22nd, 2023

help-circle











  • Perhaps images, video, font etc. rendering could be compromised?

    Yes, it already happen in the past. Also the Wi-Fi and Bluetooth stack got exploited, like multiple kernel drivers.

    But it shouldn’t be a matter of “in the past was X exploited?” but more on having a correct security posture.

    Honestly if you are arguing about wasting a “perfectly working phone” you should blame it on the vendor, especially Android devices vendors have this let’s say “defect” of dropping the support after 4/5 years.

    Also not going to talk about custom ROMs (with the super rare exclusion of some) managed by god knows who, without any security team behind.

    Since even the NFC and Cellular Network stack got vulnerabilities the only way you would consider an old phone “safe” to use is just turning it into the equivalent of a local ARM server.

    Also pretty fun seeing the replies in the original post talking about how Google Play store shouldn’t have malware on it.







  • Is this, by any chance, originated from the sub called ignore me? In that case is probably my bad because is set as the image of the channel. I was playing with lemmy in the previous version and forgot about it, sorry.

    I created that channel to investigate why the lemmy instance was hanging every time there was a symbol in the URL, added that URI as icon for fun and forgot about it.

    That alert appears because your browser is trying to load an image with that path, nothing dangerous or remotely exploitable, don’t worry.

    Edit: I removed it so you shouldn’t see the alert anymore.

    P.S. no, it’s not trying to steal anything, it’s your browser trying to load that file as an image but instead of being let’s say this url: https://beehaw.org/pictrs/image/c0e83ceb-b7e5-41b4-9b76-bfd152dd8d00.png (this sub icon) , it’s this one file:///etc/passwd so you browser is doing the request to your own file. Don’t worry, nothing got compromised.

    /cc @[email protected]