Quebec government closes websites

December 2021
S	M	T	W	T	F	S
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Hide threads | Keyboard Shortcuts

Kate 14:17 on 2021-12-12 Permalink Reply
Quebec government closes websites
Quebec has shut down some of its government sites following an information leak which has also affected other sites around the world.
Initially I headlined this post “Quebec government sites hacked” but that’s not a fair description of the situation. (The headlines are not visible on the site itself, but show up on Twitter and in the “Recent Posts” list in the sidebar. I do this because I mostly write short posts and it looks terrible with a headline every few lines.)
Update: Saw a tweet saying the city is also closing some web services while this software security weakness gets patched up.
Ian, dhomas, and Mark Côté are discussing. Toggle Comments
- Mark Côté 15:32 on 2021-12-12 Permalink
  It’s one of the biggest security bugs in the last decade, maybe ever. Update your Android phones (and Minecraft installations, etc.) now!
- dhomas 15:47 on 2021-12-12 Permalink
  Log4Shell, as the vulnerability has been dubbed, is definitely a huge security threat. However, Android as an OS does not use the technology affected by it, Log4j. In fact, since it is a Java technology and Android does not natively run Java, it is very unlikely that any client side applications will be affected either. This is definitely a good thing as Android is notorious for having vendors that do not provide updates for their devices. So, nothing really to do on your Android phones. 🙂
  If you run any servers with applications open to the Internet (like a Minecraft server), you should definitely check if any of them use Log4j. You mighty not know if they do since it’s mostly an internal logging system, so definitely check it out.
- Mark Côté 15:49 on 2021-12-12 Permalink
  It’s a funny coincidence that there was an update available for my Pixel today then….
- dhomas 16:14 on 2021-12-12 Permalink
  I could be wrong, but I’m pretty sure Android as an OS is unaffected by Log4Shell as are most applications running on Android.
  As for the Pixel update, Google updates the Pixel line very often, usually once a month. I saw in the release notes that a different RCE (Remote Code Execution) bug was corrected in the December 5th security update. Log4Shell is also an RCE vulnerability, but the one from the Pixel update looks like it’s a different bug.
- Ian 18:19 on 2021-12-12 Permalink
  A Pixel update is more likely related to the Teams bug preventing 911 calls that is mostly Microsoft’s fault – https://www.theverge.com/2021/12/10/22828234/microsoft-teams-android-bug-blocked-911-call-go-read-this
  tl;dr:
  If you are using Android and have not logged into Teams you should probably do so and stay logged in or it might block 911 calls
Reply Cancel reply
Required fields are marked *

Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.

Δ

Montreal City Weblog

Recent Posts

Recent Comments

Pages

Other levels of gov’t

Sideblog projects

Archives

Pages rescued from montreal.com

Meta

Kate 14:17 on 2021-12-12 Permalink Reply

Mark Côté 15:32 on 2021-12-12 Permalink

dhomas 15:47 on 2021-12-12 Permalink

Mark Côté 15:49 on 2021-12-12 Permalink

dhomas 16:14 on 2021-12-12 Permalink

Ian 18:19 on 2021-12-12 Permalink

Reply Cancel reply