The researchers need to provide proofs of concept. Actual functional exploits.
Talking in general, not for this very issue: In my experience, providing a proof of concept is often a lot harder than simply fixing the issue. For an open source project it’s probably more helpful if the reporter provides a fix or at least a recommendation on how to fix it
At least in Germany, depending on contract, monthly payments vary heavily. For instance the labour agreement for the automotive industry contains a 13th salary at christmas time, vacation pay in summer, a bonus in spring depending on company performance, a potential bonus if you pass on some vacation days and more. Other contracts only have a monthly salary and no bonuses. My contract has only one bonus depending on company performance in April while my wife gets 12.8 monthly salaries (1.8x salary in November as end-of-year bonus). To compare job offers in any way, you can only go with the annual number.
Here’s one reason: access to MAC addresses is restricted to system apps since Android 6, since Android 11 it’s not available to third party apps at all
The MAC address is only visible in the local network, so it’s not visible to reddit if you’re not directly locally connected to their server.
That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not. I highly doubt the “in most circumstances” line, my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all. If not for their users’s privacy, then at least to combat spam.
Most emails are unencrypted.
No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.
Fax on the other hand is never encrypted and also not signed, so there is no integrity protection. Fax is far, far less secure than even standard email. Businesses require fax often for legal reasons because laws are written by people with no technical understanding not because of any technical reason.
I can’t read that sentence anymore without that music playing in my head
Yeah, I agree that any bug report on such a technical level should contain scripts or similar to reproduce the finding but that’s not the same as a full blown proof of concept exploit and I think to require an exploit sets the bar too high. A vulnerability is a vulnerability, no matter whether there’s an exploit or not. If you commission somebody to do a pentest you usually don’t get exploits either.