• Our booking engine at tickets.railforums.co.uk (powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!

National Rail enquiries android app

Status
Not open for further replies.
J

joncombe

Member
Joined
6 Nov 2016
Messages
769
Has this been discontinued? I cannot find it in the play store and the link from the national rail site gives a not found error.
 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

Z

zwk500

Veteran Member
Joined
20 Jan 2020
Messages
13,407
Location
Bristol
The app itself is definitely still working. Not sure why it isn't showing on the play store.
 
Lewlew

Lewlew

Member
Joined
15 Oct 2019
Messages
748
Location
London
It looks like it has been removed from the Play Store, either by NRE or by Google. It's a really bad and outdated app anyway so you're not missing much. There are alternatives out there.

You can download a copy of the NRE app if you really wanted to from here...

apk.support

National Rail Enquiries (National Rail Enquiries) APK for Android - Free Download

Download National Rail Enquiries APK (9.52 MB) - Latest version: 9.6.5.1 - Android: 7.0 and up - uk.co.nationalrail.google - by: National Rail Enquiries
apk.support apk.support
 
centraltrains

centraltrains

Member
Joined
3 Jan 2015
Messages
480
Location
West Midlands
Pure speculation... given it's an older android app and many old/current android apps are written in Java... Maybe it's something to do with the recent vulnerability found with log4j (a common logging program for storing program logs to assist with debugging etc.)?

Educational access digital subscriptions | New Scientist

Explore our educational access digital subscriptions offering schools, colleges and universities unlimited access to newscientist.com - including the New Scientist digital archive.
institutions.newscientist.com

Log4j software bug is 'severe risk' to the entire internet​

A flaw in a commonly used piece of software has left millions of web servers vulnerable to exploitation by hackers

TECHNOLOGY 13 December 2021
By Matthew Sparkes

Hackers could use the Log4j bug to access secure data
Shutterstock / Tammy54

A major security flaw has been discovered in a piece of software called Log4j, which is used by millions of web servers. The bug leaves them vulnerable to attack, and teams around the world are scrambling to patch affected systems before hackers can exploit them. “The internet’s on fire right now,” said Adam Meyers at security company Crowdstrike.
What has happened?
The problem with Log4j was first noticed in the video game Minecraft, but it quickly became apparent that its impact was far larger. The software is used in millions of web applications, including Apple’s iCloud. Attacks exploiting the bug, known as Log4Shell attacks, have been happening since 9 December, says Crowdstrike.

The director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, says the security flaw poses a “severe risk” to the internet. “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use,” she says.
What exactly is Log4j?
Almost every bit of software you use will keep records of errors and other important events, known as logs. Rather than creating their own logging system, many software developers use the open source Log4j, making it one of the most common logging packages in the world.

Not having to reinvent the wheel is a huge benefit, but the popularity of Log4j has now become a global security headache. The flaw affects millions of pieces of software, running on millions of machines, which we all interact with.
What does the flaw allow hackers to do?
Attackers can trick Log4j into running malicious code by forcing it to store a log entry that includes a particular string of text. The way hackers are doing this varies from program to program, but in Minecraft, it has been reported that this was done via chat boxes. A log entry is created to archive each of these messages, so if the dangerous string of text is sent from one user to another it will be implanted into a log.
In another case, Apple servers were found to create a log entry recording the name given to an iPhone by its owner in settings. However it is done, once this trick is achieved, the attacker can run any code they like on the server, such as stealing or deleting sensitive data.
Why wasn’t this flaw found sooner?
The code that makes up open source software can be viewed, run and even – with checks and balances – edited by anyone. This transparency can make software more robust and secure, because many pairs of eyes are working on it. But no software can be guaranteed safe.
The issue that enables the Log4Shell attack has been in the code for quite some time, but was only recognised late last month by a security researcher at Chinese computing firm Alibaba Cloud. He reported the problem immediately to the Apache Software Foundation, the American non-profit organisation that oversees hundreds of open source projects including Log4j, to give it time to fix the issue before it was publicly revealed.
This responsible disclosure is standard practice for bugs like this, although some bug hunters will also sell such vulnerabilities to hackers, allowing them to be used quietly for months or event years – including in snooping software sold to governments around the world.
What happens now?
Apache gave the vulnerability a “critical” ranking and rushed to develop a solution. Now hundreds of thousands of IT teams are scrabbling to update Log4j to version 2.15.0, which was released before the vulnerability was made public and mostly fixes the issue. Teams will also need to scour their code for potential vulnerabilities and watch for hacking attempts.
While patches to fix problems like this can emerge very quickly, especially when they are responsibly revealed to the development team, it takes time for everyone to apply them. Computers and web services are so complex now, and so layered with dozens of stacked levels of abstraction, code running on code, on code, that it could take months for all these services to update.
And there will always be some that never do. Many dusty corners of the internet are propped up on ageing hardware with obsolete, vulnerable code – something that hackers can easily exploit.


Read more: https://www.newscientist.com/articl...re-risk-to-the-entire-internet/#ixzz7Ewy72pAF
Click to expand...

I struggle to imagine shell access to a trains time apps would be of much interest to an attacker, and I think android runs everything in containers anyway so shouldn't really give away anything?
Would be a justification for the iOS version still being available.



Meanwhile I'm still using the outdated London Midland On Track app :lol:
 
J

joncombe

Member
Joined
6 Nov 2016
Messages
769
Thanks yes I was actually just trying to install it for a relative that wanted a very simple app for checking trains are on time and planning journeys so I thought it might work well for them.

I have it on my own phone and it works fine so I was surprised to see it no longer available. The thing about log4j could well be the issue.
 
Status
Not open for further replies.

Top