Log4Shell: Tough to Hide This Fire
December 28, 2021
Billy Joel is absolutely right when he sang the acclaimed song “We Didn’t Start The Fire” about the world’s slow demise. Unlike the planet, the Internet is regularly set ablaze and the demise is quick. The current flame is “Log4Shell” and it gives bad actors back doors into clouds and enterprise systems to steal data, download malware, erase information, and cause mayhem. AP News explores the breach in: “‘The Internet’s On Fire’ As Techs Race To Fix Software Flaw.”
The bug dubbed “Log4Shell” originated in open source Apache software used to run Web sites and other Web services. While open source software is a boon to the world, it is not updated as quickly as proprietary software. Amazon, for example, updates itself daily while systems running Apache only update at their owners’ behest.
Funny enough the “Log4Shell” vulnerability was first noticed in a children’s game:
“The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.Microsoft said it had issued a software update for Minecraft users. ‘Customers who apply the fix are protected, it said.”
Cyber security is not child’s play, but hacking is for some bad actors. Thankfully developers are working on a patch to prevent further damage. Security professionals really should not panicking and combine their knowledge to find a solution quicker.
A couple of points:
- The issue allegedly was disclosed by an Alibaba tech professional, possibly Chen Zhaojun
- China suspender an apparently “big” cyber security deal with Alibaba after the disclosure
Are these two actions connected; specifically, did China lose control of a really nifty zero day? Beyond Search thinks that the career trajectory of some Alibaba professionals will be interesting to watch. Are there IT jobs in Ürümqi?
Whitney Grace, December 28, 2021
Whitney Grace, December 27, 2021