The Yes, This Big Header Banner
No stickies found.
Random Comment
Comment #10767
k, let me know what you think. Also, any idea for a cheap yet good e-reader?

log4j2 fiasco

at 13:49 - 15th, December 2021
I cannot believe this has gone so far under the radar that I'm only hearing about it now, nearly a week after news was made public. Apparently the latest patch to Apache logging software is exploitable and Apache is considering it a level 10 (maximum) security risk to all apache servers running the patch.
Here's a small list of the servers affected:
  • Cloudflare
  • iCloud
  • Minecraft: Java Edition
  • Steam
  • Tencent QQ
  • Twitter

That's a hell of a list. It's raised all sorts of doubt on the Open Source movement for some reason and has brought light to the problems of Corporations using but not providing any financial support to open source developers.

This is crazy.

From the Wiki post
A zero-day vulnerability involving remote code execution in Log4j 2, given the descriptor "Log4Shell" (CVE-2021-44228), was found and reported to Apache by Alibaba on November 24, 2021, and published in a tweet on December 9, 2021.[8] Affected services include Cloudflare, iCloud, Minecraft: Java Edition,[38] Steam, Tencent QQ, and Twitter.[39][40][41] The Apache Software Foundation assigned the maximum CVSS severity rating of 10 to Log4Shell, as millions of servers could be potentially vulnerable by the exploit.[41] The vulnerability was characterised by cybersecurity firm Tenable as the "the single biggest, most critical vulnerability of the last decade"[9] and Lunasec's Free Wortley characterized it as "a design failure of catastrophic proportions".[42]

And for it to be reported by alibaba of all companies is quite shocking to me.


Similar posts

The Olympics
Just got this from my media guy here, very interesting. it's the security side of the olym...
What you all been up to?
I've been super busy with work during the day, since dad took off for Europe, which is al...
Fake Cell phone towers popping up across US
Well now, this is interesting. Seventeen fake cellphone towers were ...



Join the conversation

Don't have a username? Register Now
Can't remeber your login? Find Password