Dave Hounddriver Posted December 12, 2021 Posted December 12, 2021 Internet is scrambling to fix Log4Shell, the worst hack in history https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/ This is some kind of software hack that will affect all of us. I don't understand it but if any gurus google Log4Shell and read up on it then maybe they can tell us laymen what we need to now and do. 2 1 Link to comment Share on other sites More sharing options...
Forum Support Mike J Posted December 12, 2021 Forum Support Posted December 12, 2021 4 hours ago, Dave Hounddriver said: Internet is scrambling to fix Log4Shell, the worst hack in history https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/ This is some kind of software hack that will affect all of us. I don't understand it but if any gurus google Log4Shell and read up on it then maybe they can tell us laymen what we need to now and do. This appears to be an issue for internet servers that create a log for each user. It appears that the servers running on the open source Apache software are the ones vulnerable. No mention (that I could fine) of damage to users who log into those web site. So basically nothing for users to do other than maybe to stop or limit web based gaming until notified by that site that they have installed the new security patch. The game "Minecraft" is the one most mentioned in articles. So those using/playing Minecraft, for example, are not affected, at least right now. It is the Minecraft servers themselves that are vulnerable to the hack. The logs maintained at the server level are used to records scores, levels, rewards, login date/times, etc. The hack allows SQL and other scripts to be read and executed when the server receives a new login record. 2 Link to comment Share on other sites More sharing options...
earthdome Posted December 13, 2021 Posted December 13, 2021 15 hours ago, Mike J said: This appears to be an issue for internet servers that create a log for each user. It appears that the servers running on the open source Apache software are the ones vulnerable. No mention (that I could fine) of damage to users who log into those web site. So basically nothing for users to do other than maybe to stop or limit web based gaming until notified by that site that they have installed the new security patch. The game "Minecraft" is the one most mentioned in articles. So those using/playing Minecraft, for example, are not affected, at least right now. It is the Minecraft servers themselves that are vulnerable to the hack. The logs maintained at the server level are used to records scores, levels, rewards, login date/times, etc. The hack allows SQL and other scripts to be read and executed when the server receives a new login record. Dave & Mike J have some of the story. The program is Log4J, which is a programming library for logging used by software developers when writing web based applications in Java (not Javascript). So it could be found in any website which uses Java to run the backend application. The Apache Software Foundation is just the open source developer community where Log4J was developed and maintained. The AFS develops hundreds of different applications and tools primarily for web based internet applications. The exploit can be used to gain unauthorized access to the server to steal data, install ransomware, etc. This exploit is very damaging because a very large percentage of enterprise level online services are built using Java. Think banks, stocks, etc. Applications built for Oracle databases use Java extensively. The good news is that it only affects a few versions of the Log4J software, there is a new version which fixes the bug, and even if you can't immediately upgrade there is an easy fix. 1 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now