- Local time
- 11:32 PM
- Posts
- 7,878
- Location
- The Lone Star State of Texas
- OS
- Windows 11 Pro 23H2 22631.4169
According to recent articles, "hundreds of millions" of internet-connected devices and services are vulnerable to hackers because of a newly discovered security flaw in a widely used piece of computer code used by many servers. The vulnerability is found in log4j, an open-source, java based, Apache logging library used by apps and services across the internet, many which are used by the federal government. It could allow hackers to run malicious code on targeted computer systems for purposes including espionage and ransomware .
According to the experts, generally speaking any consumer device that uses a web server could be running Apache. It is widely used in devices like smart TVs, DVR systems and security cameras. The government and Microsoft are scrambling to identify the many servers involved.
So far, Microsoft has found this vulnerability in its own products, Azure Spring Cloud, Azure Databricks, Azure DevOps and Minecraft. MS patched their Minecraft server, but it still exists in non-Microsoft hosted Minecraft servers. CVE-2021-44228 - Security Update Guide - Microsoft - Apache Log4j Remote Code Execution Vulnerability addresses the MS servers identified so far that require customer action.
All that said, can someone answer 2 questions for me. Java code has caused security problems for years. Why is it still allowed to be used? And why in the world would our government, Microsoft, and Security companies give a heads up to all the hackers out there that the flaw exists in the first place before it is fully mitigated? It’s like saying “Exploit me!” Makes no sense to me.
According to the experts, generally speaking any consumer device that uses a web server could be running Apache. It is widely used in devices like smart TVs, DVR systems and security cameras. The government and Microsoft are scrambling to identify the many servers involved.
So far, Microsoft has found this vulnerability in its own products, Azure Spring Cloud, Azure Databricks, Azure DevOps and Minecraft. MS patched their Minecraft server, but it still exists in non-Microsoft hosted Minecraft servers. CVE-2021-44228 - Security Update Guide - Microsoft - Apache Log4j Remote Code Execution Vulnerability addresses the MS servers identified so far that require customer action.
All that said, can someone answer 2 questions for me. Java code has caused security problems for years. Why is it still allowed to be used? And why in the world would our government, Microsoft, and Security companies give a heads up to all the hackers out there that the flaw exists in the first place before it is fully mitigated? It’s like saying “Exploit me!” Makes no sense to me.
My Computers
System One System Two
-
- OS
- Windows 11 Pro 23H2 22631.4169
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell Optiplex 7080
- CPU
- i9-10900 10 core 20 threads
- Motherboard
- DELL 0J37VM
- Memory
- 32 gb
- Graphics Card(s)
- none-Intel UHD Graphics 630
- Sound Card
- Integrated Realtek
- Monitor(s) Displays
- Benq 27
- Screen Resolution
- 2560x1440
- Hard Drives
- 1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
- PSU
- 500w
- Case
- MT
- Cooling
- Dell Premium
- Keyboard
- Logitech wired
- Mouse
- Logitech wireless
- Internet Speed
- so slow I'm too embarrassed to tell
- Browser
- Firefox
- Antivirus
- Defender+MWB Premium
-
- Operating System
- Windows 10 Pro 22H2 19045.3930
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell Optiplex 9020
- CPU
- i7-4770
- Memory
- 24 gb
- Monitor(s) Displays
- Benq 27
- Screen Resolution
- 2560x1440
- Hard Drives
- 256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
- PSU
- 500w
- Case
- MT
- Cooling
- Dell factory
- Mouse
- Logitech wireless
- Keyboard
- Logitech wired
- Internet Speed
- still not telling
- Browser
- Firefox
- Antivirus
- Defender+MWB Premium