The ‘most serious’ security breach ever is unfolding right now. Here’s what you need to know.
from the Washington Post
[ Editor’s Note: This was discovered sometime ago and the story is breaking publicly now? Was it kept quiet so the big companies could put fixes in before the vulnerability was podcast to all of the world’s hackers?
Once again, the end user learns that despite all of the claims of the major companies and providers having massive anti-hacking defenses, the keys to hacking them are being sold to those with deep pockets and no fear of legal retribution.
Intelligence agencies are being mum of course, in terms of their being hacked, or were ‘private contractors’ they have used to make stuff for them gone rogue and sold cyber defense workarounds on the dark web?
Needless to say we all live under this threat and need to divert time to stay abreast as best we can. Notice how no US government agency seems to be coming to the fore as a one stop, up to date source of accurate information, like they were leaving that up to the private market to provide.
What we are seeing is the revelation that internet security, if you have it, is just a temporary thing. Also, look at the lack of punishment. Have you heard of any raids lately, anywhere on the planet.
Are the people doing this being ‘taken out’ quietly, under an special license to kill permission by a star chamber somewhere. Would the public approve of such operations? I think they would. Let me know what you think in the comments… Jim W. Dean ]
First published December 20, 2021
The descriptions used by security experts to describe the new vulnerability in an extremely common section of code called log4j border on the apocalyptic.
…“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,” Jen Easterly, U.S. Cybersecurity and Infrastructure Security Agency director, said in a Thursday interview on CNBC.
…Log4j is a chunk of code that helps software applications keep track of their past activities. Instead of reinventing a “logging” — or record-keeping — component each time developers build new software, they often use existing code like log4j instead.
…The vulnerability also gives hackers access to the heart of whatever system they’re trying to get into, cutting past all the typical defenses software companies throw up to block attacks. Overall, it’s a cybersecurity expert’s nightmare.
…“Some of the people didn’t see sleep for a long time, or they sleep like three hours, four hours and wake back up,” Ashkenazi said. “We were working around-the-clock. It’s a nightmare since it was out. It’s still a nightmare.”