A small piece of opensource software written in java called log4j was in the news around the world for wrong reasons. It caused one of the worst affected vulnerabilities of recent years.
What is log4j?
Modern software can be large, powerful and complex. Rather than single author writing all the code themselves as was common decades ago, modern software creation will have large teams, and that siftware is increasingly made up of ” Building blocks” pulled together by a team rather than written from scratch.
Noone will spen time writing code from scratch when the existing code can be used immediately.
Log4j is one of many building blocks. It is used by many organizations to do a common but important job. We call this a “software library”.
Log4j is like a huge journal of the activity of a system or application. This is called “logging” and it is used by developers to keep an eye for user problems.
What is the issue??
Last week a vulnerability was found in Log4j, an open-source logging library commonly used by apps and softwares across the internet. If left unfixed, attackers can break into systems , steal passwords and logins,extract data, and infect network with malicious softwares.
Log4j is used worlwide and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.
How big is the damage???
As per cybersecurity firm Check Point, over 800,000 exploitation attempts were detected in the first 72 hours after Log4j issue became public. Experts predict that Log4j issue can affect the whole internet. The widespread impact of the vulnerability is so large that it may take years to fix. Why so? simply because 95% of java programs use Log4j.
How does Log4j vulnerability affect a casual computer user????
All the above challenges are faced by organizations who run software applications and websites to run their business and NOT individuals. Casual computers are not directly affected.
Hardwork needs to be done by your software vendors and service providers to secure your data. The best thing you can do is to keep your devices up to date and keep updating them regularly, particularly over next weeks.
Last Updated:
Views: 35
