andrewducker (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
andrewducker) wrote2021-12-16 12:00 pm
andrewducker) wrote2021-12-16 12:00 pm
Interesting Links for 16-12-2021
- How autistic people are different - what's the research?
- (tags:research autism )
- Why doesn't Scotland have tougher Covid measures? (Because Westminster won't give them the money to pay for them)
- (tags:uk scotland pandemic OhForFucksSake )
- Leave voters go cold on Boris Johnson's Brexit deal
- (tags:uk europe BorisJohnson )
- Pfizer's anti-COVID drug still looks effective after further analysis (no deaths, 80% drop in hospitalisation)
- (tags:pandemic GoodNews )
- Mayo Clinic research finds immune system responds to mRNA treatment for cancer
- (tags:immune_system cancer GoodNews )
- log4j memes (If you laughed at these then I'm sorry about how your last few days have gone)
- (tags:logging java security meme )
- Polar bear cub born at Highland Wildlife Park
- (tags:bears scotland )
no subject
Log4j is a free library of code designed to be used by other applications to provide logging functionality (where "log" means "make a note of", not "chop down trees"). It's been around for 20-odd years and is used in an awful lot of applications, as it became somewhat of a standard library that everyone who needed to log information used.
When it was first created, there was a lot less worry about security, and a bunch of functionality was included to allow it to do very powerful things, without thinking "How would a determined hacker make use of this?"
And then, a week ago, someone worked out a really easy way to make it do *anything*, from a remote computer, effectively allowing them to take over the computer it was running on.
As it is a code library, and thus included inside other applications, lots of companies are now desperately scanning all of their computers to see if they have anything that uses it - and finding it in everything from software they have bought in to things that were written internally up to 20 years ago and haven't been touched since. All of these need to be fixed, and there might be hundreds of them across a larger company.