Connect with us

News

Log4j software bug is ‘severe risk’ to the entire internet

Jacob Scott

Published

on

A flaw in a commonly used piece of software has left millions of web servers vulnerable to exploitation by hackers


Technology

13 December 2021

Hackers could use the Log4j bug to access secure data Shutterstock / Tammy54

A major security flaw has been discovered in a piece of software called Log4j, which is used by millions of web servers. The bug leaves them vulnerable to attack, and teams around the world are scrambling to patch affected systems before hackers can exploit them. “The internet’s on fire right now,” said Adam Meyers at security company Crowdstrike.

What has happened?

The problem with Log4j was first noticed in the video game Minecraft but it quickly became apparent that its impact was far larger. The software is used in millions of web applications, including Apple’s iCloud. Attacks exploiting the bug, known as Log4Shell attacks have been happening in the wild since 9 December, says Crowstrike.

The director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, says the security flaw poses a “severe risk” to the internet. “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use,” she says.

What exactly is Log4j?

Almost every bit of software you use will keep records of errors and other important events, known as logs. Rather than creating their own logging system, many software developers use the open source Log4j, making it one of the most common logging packages in the world.

Not having to reinvent the wheel is a huge benefit, but the popularity of Log4j has now become a global security headache. The flaw affects millions of pieces of software, running on millions of machines, which we all interact with.

What does the flaw allow hackers to do?

Attackers can trick Log4j into running malicious code by forcing it to store a log entry that includes a very particular string of text. The way hackers are doing this varies from program to program, but in Minecraft it’s been reported that this was done via chat boxes. A log entry is created to archive each of these messages, so if the dangerous string of text is sent from one user to another it will be implanted into a log.

In another case, Apple servers were found to create a log entry recording the name given to an iPhone by its owner in settings. However it is done, once this trick is achieved, the attack can run any code they like on the server, such as stealing or deleting sensitive data.

Why wasn’t this flaw found sooner?

The code that makes up open source software can be viewed, run and even – with checks and balances – edited by anyone. This transparency can make software more robust and secure, as many pairs of eyes are working on it. But no software can be guaranteed safe.

The issue that enables the Log4Shell attack has been in the code for quite some time, but was only recognised late last month by a security researcher at Alibaba Cloud, a Chinese computing firm. He reported the problem immediately to the Apache Software Foundation, the American nonprofit organisation that oversees hundreds of open source projects including Log4j, to give them time to fix the issue before it was publicly revealed.

This responsible disclosure is standard practice for bugs like this, although unscrupulous bug hunters will also sell vulnerabilities like to hackers, allowing them to be used quietly for months or event years – including in snooping software sold to governments around the world.

What happens now?

Apache gave the vulnerability a “critical” ranking and rushed to develop a solution. Now hundreds of thousands of IT teams scrabbling to update Log4j to version 2.15.0, which was released before the vulnerability was made public and mostly fixes the issue. Teams will also need to scour their code for potential vulnerabilities and watch for hacking attempts.

While patches to fix problems like this can emerge very quickly, especially when they are responsibly revealed to the development team, it takes time for everyone to apply them. Computers and web services are so complex now, and so layered with dozens of stacked levels of abstraction, code running on code, on code, that it could take months for all these services to update.

And there will always be some that never do. Many dusty corners of the internet are propped up on ageing hardware with obsolete, vulnerable code – something that hackers are very happy to exploit.

More on these topics:

Checkout latest world news below links :
World News || Latest News || U.S. News

Source link

Read More

Original Source: worldnewsera.com

News

‘Moon Knight’ Took Marvel in a Different Orbit, but It Didn’t Rise to the Occasion

Jacob Scott

Published

on

Before anyone writes that off as an anomaly, “Eternals” tackled a similar introduction of a dense mythology on the bigger screen, with equally mixed results. It’s a reminder that while film-goers have had more than a decade to get to know characters like Iron Man, Captain America and Thor, introducing some of these lesser-known heroes can pose a more formidable challenge beyond catering to the most ardent fans.
For Marvel, there are warning signs in that, since “Moon Knight” will be followed by several series based on second-tier characters, although the next two on the horizon, “Ms. Marvel” (which is due in June) and “She-Hulk,” at least have the benefit of sharing franchises and name recognition with existing Avengers.
Ultimately, “Moon Knight’s” murky storytelling appeared to squander its principal assets, which included the cool look of the character — a costume that was too seldom used — and the presence of Isaac, who possesses additional genre credentials via the “Star Wars” sequels.

Taking its time in peeling back the layers of the character’s complicated backstory, “Moon Knight” took a weird plunge into the Egyptian mythology behind it, in ways that became increasingly confounding and surreal.

By the time the protagonist’s two halves, Steven Grant and Marc Spector, wound up in a psychiatric hospital talking to an anthropomorphic hippo in the penultimate chapter, the question wasn’t so much being able to keep up with the story as whether bothering to do so was worth the effort.

The sixth and final episode brought the plot to a messy close, seeking to stop the goddess Ammit from proceeding to “purify the souls of Cairo, and then the world.” In the customary credit sequence, the producers capped that off by introducing a third personality, Jake Lockley, also rooted in the comics. While that seemingly spelled the end for the show’s villain (Ethan Hawke), the finish — giving the god Khonshu the protégé he sought — paved the way for further adventures should Marvel so choose.

That last twist might be cause for celebration in narrower confines of the Marvel fan universe, but “Moon Knight” too often felt like it was one long Easter-egg sequence, conspicuously preaching to that choir.

Granted, Marvel has made clear that Disney+ offers the chance to explore different kinds of stories, but “Moon Knight” feels at best like a quirky showcase for Isaac and at worst a failed experiment in terms of execution and tone.

That doesn’t mean this “Moon” won’t somehow rise again, if the closely held streaming data justifies it. But the promise that surrounded this property has faded, providing further evidence that even Marvel isn’t immune from setbacks as it moves into its next phase.

Checkout latest world news below links :
World News || Latest News || U.S. News

Source link

Read More

Original Article: worldnewsera.com

Continue Reading

News

Start-up Pony.ai says it’s the first self-driving company to get a taxi license in China

Jacob Scott

Published

on

Autonomous driving start-up Pony.ai can collect fares for robotaxi rides in parts of two major Chinese cities as of Sunday.

Pony.ai handout

BEIJING — Self-driving start-up Pony.ai announced Sunday it received a taxi license, the first of its kind in China.

The license allows Pony.ai to operate 100 self-driving cars as traditional taxis in the Nansha district of the southern city of Guangzhou, the company said.

The Chinese start-up, which is backed by Toyota, received approval from Beijing city late last year to charge fees to operate a commercial robotaxi business in a suburban district of the city. It is not the same as a taxi licence.

Baidu’s Apollo Go also received approval in the same Beijing district last year.

Pony.ai was valued at $8.5 billion in early March. The company said its Nansha taxi license required 24 months of autonomous driving testing in China and/or other countries, and no involvement in any active liability traffic accidents, among other factors.

The start-up said it plans to launch commercial robotaxi businesses in two other large Chinese cities next year. The company is already testing self-driving cars in those cities and in California. 

Robotaxis in China currently have a human driver present for safety.

— CNBC’s Arjun Kharpal contributed to this report.

Checkout latest world news below links :
World News || Latest News || U.S. News

Source link

Read More

Article: worldnewsera.com

Continue Reading

News

How to watch Timberwolves vs. Grizzlies: TV channel, NBA live stream info, start time

Jacob Scott

Published

on

Who’s Playing

Memphis @ Minnesota

Current Records: Memphis 2-1; Minnesota 1-2

What to Know

The Memphis Grizzlies’ road trip will continue as they head to Target Center at 10 p.m. ET this past Saturday to face off against the Minnesota Timberwolves. Memphis will be strutting in after a win while Minnesota will be stumbling in from a loss.

The Grizzlies are hoping for another victory. They beat the Timberwolves 104-95 this past Thursday. The victory came about thanks to a strong surge after the first quarter to overcome a 39-21 deficit. Memphis’ success was spearheaded by the efforts of power forward Brandon Clarke, who had 20 points in addition to eight rebounds, and shooting guard Desmond Bane, who shot 7-for-15 from beyond the arc and finished with 26 points and six boards.

Barring any buzzer beaters, Memphis is expected to win a tight contest. They might be worth taking a chance on against the spread as they are currently on a two-game streak of ATS wins.

Memphis’ win brought them up to 2-1 while the Timberwolves’ defeat pulled them down to a reciprocal 1-2. A couple offensive stats to keep in the back of your head while watching: The Grizzlies come into the game boasting the second most points per game in the league at 115.6. But Minnesota is even better: they rank first in the league when it comes to points per game, with 115.9 on average. Tune in for what’s sure to be a high-scoring contest.

How To Watch

When: Saturday at 10 p.m. ET Where: Target Center — Minneapolis, Minnesota TV: ESPN Online streaming: fuboTV (Try for free. Regional restrictions may apply.) Follow: CBS Sports App Ticket Cost: $76.96

Odds

The Grizzlies are a slight 2.5-point favorite against the Timberwolves, according to the latest NBA odds.

The oddsmakers had a good feel for the line for this one, as the game opened with the Grizzlies as a 3-point favorite.

Over/Under: -110

See NBA picks for every single game, including this one, from SportsLine’s advanced computer model. Get picks now.

Series History

Memphis have won 19 out of their last 28 games against Minnesota.

Apr 21, 2022 – Memphis 104 vs. Minnesota 95 Apr 19, 2022 – Memphis 124 vs. Minnesota 96 Apr 16, 2022 – Minnesota 130 vs. Memphis 117 Feb 24, 2022 – Minnesota 119 vs. Memphis 114 Jan 13, 2022 – Memphis 116 vs. Minnesota 108 Nov 20, 2021 – Minnesota 138 vs. Memphis 95 Nov 08, 2021 – Memphis 125 vs. Minnesota 118 May 05, 2021 – Memphis 139 vs. Minnesota 135 Apr 02, 2021 – Memphis 120 vs. Minnesota 108 Jan 13, 2021 – Memphis 118 vs. Minnesota 107 Jan 07, 2020 – Memphis 119 vs. Minnesota 112 Dec 01, 2019 – Memphis 115 vs. Minnesota 107 Nov 06, 2019 – Memphis 137 vs. Minnesota 121 Mar 23, 2019 – Minnesota 112 vs. Memphis 99 Feb 05, 2019 – Memphis 108 vs. Minnesota 106 Jan 30, 2019 – Minnesota 99 vs. Memphis 97 Nov 18, 2018 – Memphis 100 vs. Minnesota 87 Apr 09, 2018 – Minnesota 113 vs. Memphis 94 Mar 26, 2018 – Memphis 101 vs. Minnesota 93 Dec 04, 2017 – Memphis 95 vs. Minnesota 92 Feb 04, 2017 – Memphis 107 vs. Minnesota 99 Nov 19, 2016 – Memphis 93 vs. Minnesota 71 Nov 01, 2016 – Minnesota 116 vs. Memphis 80 Oct 26, 2016 – Memphis 102 vs. Minnesota 98 Mar 16, 2016 – Minnesota 114 vs. Memphis 108 Feb 19, 2016 – Memphis 109 vs. Minnesota 104 Jan 23, 2016 – Minnesota 106 vs. Memphis 101 Nov 15, 2015 – Memphis 114 vs. Minnesota 106

Injury Report for Minnesota

No Injury Information

Injury Report for Memphis

Dillon Brooks: Game-Time Decision (Foot) Santi Aldama: Out (Knee) Killian Tillie: Out (Knee)

Checkout latest world news below links :
World News || Latest News || U.S. News

Source link

Read More

Original Post: worldnewsera.com

Continue Reading

Trending

XTPE.com