Log4Shell is a new zeroday vulnerability discovered last Thursday when it was exploited to remotely compromise Minecraft servers. The vulnerability was traced with the code CVE-2021-44228 and was assigned a severity level of 10 out of 10 as it can be exploited very easily and allows the execution of remote unauthenticated code.
The vulnerability concerns in particular Log4j, an open source event logging tool based on Java and available from Apache that is used by hundreds of thousands of apps, especially in the cloud and including those commonly used in almost all companies on the planet. .
Event logging is a process by which applications keep an up-to-date list of the activities performed and which can thus be analyzed later in the event of errors. Almost all network security systems run some kind of event log, which gives libraries such as Log4j nearly endless coverage.
The exploitation of the vulnerability occurs by managing to have a special sequence of characters recorded on the log, as Cloudflare illustrated in detail in its analysis. And, as mentioned, the vulnerability can be exploited with ease: in the case of Minecraft, for example, it was possible to record the sequence of characters on the log simply by sending a message in the chat within the game.
Since the compromise of the Minecraft servers occurred, the security company Greynoise has detected an active scan in progress on the Internet that attempted to identify vulnerable servers. The researchers point out that they have observed that the vulnerability is exploited for various purposes: from the installation of malware to cryptomining, to the hardening of Linux botnets, passing from the extraction of data and configurations.
The history of celebrating Esperanto on Zamenhof’s birthday can be traced back to 17 December 1878, when at a birthday party for his 19th birthday he presented to his friends his Lingwe uniwersala, the first version of his international language. By 1887, this language had evolved into what is now recognized as Esperanto when he published the Unua Libro. 15 December previously used to be also known as Esperanto Day,but that is now celebrated on 26 July, the day Unua Libro was published.
15 December 2009 marked 150 years since Zamenhof’s birth, and there were several events to celebrate. On this date, the authorities in his home town of Białystok, Poland, opened a new Zamenhof Center, and a symposium honoring Zamenhof was held in New York City, featuring talks by Arika Okrent and Humphrey Tonkin among other professors.
Also on this date, the search engine Google, in 33 national language versions (but not the international English one), bore a special version of their logo (a Doodle) emblazoned with the Esperanto flag in honor of the occasion, which generated, on the 30 biggest Wikipedia languages, 1,750,000 page views on the articles “L. L. Zamenhof“.
Winter is basically my favorite time of year. The cold, the quiet, the snow. The feeling that everything is fresh and new. Though… well, it’s been a bit colder than I’d prefer, as I write this at 4:30am, it’s -10*F/-23C outside. There’s a thick layer of ice coated on the inside of every window in […]