DATA DOCTORS

The Log4j threat: What everyone should do

Dec 18, 2021, 5:00 AM
(Pexels Photo)...
(Pexels Photo)
(Pexels Photo)

Q: What should I be doing about the Log4j vulnerability?

A: In what is considered one of the most widespread and dangerous vulnerabilities to be discovered in a very long time, the Log4j problem is going to be a threat that will likely linger for a long time.

The reason this discovery is considered a nightmare scenario is because of the ubiquity of the tool that is being compromised and the difficulty in determining where it is being used.

Free Logging Tool

At the heart of the problem is a very popular open-source tool (Log4j) used to log activity – it can be easily compromised on millions of devices that connect to the Internet.

The tool can be instructed to allow what is known as ‘Remote Code Execution’, which can allow a remote user to take control of the device.

The good news is that it will be a pretty easy thing to fix but the bad news is that it’s going to take a long time to determine where it’s being used.

Anyone along the manufacturing process of any device or the development of any software program could have used the logging tool, so it’s many needles in many haystacks.

The best analogy that I’ve heard is to think of it as a common nail used by millions of construction companies on millions of construction projects and the nail has been found to deteriorate to the point that it could fail.

This means every construction company has to figure out where they used this nail on every construction project they or any of their subcontractors has ever completed.

Active Attempts To Exploit Log4j

For cyber criminals, exploiting this tool’s vulnerability is like shooting fish in a barrel because it’s so widespread.

Security firm Cloudflare posted (https://bit.ly/3pdV3Xr) that it saw the first attempts to exploit the vulnerability just nine minutes after the problem was disclosed publicly.

To date, millions of hacking attempts have already been made and we can expect them to grow in popularity and sophistication.

Of particular concern is the ability to launch a ransomware attack without the need to trick a user into doing something that allows them in.

What You Need To Do

The majority of the work to fix the vulnerability has to be done by the manufacturers and developers of the exposed products, which then need to be distributed to all of their users.

If you’re a small business, you or your IT resources should be checking the support website for your software programs and hardware devices for posted updates or alerts.

In some cases, there may be some temporary mitigation steps that can be taken until a patch has been developed.

If you are using really old technology that no longer gets updates, you may need to consider replacing it altogether or make sure it’s no longer connected to the Internet.

Don’t Ignore Update Notices

Large businesses are a more attractive target at the moment, but as time goes on, we’re likely going to see attempts to exploit the average user.

Make sure to install security updates when they are made available on any and all of your computers, smartphones, tablets, software programs and ‘smart home’ devices to plug the holes that could allow you to be exploited.

We want to hear from you.

Have a story idea or tip? Pass it along to the KTAR News team here.

Data Doctors

(Pixabay Photo)...
Data Doctors

When shopping for a Wi-Fi router, here’s what to consider

When shopping for a new Wi-Fi router, here are a few things to consider and look for.
4 days ago
(Pexels Photo)...
Ken Colburn, Data Doctors

How to maximize accuracy, experience with dropped pins on Google Maps

Here are a few tips for maximizing your experience and accuracy with dropped pins on Google Maps in any part of the world.
11 days ago
(Pexels Photo)...
Ken Colburn, Data Doctors

Here are tips for switching your email from Cox to Gmail

If you're a user interested in switching your email from Cox to Gmail, here are a few tips to make the conversion easy and organized.
18 days ago
(Pixabay Photo)...
Ken Colburn, Data Doctors

What you need to know about the upcoming 3G shutdown

It’s hard to remember what a game changer 3G was when it first rolled out in the early 2000s, but all of the major carriers plan on shutting down those networks in 2022.
25 days ago
(Pexels Photo)...
Ken Colburn, Data Doctors

Comparing private search engines and understanding its benefits

Google’s search engine is considered the most powerful but the trade-off is that you give up privacy through their expansive tracking technologies. If you want to avoid the tracking but still get excellent search results, a private search engine does just that.
1 month ago
In this Thursday, March 12, 2015 photo, a first-grader learns keyboarding skills at Bayview Element...
Data Doctors

Here’s how to navigate computer shortcuts between Mac and Windows

Q: I’ve been a Mac user for a long time, but have to use Windows for my new job, which makes it confusing when I try to use shortcuts. A: Operating on both the Windows and Mac platforms on a regular basis has become a lot more common and for those that use a lot […]
2 months ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

HVAC upkeep in Arizona saves money, keeps families prepared in the long run

Does your air conditioner make weird noises or a burning smell when it starts? If so, you may be due for an AC unit replacement.
...
Arizona State University

This is the best year to get your MBA

Getting a master’s degree is a major commitment of time, energy, and money, so returning to school — even if you’re thinking about a part-time program that allows you to keep working — is one of the biggest decisions of your career.
...
PNC BANK

How your family can explore the Musical Instrument Museum

Whether you want to spend a day with family, do crafts with kids at home, or have an adult night out, the Musical Instrument Museum in Phoenix has options. As the world’s only global musical instrument museum, MIM offers interactive and immersive exhibits to foster an appreciation of different cultures and their instruments. “A visit […]
The Log4j threat: What everyone should do