NexusFi: Find Your Edge


Home Menu

 





Computer log4j Vulnerability


Discussion in Off-Topic

Updated
      Top Posters
    1. looks_one Powdrpig with 1 posts (6 thanks)
    2. looks_two SMCJB with 1 posts (4 thanks)
    3. looks_3 bobwest with 1 posts (6 thanks)
    4. looks_4 Symple with 1 posts (5 thanks)
      Best Posters
    1. looks_one Powdrpig with 6 thanks per post
    2. looks_two bobwest with 6 thanks per post
    3. looks_3 Symple with 5 thanks per post
    4. looks_4 SMCJB with 4 thanks per post
    1. trending_up 1,528 views
    2. thumb_up 21 thanks given
    3. group 3 followers
    1. forum 3 posts
    2. attach_file 0 attachments




 
Search this Thread

Computer log4j Vulnerability

  #1 (permalink)
 
Powdrpig's Avatar
 Powdrpig 
Bend, Oregon
 
Experience: Advanced
Platform: Sierra Chart
Broker: Edge Clear
Trading: MNQ/NQ
Posts: 41 since May 2011
Thanks Given: 621
Thanks Received: 66

There is a new Chinese internet attack that might compromise your accounts. You might want to do a search for file "log4j" on your computer to see if you have it. If so, check to see if it has the new "2.15.0" file fix. I had it under my Interactive Brokers directory but they did a download update today when I signed on and installed the new file. Hopefully, other brokers and banks are on top of it.

https://www.dailymail.co.uk/news/article-10307697/Chinese-hackers-exploiting-fully-weaponised-Log4shell-software-vulnerability.html

'Log4Shell could wreck the internet' says cybersecurity expert
The vulnerability comes from Apache's Log4j, a globally popular open source library that helps software developers track changes in applications that they build." (https://www.dailymail.co.uk)

"There are no safe paths in this part of the world. You're over the edge of the wild now." Tolkien

"Never let the fear of strikeouts get in your way." Babe Ruth
Started this thread Reply With Quote

Can you help answer these questions
from other members on NexusFi?
Online prop firm The Funded Trader (TFT) going under?
Traders Hideout
Exit Strategy
NinjaTrader
NT7 Indicator Script Troubleshooting - Camarilla Pivots
NinjaTrader
My NT8 Volume Profile Split by Asian/Euro/Open
NinjaTrader
The space time continuum and the dynamics of a financial …
Emini and Emicro Index
 
  #2 (permalink)
 
SMCJB's Avatar
 SMCJB 
Houston TX
Legendary Market Wizard
 
Experience: Advanced
Platform: TT and Stellar
Broker: Advantage Futures
Trading: Primarily Energy but also a little Equities, Fixed Income, Metals and Crypto.
Frequency: Many times daily
Duration: Never
Posts: 5,041 since Dec 2013
Thanks Given: 4,375
Thanks Received: 10,192

Your right, sounds like it could be a major vulnerability, as I think its popular on servers and people often don't update those very often.

For what it's worth log4j is open source software and not Chinese. Maybe the Chinese try and take advantage of it (probably with the Russians and every other hacker) but it's not Chinese in nature.

Reply With Quote
Thanked by:
  #3 (permalink)
Symple
Zuerich / Switzerland
 
Posts: 1,036 since Sep 2021
Thanks Given: 1,315
Thanks Received: 2,286



The vulnerability, known as CVE-2021-44228, was disclosed on Dec. 9, which allows remote access to servers and code execution, some experts have said. Meanwhile, Log4j is used in a large number of enterprise systems, raising concerns that it may be easily exploited.

Since the vulnerability, which some dubbed “Log4Shell,” so is widespread and is likely present in highly-trafficked websites and apps, users may also see their favorite websites and apps be impacted.

Cybersecurity firms Mandiant and Crowdstrike said that hacking groups are trying to breach systems, and Mandiant described to Reuters that they are “Chinese government actors,” in reference to the ruling Chinese Communist Party.

“Given that Log4j has been a ubiquitous logging solution for Enterprise Java development for decades, Log4j has the potential to become a vulnerability that will persist within Industrial Control Systems (ICS) environments for years to come,” according to a blog post by cybersecurity researchers at Dragos.

A cybercriminal can exploit the flaw by sending a malicious code string that will get logged by the Log4j version, allowing the attacker to load an arbitrary Java code to a server. The vulnerability could potentially allow them to take control of the server.

Federal cybersecurity officials also reportedly expressed alarm over the vulnerability in recent days.

“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” Jen Easterly, the head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call.

- The full article you will find here: (https://www.zerohedge.com/technology/internets-fire-right-now-millions-devices-risk-over-new-software-vulnerability)

Symple

Reply With Quote
Thanked by:
  #4 (permalink)
 
bobwest's Avatar
 bobwest 
Western Florida
Site Moderator
 
Experience: Advanced
Platform: Sierra Chart
Trading: ES, YM
Frequency: Several times daily
Duration: Minutes
Posts: 8,162 since Jan 2013
Thanks Given: 57,343
Thanks Received: 26,267


Powdrpig View Post
There is a new Chinese internet attack that might compromise your accounts. You might want to do a search for file "log4j" on your computer to see if you have it. If so, check to see if it has the new "2.15.0" file fix. I had it under my Interactive Brokers directory but they did a download update today when I signed on and installed the new file. Hopefully, other brokers and banks are on top of it.

https://www.dailymail.co.uk/news/article-10307697/Chinese-hackers-exploiting-fully-weaponised-Log4shell-software-vulnerability.html

'Log4Shell could wreck the internet' says cybersecurity expert
The vulnerability comes from Apache's Log4j, a globally popular open source library that helps software developers track changes in applications that they build." (https://www.dailymail.co.uk)

I've changed the name of this thread from "Chinese Internet Attack" to "Computer log4j Vulnerability".

Kudos to @Powdrpig for first bringing this to the community, but the log4j vulnerability did not originate in China, and is unfortunately much wider and deeper than anything from any hackers, although hackers are extremely interested now that the problem has been found.

The long4j code is intrinsic to the Java programming language, and has been around for a long, long time and appears in lots of places -- applications, server software, gaming software, practically everywhere. It lets a program automatically create and add to a log of whatever events the designers want to keep a log on.

But the problem is that it will execute (run) any programming instructions that it is fed, which is Very, Very Bad:

"Each time log4j is asked to log something new, it tries to make sense of that new entry and add it to the record. A few weeks ago, the cybersecurity community realized that by simply asking the program to log a line of malicious code, it would execute that code in the process, effectively letting bad actors grab control of servers that are running log4j.

"Reports differ when it comes to who first raised the alarm about the vulnerability. Some people say it surfaced in a forum dedicated to the video game Minecraft. Others point to a security researcher at Chinese tech company Alibaba. But experts say it’s the biggest software vulnerability of all time in terms of the number of services, sites and devices exposed."

(Full article here: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/ )

Since this code is found in a lot of places, this is really bad news. Researchers are currently working feverishly to fix it, as detailed in the article. I doubt that a PC user is in much of a position to do anything for their own computer, since the name "log4j" doesn't have to show up anywhere for it to be incorporated into some application you use, and the fix is going to have to come from changing the logging code itself.

It's not something that was planted on your computer -- it's something that is essential for some of your software to run, but it has a serious security hole. It is also larger than your computer, involving cloud services and essentially the entire internet.

Now that it's known, the people who work on fixing these things for a living will plug it up. Make sure you stay current on all updates during this time. It is something of a world-wide priority now, in the tech world, at least, and it will get fixed.

Bob.

When one door closes, another opens.
-- Cervantes, Don Quixote
Reply With Quote




Last Updated on December 21, 2021


© 2024 NexusFi™, s.a., All Rights Reserved.
Av Ricardo J. Alfaro, Century Tower, Panama City, Panama, Ph: +507 833-9432 (Panama and Intl), +1 888-312-3001 (USA and Canada)
All information is for educational use only and is not investment advice. There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
About Us - Contact Us - Site Rules, Acceptable Use, and Terms and Conditions - Privacy Policy - Downloads - Top
no new posts