Editing Talk:2347: Dependency
Please sign your posts with ~~~~ |
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 82: | Line 82: | ||
== Log4j Zero-Day Vulnerability (CVE-2021-44228) Incident== | == Log4j Zero-Day Vulnerability (CVE-2021-44228) Incident== | ||
− | On December 9, 2021, security researchers discovered a flaw in the code of a software library used for logging. The software library, Log4j, is built on a popular coding language, Java, that has widespread use in other software and applications used worldwide. This flaw in Log4j is estimated to be present in over 100 million instances globally. If exploited, could permit a remote attacker to execute arbitrary code on vulnerable systems | + | On December 9, 2021, security researchers discovered a flaw in the code of a software library used for logging. The software library, Log4j, is built on a popular coding language, Java, that has widespread use in other software and applications used worldwide. This flaw in Log4j is estimated to be present in over 100 million instances globally. If exploited, could permit a remote attacker to execute arbitrary code on vulnerable systems. |
== Loadsharers == | == Loadsharers == | ||
Line 105: | Line 105: | ||
The xz backdoor has brought up an even more disturbing ramification of this situation, which is that a malicious entity (e.g. a nation-state) can create a persona (or multiple), build trust with the random guy maintaining the library since 2003, eventually take over the project, then implant a backdoor that targets core software like OpenSSH. '''The only reason we just avoided one of the largest cyber incidents in history is because one guy running Debian Sid noticed sshd using a ''bit'' more CPU than normal while he was benchmarking something completely unrelated.''' The implications here are '''terrifying'''. | The xz backdoor has brought up an even more disturbing ramification of this situation, which is that a malicious entity (e.g. a nation-state) can create a persona (or multiple), build trust with the random guy maintaining the library since 2003, eventually take over the project, then implant a backdoor that targets core software like OpenSSH. '''The only reason we just avoided one of the largest cyber incidents in history is because one guy running Debian Sid noticed sshd using a ''bit'' more CPU than normal while he was benchmarking something completely unrelated.''' The implications here are '''terrifying'''. | ||
[[Special:Contributions/172.70.210.131|172.70.210.131]] 20:02, 30 March 2024 (UTC) | [[Special:Contributions/172.70.210.131|172.70.210.131]] 20:02, 30 March 2024 (UTC) | ||
− | |||
− |