The tech world is in turmoil following the discovery of a considerable “flaw in the system” called “Log4 Shell” which today is identified as a risk for numerous high-caliber platforms: the threat to user security has been recorded for Amazon and Apple servers but also in the case of Microsoft.

The hugely popular game of Minecraft in particular it is in the spotlight having been the Log4Shell discovery vehicle, intercepted for the first time in late November by some experts of the Chinese giant Alibaba.

Some expert opinions and a simplified form of the issues behind this technical issue are, for the moment, the only information in the public domain.

Log4Shell: what is it and why is it a problem?

The vulnerability found was nicknamed “Log4Shell” precisely because it intervenes when the user logs in on any platform.

L’Apache Software Foundation, the non-profit organization that has supervised that part of joint programs since 1999, has expressed an evaluation of weight. According to reports the severity of this flaw is 10 on a scale of 1 to 10. In summary, in fact, we are talking about “One of the worst IT weaknesses discovered in recent years”, which in particular, counting only the users of the Minecraft video game, affects over 141 million users.

L’current goal is to correct the “flaw” in the open source code in cloud services and software precisely because otherwise the systems used by private companies and also by public entities such as governments and state platforms would be at risk.

Microsoft: voice to the experts

THE alarming quotes they are very popular but, in conditions like the present ones, there is no need to be particularly fancy. In fact, it is not a generic news of a malfunction or an alarmist announcement, the same operational management of some work teams recognizes and reports the seriousness of the situation; the statements of those who are physically involved in intervening on the problem are harsh and lapidary.

An example is precisely the speech of Joe Sullivan, Cloudflare’s chief security officer, to the Associated Press news agency which, in releasing an interview, claims how it is “It is difficult to think of a company that is not at risk”. The reason is the widespread diffusion of this problem and above all the number of companies (and therefore of users) directly involved. Adam Meyers, Crowdstrike vice president, on the other hand, it is expressed in even more critical terms if we want to:

“The Internet is on fire right now: technicians are scrambling to repair the servers while others, malicious ones, are trying to exploit the flaw.”

While these responses might generate fears, it is just as surreal blackout from Amazon and Apple who refused any journalistic interview.

How can the problem be stemmed?

The insiders therefore define it as a race against time to repair the hole before someone can use it to enter the PCs and platforms of companies and governments. However, a fairly efficient temporary security mechanism has been devised for Minecraft. Microsoft has recently released a patch – in English «patch» – which must be installed with the new update by all users.

The problem that arose in this case, moreover, was the high rate of very young users who populate the servers without supervision and without even the adequate knowledge of basic IT security standards.

The only certain thing at the moment is that the IT technicians of each of the companies mentioned are still working to stem the problem and limit the possible damage that this dramatic and complex flaw could cause to millions of users around the world.

In short, at the moment the only plausible solution is to inform people about a possible risk of vulnerability of their computers or the networks they use and “dab” until the tear is completely mended.