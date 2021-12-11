from Federico Cella

It’s called “Log4Shell” and was discovered in Microsoft’s video game at the end of November by Alibaba experts: “It’s a race against time to fix the hole before anyone can use it to get into the PCs and platforms of companies and governments”

It is the inevitable complexity of digital, which is (almost always) easy to understand only for the end user, in short, us. Because if we write that there is a flaw in one utility Java for Apache, while specifying that it is distributed on millions and millions of servers around the world, it seems that the news in its incomprehensibility is intended only for a handful of very nerdy engineers. If instead we say that this “hole” in the structure of the Internet – discovered by Alibaba analysts at the end of November and not yet “closed” -, it concerns all the big tech names, from Amazon to Apple, via Twitter and Microsoft, then we do our job better of informing people about a possible risk of vulnerability of their computers or corporate and government networks. To explain it even better, what is defined by experts as «one of the worst IT weaknesses discovered in recent years» has certainly already affected a video game with 141 million users like Minecraft. For which Microsoft has already released a patch – in English «patch» – that must be installed with the new update by users, under penalty of opening an entrance door to their PC.

It is called a real race against time, that of security experts in fixing the “flaw” in the code open source

in cloud services and software used by private companies and apparently also from public entities. Governments and state platforms. For fans of the genre, let’s say that the vulnerability has been nicknamed “Log4Shell” and it intervenes right when the user logs in – the entrance – on any platform. It was rated at severity 10 on a scale of 1 to 10 – that is, the worst possible – by the Apache Software Foundation., the non-profit organization (we are talking about software open source, therefore with non-proprietary code) that since 1999 oversees that part of common programs, small pieces of software used by almost any Internet server. Analysts argue that anyone who wants to exploit it can gain full access to a machine not protected by a “patch” created ad hoc. Although experts say that the flaw was immediately “armed” by cybercriminals of various kinds, that is, made dangerous as a gateway to computers and systems, it is not clear whether there have already been any consequences. In this sense,

he tried to contact Amazon, Apple and Twitter without getting answers. Unlike the case of Microsoft, which has already run for cover since the flaw was discovered following an incorrect use of Minecraft by some users.

Contacted by the news agency, Joe Sullivan, Cloudflare’s chief security officer, claims that it is “difficult to think of a company that is not at risk“. When in doubt, Adam Meyers, vice-president of Crowdstrike, another cybersecurity signature, adds: “The internet is on fire right now: technicians are scrambling to repair the servers while others, malicious, are trying to exploit the flaw ». Why we are moving so quickly this weekend, when the problem was first brought to light in China on November 24, seems to be related to the material weather – two dry weeks – that the programmers have had. need to create the repair files. Precisely the complexity of the so-called backend, the “engine” behind our daily use of any network service, app, video game or business software.