The "nuclear bomb level" log4j vulnerability is still widespread and has a continuing impact

Produce ：OSCHINA, edit ： Boiled water without sugar  

source ：https://www.oschina.net/news/203874/log4j-the-pain-just-keeps-going-and-going

Log4j “ Nuclear grade ” Loophole Log4Shell May affect the world forever .

Department of homeland security (DHS) Network Security Review Committee (CSRB) Recently released for last year Log4Shell Vulnerability Investigation Report ：

https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf

CSRB This year 2 The month is only by DHS Established institution , Responsibility is to investigate major network security incidents , And provide a report containing recommendations to improve National Cybersecurity .CSRB The first incident investigated was last year Log4j Explosive “ Nuclear grade ” Loophole .

According to the report , Although there is no indication that due to Log4j Vulnerabilities and major network attacks , But it will still be “ Be used in the next few years ”. Deputy Secretary of Homeland Security Rob Silvers Also said ：“Log4j Vulnerability is one of the most serious software vulnerabilities in history .”

CSRB The board mentioned , It's amazing ,Log4j The degree of vulnerability utilization is lower than experts' expectation . They also said , At present, there is no significant... For key infrastructure systems Log4j attack , But there are some cyber attacks that are not mentioned in the report .

The board said , Future attacks are likely to be largely due to Log4j Often embedded in other software , Due to indirect dependence, it is difficult for enterprises to find running in their systems . They lighten Log4j The impact of vulnerabilities and the overall improvement of network security put forward some suggestions , This includes advising universities and community colleges to make cybersecurity training an integral part of their computer science degree and certification programs .

according to sonatype Statistical data (https://www.sonatype.com/resources/log4j-vulnerability-resource-center), stay Maven Central On , Vulnerable every working day Log4j There are still more than 100,000 Number of downloads per time .

Finally, ask ： Yours Log4j Has the vulnerability been fixed ？ Let's talk in the message area

We have created a high-quality technical exchange group , With good people , I will be excellent myself , hurriedly Click Add group , Enjoy growing up together . in addition , If you want to change jobs recently , Years ago, I spent 2 A wave of large factory classics were collected in a week , Those who are ready to change jobs after the festival can Click here to get ！

Recommended reading

• “12306” How awesome is the architecture of ？
  

• Sentinel vs Hystrix Current limiting comparison , How to choose ？
  

• Spring Batch processing framework in family bucket , Really strong ！
  

··································

Hello , I'm a procedural ape DD,10 Old driver developed in 、 Alibaba cloud MVP、 Tencent cloud TVP、 I have published books and started a business 、 State-owned enterprises 4 In the Internet 6 year . From ordinary developers to architects 、 Then to the partner . Come all the way , My deepest feeling is that I must keep learning and pay attention to the frontier . As long as you can hold on , Think more 、 Don't complain 、 Do it frequently , It's easy to overtake on a curve ！ therefore , Don't ask me what I'm doing now, whether it's in time . If you are optimistic about one thing , It must be persistence to see hope , Instead of sticking to it when you see hope . believe me , Just stick to it , You must be better than now ！ If you don't have any direction , You can pay attention to me first , Some cutting-edge information is often shared here , Help you accumulate the capital to overtake on the curve .

Click to collect 2022 newest 10000T Learning materials