News & Tools
- Privacy Opt-Out & Security – Have you done a Web search for your name to see how much of your personal data is public?
Log4j is like a captains log on a ship but for software. It allows a program to record what happens when it runs. Someone figured that telling it to log a specific set of characters makes the program act out and do whatever the entry tells it, like install malware or coin miners. – Ilkka Turunen @llkkaT
- Log4Shell & Log4j Explained – ThreatWire
- Apache Log4j Logging Framework Security Vulnerabilities
- The Internet is on Fire – A vulnerability in the Log4j logging framework has security teams scrambling to put in a fix.
- U.S. warns new software flaw leaves millions of computers vulnerable
- The top U.S. cybersecurity agency is warning that a new, easy-to-exploit software vulnerability has likely lead to hundreds of millions of computer hacks around the world.
- The flaw is in Log4j, a snippet of open-source code widely used in internet applications around the world to help track users’ activity. Since Log4j is used in so many applications, and most modern organizations’ computer networks rely on a hodgepodge of different programs, there are scores of opportunities to exploit that flaw.
- Log4j 1.x is not impacted by this vulnerability.
<Insert Notes/Agenda Here>
Read / Watch / Do
- Read Chapter :
- Do the Written Labs
- Answer the Review Questions
- Do not submit your answers for this chapter. The answers are in Appendix.