What is Log4j and how does it affect you?

A huge number of cyberattacks exploit a dangerous flaw called log4shell in the log4j. We will see how this form of attack works and whether it can affect us.

log4j log4shell 61b6fffbc3af9 sej 1520x800

What Is Log4j?

The log4j error is also called the log4shell vulnerability and is known by the number CVE-2021-44228 ) is a weakness mainly in Apache server. The bug is in the log4j open source library, a collection of predefined commands that developers use to speed up their work and prevent them from repeating complex code.

Libraries are the foundation of many, if not most, programs, as they save us a lot of time. Instead of having to write a whole code over and over again for some tasks, you just write a few commands that tell the program that it needs to get something from a library. Think of them as shortcuts that you can put in your password.

However, if something goes wrong, such as in the log4j library, it means that all programs that use this library are affected. This would be serious on its own, but Apache runs on too many servers.

How the Log4j defect works

You can replace a single text string (a κώδικα) που την κάνει να φορτώνει δεδομένα από κάποιον άλλο in Dia.

A hacker can feed the log4j library with a line of code that tells the server to get data from another server, owned by the hacker. This data could be anything from a script that collects data on the devices connected to the server, such as program fingerprints s, but even worse it could take control of said server.

Impact of Log4j

The impact of this defect is huge, as one-third of servers worldwide are affected, including those of large corporations such as Microsoft as well as Apple's iCloud and its 850 million users. The servers of the Steam gaming platform are also affected. Even Amazon has servers running Apache.

It's not just the big companies that could hurt. There are many smaller companies running Apache. The damage a hacker could do to a system is small enough for a multi-billion dollar company, but to a small company it could be fatal.

All one can do now is install patches that fix the defect. However, experts already say that it will take years to completely repair all the affected systems. Cybersecurity professionals should find out which systems have been affected by this defect, but checks should also be made to see if the system has been compromised and if so, what the hackers did in those files.

Even after some updating, there is a possibility that hackers have left behind something that still does its job. This means that the servers need to be cleaned and reinstalled. Lots of work that can not be done in one day.

How does Log4j affect you?

All of the above may sound like something that can only affect companies and not individuals. However, there is a risk to everyone, even if they are not running a server Apache.

As we mentioned, the hacker steal data from some servers. If a company doesn't secure the data properly (without encryption), there will be .

This data could be anything from usernames, passwords or even your Internet address and activity. Your credit card information is usually encrypted.

Although it is too early to say what will happen now, it seems that very few people will be able to avoid the effects of log4j.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Log4j, log4j vulnerability, log4j example, iguru

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).