By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Latest Log4j vulnerability a reminder of far reaching impact of software dependencies
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Latest Log4j vulnerability a reminder of far reaching impact of software dependencies
CybersecurityEnterpriseSoftware

Latest Log4j vulnerability a reminder of far reaching impact of software dependencies

Alfred Siew
Last updated: December 16, 2021 at 5:16 PM
Alfred Siew Published December 16, 2021
5 Min Read
SHARE
  • PHOTO Aditya Singh from Pexels

A single piece of software used commonly to record often mundane happenings on a server or application is now responsible for IT folks scrambling to look for loopholes in their cloud services, software programs and connected devices.

From the popular Microsoft Minecraft game to cloud services from Google and Amazon, many of the digital content and services people enjoy today rely on foundational pieces of code, including this little logging tool called Log4j.

A vulnerability found a few days ago in Log4j has been shown to allow intruders to run malicious code, open up backdoors and take over a whole myriad of devices and services.

Just take a look at the list of known items affected, according to researchers in the Netherlands. Most importantly, it includes a number of cloud service providers, network equipment vendors and cybersecurity vendors as well.

If you were a hacker, yes, you would be quick to start scanning for organisations that are slow to patch up their systems to batten down the hatches.

That’s because, once you’re in, you have control of the system, possibly from a very deep level, to see what the victim will be trying to do next. From there, you evade and keep hidden until it’s time to, say, steal data or lock up a system for ransomware.

Not surprisingly, many cybersecurity companies have found increased activity – up to hundreds of intrusion attempts per minute – from hacker groups. They have been given a golden opportunity here.

In response, governments around the world, including in Singapore, have also been quick to remind businesses to update their software to keep out attacks. Many businesses have sprung into action to look for vulnerabilities.

Unfortunately, the issue is not just about patching up one’s server software – that itself is a painful thing, if you ask any IT administrator – it has to do with first looking for all the services and devices that depend on this piece of code that has now presented a loophole into their systems.

Indeed, the difference between this Log4j loophole and others that are discovered daily is its sheer ubiquity.

Since the open-source Log4j code, maintained by the nonprofit Apache Software Foundation, is used so commonly and as a foundational element in much of today’s IT infrastructure, the impact of a vulnerability is a lot more widespread.

With so much interconnected today, it is not easy to simply shut down one service, get it back online and hope everything else connected to it goes on running.

Think of a cloud service that goes offline. It affects the applications that are hosted there, which in turn affects many users down the line, who may be supporting others with their own applications and services.

And updating is not as simple as pressing an update button. Some software or devices that use Log4j might require you to get the patches from vendors, so you have to wait for those vendors to deliver the update.

With others you may try to update the individual Log4j code yourself or, as a temporary fix, use a Web application firewall (WAF) to block off access to potential intruders, according to cybersecurity companies such as Mandiant.

Increasingly, as more complex systems get set up and interlinked, any foundational element that gets exposed will cause widespread vulnerability and disruption.

Like it or not, this is part of the experience for today’s software-driven IT world. Software does eat up the world, to paraphrase a popular saying.

The good news is that at least Log4j was based on open source code. When there’s a vulnerability, it’s quickly known to all who use it, which means everyone jumps in to find a solution, as is the case now.

As an engineer friend of mine told me, imagine if this were a piece of proprietary software and the company behind it had hidden it and taken a long time to offer an update. That would make things a lot worse.

You Might Also Like

After another DBS outage, is it time to make banks publicly report service uptime?

IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach

SPTel offers multi-network eSIM service to businesses running IoT apps

As TikTok faces a possible ban in the US, should users elsewhere be worried?

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

TAGGED: cybersecurity, Java, Log4J, malware, Mandiant, think, vulnerability

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew December 16, 2021
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Binance to cease trades in Singapore, focus on blockchain innovation
Next Article Holiday Gift Guide 2021: A tech gadget to bring a smile to a face
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Five ways the Roborock S8 robot vacuum will change the way you clean your home
Internet March 31, 2023
After another DBS outage, is it time to make banks publicly report service uptime?
Enterprise Internet March 30, 2023
Xiaomi 13 Pro review: A photography powerhouse with 1-inch image sensor
Cellphones Mobile March 29, 2023
IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach
Cybersecurity Enterprise Software March 29, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?