Thread #log4j
"The ‘most serious’ security breach ever is unfolding right now. Here’s what you need to know."
Wondering how this affects #voting machines? Is anyone looking into that?
@rad_atl @VickerySec @kiniry @benniejsmith
via @washingtonpost
washingtonpost.com/technology/202…
"The ‘most serious’ security breach ever is unfolding right now. Here’s what you need to know."
Wondering how this affects #voting machines? Is anyone looking into that?
@rad_atl @VickerySec @kiniry @benniejsmith
via @washingtonpost
washingtonpost.com/technology/202…
“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,” Jen Easterly, U.S. Cybersecurity and Infrastructure Security Agency director, said in a Thursday interview on CNBC.
"#Log4j is a chunk of code that helps software applications keep track of their past activities. Instead of reinventing a “logging” — or record-keeping — component each time developers build new software, they often use existing code like log4j instead. It’s free on the Internet"
"A few weeks ago, the cybersecurity community realized that by simply asking the program to log a line of malicious code, it would execute that code in the process, effectively letting bad actors grab control of servers that are running #log4j."
"Huge swaths of the computer code that modern life runs on use Java and contain log4j. Cloud storage companies such as Google, Amazon and Microsoft, which provide the digital backbone for millions of other apps, are affected."
"So are giant software sellers whose programs are used by millions, such as IBM, Oracle and Salesforce. Devices that connect to the Internet such as TVs and security cameras are at risk as well."
"That doesn’t mean everything will be hacked, but it just got a lot easier to do so — just as if the locks on half of the homes and businesses in a city suddenly stopped working all at once."
"the vulnerability is straightforward to take advantage of. In the Minecraft video game, it’s as easy as typing a line of malicious code into the public chat box during a game."
"The vulnerability also gives hackers access to the heart of whatever system they’re trying to get into, cutting past all the typical defenses software companies throw up to block attacks. Overall, it’s a cybersecurity expert’s nightmare."
"Computer programmers and security experts have been working night and day since the vulnerability was publicized to fix it in whatever piece of software they’re responsible for... “Some of the people didn’t see sleep for a long time, or they sleep like three hours, four hours." 
I'm just wondering if the staff at @essvote & @dominionvoting & @HartInterCivic & @clearballot have staff working around the clock on this? Not a rhetorical question. Would love an answer.
"Hackers have been working just as hard as the security experts to exploit log4j before the bug gets patched... Hackers have already tried to use it to get into nearly half of all corporate networks around the world..."
"Keep an eye out for an influx of phishing messages in the coming days ... If you get an email saying that your account has been compromised or your package failed to deliver, don’t open any links or attachments."
"The best thing regular computer users can do is make sure the apps they use are updated to their most recent versions... Developers will be sending out patches over the coming days to fix any #log4j issues, and downloading those quickly will be important."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
