When your tools turn against you!
Log4J is one of the most commonly used components in any Java based infrastructure. It's been around for a couple of decades, has a wide range of features, is high performance and is the logging framework that all others are judged by. However, a recently discovered vulnerability that allows a remote attacker to trivially exploit and run arbitrary code has set the Internet alight. Used by millions of applications across the world (even in games such as Minecraft), every security department around the world is scrambling to either upgrade Log4J or figure out a workaround. This is going to have a big impact, a long tail and will (hopefully) bring to light the challenges involved in using third party libraries, wherever they might come from.
Here's a link to the full guest post on ITP's Tech Blog:
Peter Membrey is a Chartered Fellow of the British Computer Society, a Chartered IT Professional and a Chartered Engineer. He has a doctorate in engineering and a masters degree in IT specialising in Information Security. He's co-authored over a dozen books and a number of research papers on a variety of topics. These days he is focusing his efforts on creating a more private Internet, raising awareness of STEM and helping people to reach their potential in the field.