What is Log4j and how do I Protect Against It?

How Log4j Works

Log4j is a Java-based logging tool released on January 8th, 2001 and helps companies keep track of errors within their systems. On November 24th, 2021, the Alibaba security team found a vulnerability in the coding for a remote execution dubbed Log4Shell that allows hackers to slip past authentication services with a simple line of code pasted in any text box. The vulnerability was sent out to the world on the 9th of December 2021 in a Tweet. Popular affected services include iCloud, Tencent, Twitter, Steam, and Minecraft: Java Edition.

How to Protect Against Log4j Vulnerabilities

Without the need for super specific details, the general rule of thumb is to make sure that everything is up-to-date. That means downloading the latest software updates for your computers and phones, making sure that you are using the latest operating system, and following the guidelines from your software’s creators. It is also advised to not use any free software that does not have a user license agreement. Most big companies have already found fixes and modified their software accordingly, so don’t panic.

As a general Internet Safety reminder, remember to always be aware of oddities within your important information, such as banking account info. Make sure that you have a track record of amounts within your accounts and a log of what websites you trust with your information. Report any discrepancies and steer clear of dodgy websites. Don’t click on links from people you don’t know and if someone you do know sends something that seems odd or asks you to click a link or send them gift card codes, don’t do it.

We live in an age where everything is stored in clouds and where being careful is paramount. Stay safe this holiday season!

Reference:

How to Protect Your Company Against Log4j Vulnerability:
https://acho.io/blogs/how-to-protect-your-company-against-log4j-vulnerability