Key Takeaways
- Ntau txhiab tus neeg siv online thiab cov kev pabcuam tseem raug cuam tshuam rau qhov txaus ntshai, thiab yooj yim siv loj4j qhov tsis zoo, nrhiav cov kws tshawb fawb.
- Thaum qhov kev hem thawj tseem ceeb yog cov servers lawv tus kheej, cov servers raug tuaj yeem ua rau cov neeg siv kawg muaj kev pheej hmoo, qhia cov kws tshaj lij cybersecurity.
- Hmoov tsis zoo, muaj tsawg tus neeg siv tuaj yeem kho qhov teeb meem ntxiv rau kev ua raws li cov kev coj ua zoo tshaj plaws hauv desktop.
Qhov phom sij txaus ntshai4J qhov tsis txaus ntseeg tsis kam tuag, txawm tias lub hlis tom qab kho cov kab laum yooj yim tau tsim muaj.
Cov kws tshawb fawb txog Cybersecurity ntawm Rezilion tsis ntev los no tau tshawb pom ntau dua 90, 000 cov ntawv thov kev siv internet tsis zoo, suav nrog ntau dua 68, 000 qhov muaj peev xwm ua rau Minecraft servers uas nws cov thawj coj tseem tsis tau siv thaj chaw ruaj ntseg, nthuav tawm lawv thiab lawv cov neeg siv los tawm tsam cyberattacks. Thiab muaj me ntsis koj tuaj yeem ua tau txog nws.
"Hmoov tsis zoo, log4j yuav haunt rau peb cov neeg siv internet ib ntus," Harman Singh, Tus Thawj Coj ntawm cybersecurity service provider Cyphere, hais rau Lifewire hauv email. "Raws li qhov teeb meem no tau siv los ntawm server-sab, [neeg] tsis tuaj yeem ua ntau yam kom tsis txhob cuam tshuam ntawm server cuam tshuam."
Qhov muaj qhov tsis zoo, hu ua Log4 Plhaub, tau tshaj tawm thawj zaug thaum Lub Kaum Ob Hlis 2021. Hauv xov tooj qhia rov qab thaum ntawd, tus thawj coj ntawm US cybersecurity thiab infrastructure security Agency (CISA), Jen Easterly, tau piav qhia qhov tsis zoo li "ib qho ntawm feem ntau. hnyav uas kuv tau pom hauv kuv txoj haujlwm tag nrho, yog tias tsis yog qhov loj tshaj plaws."
Nyob hauv kev sib pauv email nrog Lifewire, Pete Hay, Tus Thawj Coj Qhia ntawm cybersecurity testing and training company SimSpace, tau hais tias thaj tsam ntawm qhov teeb meem tuaj yeem ntsuas tau los ntawm kev muab tso ua ke ntawm cov kev pabcuam tsis zoo thiab cov ntawv thov los ntawm cov neeg muag khoom nrov xws li Apple, Chav., Twitter, Amazon, LinkedIn, Tesla, thiab kaum ob ntawm lwm tus. Unsurprisingly, lub zej zog cybersecurity teb nrog tag nrho cov quab yuam, nrog Apache tso tawm ib thaj yuav luag tam sim.
Sib faib lawv cov kev tshawb pom, Rezilion cov kws tshawb fawb vam tias feem ntau ntawm, yog tias tsis yog tag nrho, cov servers tsis zoo yuav raug kho, muab cov xov xwm loj heev nyob ib puag ncig cov kab mob. "Peb ua yuam kev," sau cov kws tshawb fawb xav tsis thoob. "Hmoov tsis zoo, txhua yam nyob deb ntawm qhov zoo tagnrho, thiab ntau daim ntawv thov muaj kev cuam tshuam rau Log4 Plhaub tseem muaj nyob hauv cov tsiaj qus."
Cov kws tshawb fawb pom cov xwm txheej tsis zoo siv Shodan Internet ntawm Yam (IoT) tshawb fawb cav thiab ntseeg tias cov txiaj ntsig tsuas yog qhov kawg ntawm cov dej khov. Qhov tseeb qhov chaw tawm tsam tsis zoo yog qhov loj dua.
Koj puas txaus ntshai?
Txawm hais tias muaj qhov cuam tshuam loj heev, Hay ntseeg tias muaj qee qhov xov xwm zoo rau cov neeg siv hauv tsev nruab nrab. "Feem ntau ntawm cov [Log4J] qhov tsis zoo no muaj nyob rau ntawm daim ntawv thov servers thiab yog li tsis zoo li cuam tshuam rau koj lub computer hauv tsev," Hay hais.
Txawm li cas los xij, Jack Marsal, Tus Thawj Coj Loj, Kev Lag Luam Khoom Lag Luam nrog cybersecurity tus neeg muag khoom WhiteSource, tau taw qhia tias tib neeg cuam tshuam nrog cov ntawv thov thoob plaws hauv Is Taws Nem txhua lub sijhawm, los ntawm kev yuav khoom hauv online mus rau kev ua si hauv online, nthuav tawm lawv mus rau kev tawm tsam thib ob. Tus neeg rau zaub mov muaj kev cuam tshuam tuaj yeem nthuav tawm tag nrho cov ntaub ntawv uas tus neeg muab kev pabcuam tuav txog lawv cov neeg siv.
"Tsis muaj txoj hauv kev uas ib tus neeg tuaj yeem paub tseeb tias daim ntawv thov servers lawv cuam tshuam nrog tsis muaj kev cuam tshuam rau kev tawm tsam," Marsal ceeb toom. "Lub visibility tsuas tsis muaj."
Hmoov tsis zoo, txhua yam nyob deb ntawm qhov zoo tshaj plaws, thiab ntau daim ntawv thov muaj kev cuam tshuam rau Log4 Plhaub tseem muaj nyob hauv cov tsiaj qus.
Rau qhov kev ceeb toom zoo, Singh tau taw qhia tias qee tus neeg muag khoom tau ua kom yooj yim rau cov neeg siv hauv tsev los daws qhov tsis zoo. Piv txwv li, taw rau Minecraft daim ntawv ceeb toom, nws tau hais tias cov neeg uas ua si Java tsab ntawm qhov kev ua si xav tau tsuas yog kaw txhua qhov kev ua si ntawm qhov kev ua si thiab rov pib lub Minecraft launcher, uas yuav rub tawm cov patched version tau txais.
Cov txheej txheem yuav nyuaj me ntsis thiab koom nrog yog tias koj tsis paub tseeb tias Java daim ntawv thov twg koj tab tom khiav hauv koj lub computer. Hay hais kom nrhiav cov ntaub ntawv nrog.jar,.ear, lossis.war extensions. Txawm li cas los xij, nws tau hais ntxiv tias tsuas yog muaj cov ntaub ntawv no tsis txaus los txiav txim seb lawv puas raug rau lub log4j qhov tsis zoo.
Nws tau hais kom tib neeg siv cov ntawv sau los ntawm Carnegie Mellon University (CMU) Software Engineering Institute (SEI) Pab Pawg Pabcuam Kev Pabcuam Kub Kub Kub Kub (CERT) txhawm rau rub lawv lub khoos phis tawj rau qhov tsis zoo. Txawm li cas los xij, cov ntawv sau tsis yog duab, thiab siv lawv yuav tsum tau nqis mus rau kab hais kom ua.
Txhua yam uas tau txiav txim siab, Marsal ntseeg tias nyob rau hauv lub ntiaj teb kev sib txuas niaj hnub no, nws yog nyob ntawm txhua tus neeg siv lawv txoj kev siv zog zoo tshaj plaws ntawm kev ruaj ntseg. Singh tau pom zoo thiab qhia rau tib neeg kom ua raws li cov kev coj ua kev nyab xeeb hauv desktop kom nyob rau sab saum toj ntawm txhua yam kev ua phem uas tshwm sim los ntawm kev siv qhov tsis zoo.
[Tib neeg] tuaj yeem ua kom lawv cov tshuab thiab cov cuab yeej hloov kho tshiab thiab kev tiv thaiv qhov kawg nyob rau hauv qhov chaw," Singh hais. "Qhov no yuav pab lawv nrog kev ceeb toom kev dag thiab kev tiv thaiv kev poob qis los ntawm kev siv tsiaj qus."
