return to bolang life
Chapter 474
Chapter 474
"How about it, is our loss big?" Wen Liang's face was calm and his mind was calm.
It's true to pay attention to it, but anyway, something has happened, so you have to accept it no matter what, there's no need to embarrass yourself, just face it and it's over.
Li Ze's hearty laughter came from the receiver: "Don't worry, we still have zero losses!"
"Ok?"
"Curious?"
"Of course, the news that the old man gave me is so serious that he knows..."
"I see!"
As he said that, Li Ze restrained his smile: "I know there are people around you, and it took a lot of time to investigate, so I didn't rush to contact you. Judging from the current situation, I can be sure that the impact on us will be minimal and negligible. .”
Then Li Ze explained the situation in detail: "Among all our external service systems, only Apache used this log component when it was first launched. Later, we abandoned it because of its open source feature."
"Among them, because we have spent a lot of effort to independently develop the Stellar Cloud system, almost all third-party open source components are only used as references and will not be incorporated into the official version, so external enterprise-level products such as Stellar Cloud services will not be affected. .”
"And the star service system, which is gradually entering pilot operation, rarely introduces third-party open source components."
"On the other hand, due to the completely independent research and development nature of the star system, the definition of some modules is completely different from the current mainstream system. At that time, it was because of the need to avoid various patent infringement risks.”
"In short, thanks to the compliance and autonomy you emphasized at the beginning, although all of our independent platforms have gone through a very difficult initial stage and needed to create a new system, it is precisely because of this that they are different from each other. Safety."
After saying this, Li Ze turned to say: "According to the feedback from the network security department under the group's network security and user privacy department, this vulnerability has been submitted to Apache by Alibaba Cloud, and according to reliable information, Apache has started testing the patch plan. It will be released today.”
"After extensive analysis, the relevant personnel of the company have assessed the scope of the impact of this log component vulnerability, which is more serious than very serious. It is estimated to be the most serious computer vulnerability discovered in recent years!"
"The attack threshold is beyond imagination, and the operating authority that attackers can obtain through attacking vulnerabilities is unlimited! And according to incomplete statistics, almost all Java-like frameworks will use this log component, and it is rare to use it in a wide range."
After listening to Li Ze's brief description, Wen Liang laughed: "Get ready, Ali is going to suffer a lot."
"How should I say it?" Li Ze was not in a hurry, and even his tone became serious.
Wen Liang replied patiently: "Alibaba Cloud discovered the vulnerability and reported it to Apache, the industry organization that developed it. Even if it is only a priority report, it is okay to know that the scope of the vulnerability has been shared with relevant competent units including Gongxin in the follow-up communication. ;
But Alibaba Cloud did not. Not only did it not share when it was discovered, it was not just that it did not share after knowing the serious situation. Even when Gongxin had already actively discovered the loophole, it still did not ventilate...
However, the vulnerability has a wide range of influence, the attack threshold is low, and the attack can be said to be ubiquitous. At this critical moment, if you say he will not suffer, who will suffer? "
Li Ze quickly thought of the key point: "In my impression, the procedures of the relevant units are not very clear, and Alibaba Cloud is an ordinary company, can you find an excuse to explain?"
Wen Liang asked back: "Do you think Alibaba Cloud has a wide range of businesses based on its current development trend?"
"Understood." Only then did Li Ze get excited, "I will prepare well, you just wait and watch the show, we couldn't get the patent authorization in the early stage, and we couldn't get a new authorization in the early stage because of America's human control. Every penny spent on research and development will be paid back in the near future!"
Wen Liang is very calm: "Don't stand out first, wait for Gongxin's announcement, and don't notify your friends and merchants. When you can notify them, someone will take the initiative to notify them. Let's not meddle in our business."
Li Ze responded.
After finishing the call, Wen Liang flipped through his phone and found a company email that was copied to him a few minutes ago. The content contained a concise description of the causes, consequences and scope of the vulnerability of this component called Log4j2.
The technical analysis process is not abbreviated because the recipient of the email may not be technically savvy.
Bolang's internal procedures already have some regulations. It's not that there are no fooling things, but as long as you have a brain, you won't copy the adulterated and fooling things to Wen Liang and the other executives.
Wen Liang and the others may not understand technology, but in such a big Bolang, can't they find someone who understands technology?
Moreover, as long as people in the pan-technical department bring their brains to work, they should be aware that the two main chief technical engineers who often haunt the company are members of the founder team.
One is Li Bowen and the other is Sun Baoyin.
Not to mention that Zhang Yulin, another member of the founder team, is the chief engineer of the self-developed operating system... It is more enjoyable to go on a horse to fool the technical content than to resign voluntarily.
In fact, asking Wen Liang to type the code is really impossible, but let him see the principle of the technical process... Hehe, do you think he can understand it?
If there is no reference to these few things, they are indeed vague, but if they really have the content in front of them, they can be easily linked together.
After turning around for 3 minutes, Wen Liang exclaimed: "This is all a loophole in inertial thinking. If I was still in a technical position at that time, I guess I might have discovered this stuff..."
"I dare to believe that the input of human beings is correct every time... tsk tsk tsk..."
He really wasn't bragging.
The reason why Li Ze said that the attack threshold of this vulnerability is so low that it is outrageous is that it is just a simple input error...for example, adding a space when entering the url...you can bypass various checks and directly attack the Any content that is preset to be executed on the accessed machine or even in the entire local area network is arbitrary content.
What read files etc. That's just a breeze.
The Log4j2 log component is very powerful, but it is a pity that the judgment of various parameters is not rigorous.
In short, with Wen Liang's modular thinking when writing code, it is easy to find that the judgment conditions defined in the native component code are not rigorous.
So... According to the defense of Alibaba Cloud in later generations, it is a public relations term to say that the seriousness of the vulnerability was not known at the beginning.
It has nothing to do with technology.
It's purely inside the Alibaba department that it's really... a bit rotten.
Not only did the upper management have no relevant thoughts, but even the technical level may not have thought of notifying the domestic authorities to prevent network security risks.
Because this is a very low-level but serious error that will be known after discovery.
…………
At around 8 o'clock in the evening, just as Wen Liang returned to the hotel where he was staying, the secretary of the old Miao over there was summoned to the old Miao's house.
The secretary came with a supervisor engineer.
You personally participated in the handling of this serious vulnerability.
The old Miao's complexion was gentle and elegant, and his sitting posture was dignified and dignified, which was the appearance that a big boss should have, not the loose appearance about half an hour ago.
Even the previously loose hair has become meticulous again.
The secretary has been following the old sign for a few years, of course he knows his temper, and took the initiative to report directly: "After cooperating with neighboring units, urgent investigation and repair, the loopholes of the main servers of all key units have been completely repaired, and a simple Temporary circumvention solution."
"According to the current statistics, the external servers of several key units such as National Defense Science and Industry have evidence that there has been an intrusion through this vulnerability, and some data have traces of illegal access. The total number of times exceeds a thousand...
Some of these units have recently experienced massive cyber attacks that are suspected to be related to this vulnerability. "
"A certain unit may have confidential electronic files that have been illegally accessed..."
After the one-five-one-ten description, the secretary took a light breath: "According to the preliminary joint research and judgment with the neighboring units, the potential loss caused by this vulnerability may exceed the Prism."
"The simplicity of this vulnerability and the depth of the attack... are too rare. According to reliable sources, Apache will list this vulnerability as the highest level of 10 points in the CVSS general vulnerability scoring system, which is extremely dangerous."
After the secretary finished his report, he looked at the engineer supervisor who came with him and said, "For other aspects, I will ask Lin Gong to make up for it."
Lin Gong did his part and added the main point: "After systematic analysis, the principle of this vulnerability is very simple. Once discovered, the danger level can be easily judged. Under normal circumstances, the concept of triggering is not big, but the threshold for triggering is very low. In total, only three lines of code need to be written. .”
"...In addition, according to the comprehensive information summary of the neighboring units, the internal system of the key units derived from the star kernel cannot be loaded with the vulnerability log component, and because it does not support one of the JNDI interfaces that trigger the vulnerability, it cannot be attacked at all. , including all operating system products derived from the Star kernel;
Among them, the pilot unit uses the star cloud for non-critical services, so there is no such loophole. "
"All Aliyun products that have been used more normally have discovered this vulnerability. The maintenance engineers of Alibaba Cloud have not reported the vulnerability so far, nor have they implemented a temporary evasion solution..."
The old Miaotou couldn't help cursing in his heart: "Fuck."
He is really speechless.
How can there be such a unit on horseback!
He is such a refined and easy-going person!
I couldn't help but fuck.
Later, the old man made a decision: "Since a temporary circumvention solution has been formed and a preliminary conclusion has been drawn, the risk will be notified to a wider range immediately."
"An official announcement will be made in three hours."
The secretary wrote it down as he said, and put forward his own suggestion after deliberation: "Should we wait until tomorrow day?"
The old man directly vetoed it: "There is no need to wait any longer."
After that, the secretary first helped to send Lin Gong out of Lao Miao's house, and then turned back. He knew that Lao Miao still had instructions.
The old man directly arranged: "Initiate a meeting tomorrow morning to discuss the establishment of information security risk norms and discuss how to establish a normalized information security prevention organization."
"Should the announcement reflect the punishment decision on Alibaba Cloud?" the secretary asked a special question.
The old man shook his head: "We will make a decision after everyone discusses it."
Finally, he said: "Tell Wen Liang the results of the performance of the stars and stars and clouds."
The secretary nodded again.
…………
Later, Wen Liang received a message notification.
Wen Liang notified Li Ze again, telling him to be ready to attack at any time.
In this way, because of a loophole, the technical support departments of countless domestic Internet companies and information technology companies were all busy in the first half of the night.
Although losses may have already been caused, it is precisely because of this that we must quickly clean up the loopholes every minute, so as not to cause new losses.
It cannot be said that if one person is hacked, it is black, and if ten people are hacked, it is also black.
Subsequently, at around 11 o'clock in the middle of the night, the Internet Security Bureau of Industry and Information Technology issued a work dynamic announcement.
"Network Security Risk Tips Regarding Major Security Vulnerabilities of Apache Log4j2 Components"
The content of the announcement stated:
"Apache (Apache) Log4j2 component is an open source log framework based on Java language, which is widely used in business system development.Recently, Alibaba Cloud Computing Co., Ltd. discovered a remote code execution vulnerability in the Apache Log4j2 component, and notified the Apache Software Foundation of the vulnerability...
On October 10th, the daily inspection of the subordinate staff of the network security found that there was a serious security vulnerability in the Apache Log25j4 component, and the vulnerability risk analysis, investigation and repair have been carried out...
This vulnerability may lead to remote control of the device, causing serious harm such as sensitive information theft, device service interruption, etc. It is a high-risk vulnerability...
In order to reduce network security risks, relevant units and the public are reminded to pay close attention to the official patch release of the Apache Log4j2 component vulnerability, and a temporary solution is now issued.
Network security will continue to organize and carry out vulnerability disposal work, prevent the risk of network product security vulnerabilities, and maintain public Internet network security...』
The act of releasing the announcement late at night naturally quickly touched various groups.
It was also widely disseminated quickly.
It triggered various discussions among netizens who are night owls eating melons.
Soon, the programmers who have always been good at staying up late all bubbled up and expressed their concern about the incident through various channels.
Netizens are also chatting in full swing.
"This time, Gongxin responded so quickly, and even completed a temporary solution, which is a bit surprising."
"I am a liberal arts student who doesn't understand these things, but I found a more interesting point from the announcement. This vulnerability was discovered by Alibaba Cloud, but it was only notified to Apache, not to Net Security. It was discovered by Net Security itself. How much impact does this loophole have if you don’t know how to talk about it?”
Baldness is my dignity as a strong man: "I just read the temporary solution and the vulnerability situation, how do you say the scope of influence... As long as it is a networked machine, as long as this component is used, the underwear can be seen. According to As far as I know, this Log4j2 is the log component project launched by Apache last year;
The purpose is to cope with joining Apache and quitting Apache and developing the new work Slf4j by the author of Log4j...In short, because Apache under the Apache organization is the number one web server in the world, so...Log4j2 is now You understand the scope of use. "
Staying up late is my protective color: "It can only be said that I broke out in a cold sweat. Anyway, I feel a little bit finished."
Every time a hair is sacrificed, the skill +1: "I found an interesting thing. Bolang may be the best player in this loophole. Out of curiosity, I just built the environment to reproduce the loophole, because I still prefer new things, so I have a Xinghai workstation... When I tried to build the environment, I found that the Xingchen desktop system does not support this log component. The official document has its own log component, and it does not support the JNDI interface;
Interestingly, I then opened the 'Star Spirit Realm' to run Windows, successfully reproduced the vulnerability, and executed the attack operation...
Fortunately, "Star Spirit Realm" is running in a popular special sandbox mode. It can manipulate any content of the running Windows system by attacking at will, including reading files, but it will not affect the main system Star desktop. In other words, no matter what you do, Stellar systems are not affected by this ultra-rare and ultra-dangerous bug. "
I am a player who can't sleep every day, so I eat melons at night: "6666, and this kind of operation, doesn't that mean that the star system is currently the most secure system in the world?"
"I think so, I finally found all the online criticisms of Bolang's reinvention of the wheel to fight back!!!"
"..."
-
(End of this chapter)
"How about it, is our loss big?" Wen Liang's face was calm and his mind was calm.
It's true to pay attention to it, but anyway, something has happened, so you have to accept it no matter what, there's no need to embarrass yourself, just face it and it's over.
Li Ze's hearty laughter came from the receiver: "Don't worry, we still have zero losses!"
"Ok?"
"Curious?"
"Of course, the news that the old man gave me is so serious that he knows..."
"I see!"
As he said that, Li Ze restrained his smile: "I know there are people around you, and it took a lot of time to investigate, so I didn't rush to contact you. Judging from the current situation, I can be sure that the impact on us will be minimal and negligible. .”
Then Li Ze explained the situation in detail: "Among all our external service systems, only Apache used this log component when it was first launched. Later, we abandoned it because of its open source feature."
"Among them, because we have spent a lot of effort to independently develop the Stellar Cloud system, almost all third-party open source components are only used as references and will not be incorporated into the official version, so external enterprise-level products such as Stellar Cloud services will not be affected. .”
"And the star service system, which is gradually entering pilot operation, rarely introduces third-party open source components."
"On the other hand, due to the completely independent research and development nature of the star system, the definition of some modules is completely different from the current mainstream system. At that time, it was because of the need to avoid various patent infringement risks.”
"In short, thanks to the compliance and autonomy you emphasized at the beginning, although all of our independent platforms have gone through a very difficult initial stage and needed to create a new system, it is precisely because of this that they are different from each other. Safety."
After saying this, Li Ze turned to say: "According to the feedback from the network security department under the group's network security and user privacy department, this vulnerability has been submitted to Apache by Alibaba Cloud, and according to reliable information, Apache has started testing the patch plan. It will be released today.”
"After extensive analysis, the relevant personnel of the company have assessed the scope of the impact of this log component vulnerability, which is more serious than very serious. It is estimated to be the most serious computer vulnerability discovered in recent years!"
"The attack threshold is beyond imagination, and the operating authority that attackers can obtain through attacking vulnerabilities is unlimited! And according to incomplete statistics, almost all Java-like frameworks will use this log component, and it is rare to use it in a wide range."
After listening to Li Ze's brief description, Wen Liang laughed: "Get ready, Ali is going to suffer a lot."
"How should I say it?" Li Ze was not in a hurry, and even his tone became serious.
Wen Liang replied patiently: "Alibaba Cloud discovered the vulnerability and reported it to Apache, the industry organization that developed it. Even if it is only a priority report, it is okay to know that the scope of the vulnerability has been shared with relevant competent units including Gongxin in the follow-up communication. ;
But Alibaba Cloud did not. Not only did it not share when it was discovered, it was not just that it did not share after knowing the serious situation. Even when Gongxin had already actively discovered the loophole, it still did not ventilate...
However, the vulnerability has a wide range of influence, the attack threshold is low, and the attack can be said to be ubiquitous. At this critical moment, if you say he will not suffer, who will suffer? "
Li Ze quickly thought of the key point: "In my impression, the procedures of the relevant units are not very clear, and Alibaba Cloud is an ordinary company, can you find an excuse to explain?"
Wen Liang asked back: "Do you think Alibaba Cloud has a wide range of businesses based on its current development trend?"
"Understood." Only then did Li Ze get excited, "I will prepare well, you just wait and watch the show, we couldn't get the patent authorization in the early stage, and we couldn't get a new authorization in the early stage because of America's human control. Every penny spent on research and development will be paid back in the near future!"
Wen Liang is very calm: "Don't stand out first, wait for Gongxin's announcement, and don't notify your friends and merchants. When you can notify them, someone will take the initiative to notify them. Let's not meddle in our business."
Li Ze responded.
After finishing the call, Wen Liang flipped through his phone and found a company email that was copied to him a few minutes ago. The content contained a concise description of the causes, consequences and scope of the vulnerability of this component called Log4j2.
The technical analysis process is not abbreviated because the recipient of the email may not be technically savvy.
Bolang's internal procedures already have some regulations. It's not that there are no fooling things, but as long as you have a brain, you won't copy the adulterated and fooling things to Wen Liang and the other executives.
Wen Liang and the others may not understand technology, but in such a big Bolang, can't they find someone who understands technology?
Moreover, as long as people in the pan-technical department bring their brains to work, they should be aware that the two main chief technical engineers who often haunt the company are members of the founder team.
One is Li Bowen and the other is Sun Baoyin.
Not to mention that Zhang Yulin, another member of the founder team, is the chief engineer of the self-developed operating system... It is more enjoyable to go on a horse to fool the technical content than to resign voluntarily.
In fact, asking Wen Liang to type the code is really impossible, but let him see the principle of the technical process... Hehe, do you think he can understand it?
If there is no reference to these few things, they are indeed vague, but if they really have the content in front of them, they can be easily linked together.
After turning around for 3 minutes, Wen Liang exclaimed: "This is all a loophole in inertial thinking. If I was still in a technical position at that time, I guess I might have discovered this stuff..."
"I dare to believe that the input of human beings is correct every time... tsk tsk tsk..."
He really wasn't bragging.
The reason why Li Ze said that the attack threshold of this vulnerability is so low that it is outrageous is that it is just a simple input error...for example, adding a space when entering the url...you can bypass various checks and directly attack the Any content that is preset to be executed on the accessed machine or even in the entire local area network is arbitrary content.
What read files etc. That's just a breeze.
The Log4j2 log component is very powerful, but it is a pity that the judgment of various parameters is not rigorous.
In short, with Wen Liang's modular thinking when writing code, it is easy to find that the judgment conditions defined in the native component code are not rigorous.
So... According to the defense of Alibaba Cloud in later generations, it is a public relations term to say that the seriousness of the vulnerability was not known at the beginning.
It has nothing to do with technology.
It's purely inside the Alibaba department that it's really... a bit rotten.
Not only did the upper management have no relevant thoughts, but even the technical level may not have thought of notifying the domestic authorities to prevent network security risks.
Because this is a very low-level but serious error that will be known after discovery.
…………
At around 8 o'clock in the evening, just as Wen Liang returned to the hotel where he was staying, the secretary of the old Miao over there was summoned to the old Miao's house.
The secretary came with a supervisor engineer.
You personally participated in the handling of this serious vulnerability.
The old Miao's complexion was gentle and elegant, and his sitting posture was dignified and dignified, which was the appearance that a big boss should have, not the loose appearance about half an hour ago.
Even the previously loose hair has become meticulous again.
The secretary has been following the old sign for a few years, of course he knows his temper, and took the initiative to report directly: "After cooperating with neighboring units, urgent investigation and repair, the loopholes of the main servers of all key units have been completely repaired, and a simple Temporary circumvention solution."
"According to the current statistics, the external servers of several key units such as National Defense Science and Industry have evidence that there has been an intrusion through this vulnerability, and some data have traces of illegal access. The total number of times exceeds a thousand...
Some of these units have recently experienced massive cyber attacks that are suspected to be related to this vulnerability. "
"A certain unit may have confidential electronic files that have been illegally accessed..."
After the one-five-one-ten description, the secretary took a light breath: "According to the preliminary joint research and judgment with the neighboring units, the potential loss caused by this vulnerability may exceed the Prism."
"The simplicity of this vulnerability and the depth of the attack... are too rare. According to reliable sources, Apache will list this vulnerability as the highest level of 10 points in the CVSS general vulnerability scoring system, which is extremely dangerous."
After the secretary finished his report, he looked at the engineer supervisor who came with him and said, "For other aspects, I will ask Lin Gong to make up for it."
Lin Gong did his part and added the main point: "After systematic analysis, the principle of this vulnerability is very simple. Once discovered, the danger level can be easily judged. Under normal circumstances, the concept of triggering is not big, but the threshold for triggering is very low. In total, only three lines of code need to be written. .”
"...In addition, according to the comprehensive information summary of the neighboring units, the internal system of the key units derived from the star kernel cannot be loaded with the vulnerability log component, and because it does not support one of the JNDI interfaces that trigger the vulnerability, it cannot be attacked at all. , including all operating system products derived from the Star kernel;
Among them, the pilot unit uses the star cloud for non-critical services, so there is no such loophole. "
"All Aliyun products that have been used more normally have discovered this vulnerability. The maintenance engineers of Alibaba Cloud have not reported the vulnerability so far, nor have they implemented a temporary evasion solution..."
The old Miaotou couldn't help cursing in his heart: "Fuck."
He is really speechless.
How can there be such a unit on horseback!
He is such a refined and easy-going person!
I couldn't help but fuck.
Later, the old man made a decision: "Since a temporary circumvention solution has been formed and a preliminary conclusion has been drawn, the risk will be notified to a wider range immediately."
"An official announcement will be made in three hours."
The secretary wrote it down as he said, and put forward his own suggestion after deliberation: "Should we wait until tomorrow day?"
The old man directly vetoed it: "There is no need to wait any longer."
After that, the secretary first helped to send Lin Gong out of Lao Miao's house, and then turned back. He knew that Lao Miao still had instructions.
The old man directly arranged: "Initiate a meeting tomorrow morning to discuss the establishment of information security risk norms and discuss how to establish a normalized information security prevention organization."
"Should the announcement reflect the punishment decision on Alibaba Cloud?" the secretary asked a special question.
The old man shook his head: "We will make a decision after everyone discusses it."
Finally, he said: "Tell Wen Liang the results of the performance of the stars and stars and clouds."
The secretary nodded again.
…………
Later, Wen Liang received a message notification.
Wen Liang notified Li Ze again, telling him to be ready to attack at any time.
In this way, because of a loophole, the technical support departments of countless domestic Internet companies and information technology companies were all busy in the first half of the night.
Although losses may have already been caused, it is precisely because of this that we must quickly clean up the loopholes every minute, so as not to cause new losses.
It cannot be said that if one person is hacked, it is black, and if ten people are hacked, it is also black.
Subsequently, at around 11 o'clock in the middle of the night, the Internet Security Bureau of Industry and Information Technology issued a work dynamic announcement.
"Network Security Risk Tips Regarding Major Security Vulnerabilities of Apache Log4j2 Components"
The content of the announcement stated:
"Apache (Apache) Log4j2 component is an open source log framework based on Java language, which is widely used in business system development.Recently, Alibaba Cloud Computing Co., Ltd. discovered a remote code execution vulnerability in the Apache Log4j2 component, and notified the Apache Software Foundation of the vulnerability...
On October 10th, the daily inspection of the subordinate staff of the network security found that there was a serious security vulnerability in the Apache Log25j4 component, and the vulnerability risk analysis, investigation and repair have been carried out...
This vulnerability may lead to remote control of the device, causing serious harm such as sensitive information theft, device service interruption, etc. It is a high-risk vulnerability...
In order to reduce network security risks, relevant units and the public are reminded to pay close attention to the official patch release of the Apache Log4j2 component vulnerability, and a temporary solution is now issued.
Network security will continue to organize and carry out vulnerability disposal work, prevent the risk of network product security vulnerabilities, and maintain public Internet network security...』
The act of releasing the announcement late at night naturally quickly touched various groups.
It was also widely disseminated quickly.
It triggered various discussions among netizens who are night owls eating melons.
Soon, the programmers who have always been good at staying up late all bubbled up and expressed their concern about the incident through various channels.
Netizens are also chatting in full swing.
"This time, Gongxin responded so quickly, and even completed a temporary solution, which is a bit surprising."
"I am a liberal arts student who doesn't understand these things, but I found a more interesting point from the announcement. This vulnerability was discovered by Alibaba Cloud, but it was only notified to Apache, not to Net Security. It was discovered by Net Security itself. How much impact does this loophole have if you don’t know how to talk about it?”
Baldness is my dignity as a strong man: "I just read the temporary solution and the vulnerability situation, how do you say the scope of influence... As long as it is a networked machine, as long as this component is used, the underwear can be seen. According to As far as I know, this Log4j2 is the log component project launched by Apache last year;
The purpose is to cope with joining Apache and quitting Apache and developing the new work Slf4j by the author of Log4j...In short, because Apache under the Apache organization is the number one web server in the world, so...Log4j2 is now You understand the scope of use. "
Staying up late is my protective color: "It can only be said that I broke out in a cold sweat. Anyway, I feel a little bit finished."
Every time a hair is sacrificed, the skill +1: "I found an interesting thing. Bolang may be the best player in this loophole. Out of curiosity, I just built the environment to reproduce the loophole, because I still prefer new things, so I have a Xinghai workstation... When I tried to build the environment, I found that the Xingchen desktop system does not support this log component. The official document has its own log component, and it does not support the JNDI interface;
Interestingly, I then opened the 'Star Spirit Realm' to run Windows, successfully reproduced the vulnerability, and executed the attack operation...
Fortunately, "Star Spirit Realm" is running in a popular special sandbox mode. It can manipulate any content of the running Windows system by attacking at will, including reading files, but it will not affect the main system Star desktop. In other words, no matter what you do, Stellar systems are not affected by this ultra-rare and ultra-dangerous bug. "
I am a player who can't sleep every day, so I eat melons at night: "6666, and this kind of operation, doesn't that mean that the star system is currently the most secure system in the world?"
"I think so, I finally found all the online criticisms of Bolang's reinvention of the wheel to fight back!!!"
"..."
-
(End of this chapter)
Tap the screen to use advanced tools
Tip: You can use left and right keyboard keys to browse between chapters.
You'll Also Like
-
Steel, Guns, and the Industrial Party that Traveled to Another World
Chapter 764 23 hours ago -
The Journey Against Time, I am the King of Scrolls in a Hundred Times Space
Chapter 141 1 days ago -
Start by getting the cornucopia
Chapter 112 1 days ago -
Fantasy: One hundred billion clones are on AFK, I am invincible
Chapter 385 1 days ago -
American comics: I can extract animation abilities
Chapter 162 1 days ago -
Swallowed Star: Wish Fulfillment System.
Chapter 925 1 days ago -
Cultivation begins with separation
Chapter 274 1 days ago -
Survival: What kind of unscrupulous businessman is this? He is obviously a kind person.
Chapter 167 1 days ago -
Master, something is wrong with you.
Chapter 316 1 days ago -
I have a space for everything, and I can practice automatically.
Chapter 968 1 days ago
