Fri Dec 10, 2021, 07:19 PM
Omaha Steve (85,614 posts)
Global race to patch critical computer bug
Source: AP
By FRANK BAJAK BOSTON (AP) — Security experts around the world raced Friday to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. “I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days. New Zealand’s computer emergency response team was among the first to report that the flaw in a Java-language utility for Apache servers used to log user activity was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released. The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10, the worst possible. Anyone with the exploit can get full acces s to an unpatched machine. 
FILE - Lydia Winters shows off Microsoft's "Minecraft" built specifically for HoloLens at the Xbox E3 2015 briefing before Electronic Entertainment Expo, June 15, 2015, in Los Angeles. Security experts around the world raced Friday, Dec. 10, 2021, to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. Cybersecurity experts say users of the online game Minecraft have already exploited it to breach other users by pasting a short message into in a chat box. (AP Photo/Damian Dovarganes, File) Read more: https://apnews.com/article/technology-business-lifestyle-software-apple-inc-aed3cc628fc602079b100757974c8f01
|
21 replies, 3134 views
 21 replies |
Author | Time | Post |
 Global race to patch critical computer bug (Original post) |
Omaha Steve | Dec 2021 | OP |
| totodeinhere | Dec 2021 | #1 | |
| rickford66 | Dec 2021 | #2 | |
| totodeinhere | Dec 2021 | #3 | |
| rickford66 | Dec 2021 | #4 | |
| debsy | Dec 2021 | #6 | |
| Pobeka | Dec 2021 | #5 | |
| rickford66 | Dec 2021 | #8 | |
| totodeinhere | Dec 2021 | #11 | |
| erronis | Dec 2021 | #7 | |
| DavidDvorkin | Dec 2021 | #9 | |
| patphil | Dec 2021 | #10 | |
| Lucky Luciano | Dec 2021 | #12 | |
| TheRickles | Dec 2021 | #13 | |
| Firestorm49 | Dec 2021 | #15 | |
| Ouroborosnek | Dec 2021 | #16 | |
| discntnt_irny_srcsm | Dec 2021 | #17 | |
| Polybius | Dec 2021 | #18 | |
| cadoman | Dec 2021 | #20 | |
| Firestorm49 | Dec 2021 | #14 | |
| getagrip_already | Dec 2021 | #19 | |
| HuskyOffset | Dec 2021 | #21 |
Response to Omaha Steve (Original post)
Fri Dec 10, 2021, 08:17 PM
totodeinhere (12,696 posts)
1. I am not very tech savvy but I have always wondered why there are so many bugs in software.
Response to totodeinhere (Reply #1)
Fri Dec 10, 2021, 08:42 PM
rickford66 (4,946 posts)
2. You're joking, right ?
Response to rickford66 (Reply #2)
Fri Dec 10, 2021, 08:47 PM
totodeinhere (12,696 posts)
3. No, I'm not joking. I am sick and tired of computer bugs. n/t
Response to totodeinhere (Reply #3)
Fri Dec 10, 2021, 09:42 PM
rickford66 (4,946 posts)
4. Have you written code for commercial or military programs ?
Response to rickford66 (Reply #4)
Fri Dec 10, 2021, 09:59 PM
6. I'm not being mean, I just know you have never worked in corporate IT.
Response to totodeinhere (Reply #3)
Fri Dec 10, 2021, 09:47 PM
5. Then don't ever use a computer again. Sounds harsh but it's true.
Response to Pobeka (Reply #5)
Fri Dec 10, 2021, 10:46 PM
rickford66 (4,946 posts)
8. totodeinhere would sh*t a brick if he/she saw the kluges in S/W he/she depends on.
Response to Pobeka (Reply #5)
Sat Dec 11, 2021, 12:11 AM
totodeinhere (12,696 posts)
11. Just because their wikl always be bugs doesn't mean that I shouldn't use a computer.
Response to totodeinhere (Reply #1)
Fri Dec 10, 2021, 10:45 PM
erronis (10,893 posts)
7. The early chariots, carts, cars, airplanes, etc. all had bugs.
Response to totodeinhere (Reply #1)
Fri Dec 10, 2021, 10:51 PM
DavidDvorkin (18,472 posts)
9. The delusion that bug-free software is possible
Response to totodeinhere (Reply #1)
Fri Dec 10, 2021, 11:28 PM
10. The problem is that bug don't come with flags that identify the presence of a bug.
Response to patphil (Reply #10)
Sat Dec 11, 2021, 12:44 AM
12. So far, no mention of heisenbugs! The worst kind! Totally evil.
Response to patphil (Reply #10)
Sat Dec 11, 2021, 10:16 AM
13. Thanks for taking the time to explain this to non-IT DUers.
Response to patphil (Reply #10)
Sat Dec 11, 2021, 11:49 AM
Firestorm49 (3,168 posts)
15. Thank you. Your post is very informative. Perhaps it's time to unveil the "next generation"
Response to totodeinhere (Reply #1)
Sat Dec 11, 2021, 12:14 PM
16. One of the priniciples of software testing
Response to totodeinhere (Reply #1)
Sat Dec 11, 2021, 12:54 PM
discntnt_irny_srcsm (17,410 posts)
17. I work in software quality assurance. I have for decades.
|
The only way to come close to what you're suggesting is to have a rigid and formal set of requirements articulated before the architecture ever begins. Then to have design documents written that coders can follow precisely and then use software tools such as assemblers and compilers that were developed with the same level of rigor to create object code. Then to verify each and every requirement is met exactly without any unspecified activity. When all of this is done, there will be requirements that the code doesn't satisfy, tests that are valid, which the code/system doesn't pass. The requirements should be eliminated and the entire process restarted from the beginning.
Finally, evaluating the code exercising it with a full functional and performance validation that confirms that absolutely every line of code is operated and that there is no "dead code" is about the only way to do what you're asking. No one can afford it. Code reuse and iterative updates and revisions provide some many permutations that no degree of pre-planning and assessment will ever be complete. Have a cartoon:  |
Response to totodeinhere (Reply #1)
Sat Dec 11, 2021, 02:31 PM
18. I can tell you aren't tech savvy lol
Response to totodeinhere (Reply #1)
Sun Dec 12, 2021, 11:39 AM
20. there are certain products that have the level of testing you seek
|
But they tend to get updates less often, have fewer features, run slower, etc.
This may be the OS for you, totodeinhere: https://www.openbsd.org/security.html What's sad is even if the software folks do their part, there are still backdoors in a lot of hardware.  |
Response to Omaha Steve (Original post)
Sun Dec 12, 2021, 11:24 AM
19. fwiw, Apache is an open source web server.....
Response to Omaha Steve (Original post)
Sun Dec 12, 2021, 07:27 PM
HuskyOffset (710 posts)
21. Ars Technica's article about it
