On December 9, 2021, a zero-day arbitrary code execution vulnerability in Log4j 2 was reported and given the descriptor "Log4Shell". It has been characterized as "the single biggest, most critical vulnerability of the last decade".
Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
The critical security gap caused by Log4j is now being compared with critical gaps like Shellshock or Heartbleed that already endangered hundreds of million computer systems on the internet in 2014.
Last Update (Monday, December 13):
After the BSI warning had been upgraded, cyber security units of leading German enterprises reacted immediately. VW, Lufthansa, Deutsche Telecom and Hapag-Lloyd Shipping raised their levels of security measures and watched out for possible cyber attacks. [German Press]
…..........................................................................................................................
Apart from vulnerabilities of software structures, there are increasing dangers from the outside that are using such vulnerabilities to compromise business and private data in a most extensive way.
An Israeli spyware named Pegasus has become the most dangerous example of an aggressive software that is able to target selected Android and iOS smartphones to extract and download almost any relevant data which government authorities might be interested in. Originally written to enable the tracking of criminals and terrorists, this highly expensive software is only offered to governmental clients who have to sign a document that is intended to restrict the use of Pegasus spyware to the investigation of crime and terrorism.
However, human rights organizations are providing evidence that Pegasus has been used as well to target journalists and system critics in different countries. Both Ghana and Saudi Arabia are mentioned by international media in a relation with NSO's Pegasus. In the case of Saudi Arabia, the murder of system critic Jamal Khashoggi on the premises of Saudi Arabia's consulate in Istanbul in October 2018 is still present in the memory of many people who suspect the Saudi crown prince Mohammed bin Salman as the initiator of that crime.
Under the Biden administration, the United States Commerce Department has now blacklisted NSO, the maker of Israeli spyware Pegasus, for maliciously targetting journalists.
According to US Secretary of Commerce Gina Raimondo, "The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organisations here and abroad."
This looks very much different from earlier US security practice – even under the Obama administration - when National Security Agency NSA was sucpected of eavesdropping the smartphone of German chancellor Angela Merkel.
maker NSO Group for maliciously targetting journalists]
It seems that global distribution of high-end spyware has run out of control. Since private business took over, Israeli authorities have come under pressure for the first time to look into the proceedings of NSO on their own territory. And it should be noted that Israel, as well, is being suspected of targeting Palestinian politicians with Pegasus
................................................................................................................................
Indeed, it is from Israel that subversive software originally started. I remember having learned the expression "information mining" from an Israeli company that was offering a special software on the internet for those who were still disappointed by a too low performance of search engines in the first years of the internet.
Much later, Israel succeeded in planting its destructive virus "Stuxnet" into the hardware of Iran's Uranium enrichment facility and which led to the destruction of a certain amount of Uranium centrifuges.
Now that "evil government hackers" from China, Russia and North Korea have joined the long-standing electronic spying activities of Israeli and US government services, things are out of control.
This happens at a time when communications technology has reached new levels of complexity, while online access to important infrastructure - like power and water supply -, not to mention all kinds of administrative data, has already become a matter of everyday practice.
................................................................................................................................
and easy for them to track me. Some seemed to like me, some not.