AI EXPRESS
  • AI
    Rain nabs $11M to build voice experiences for brands

    Rain nabs $11M to build voice products

    Finding AI’s low-hanging fruit | VentureBeat

    Finding AI’s low-hanging fruit | VentureBeat

    4 key areas of opportunity for automation

    For AI model success, utilize MLops and get the data right

    Crippling AI cyberattacks are inevitable: 4 ways security pros can prepare

    Crippling AI cyberattacks are inevitable: 4 ways security pros can prepare

    AI

    How AI Is Being Used to Assess Risk

    Rain nabs $11M to build voice experiences for brands

    Rain nabs $11M to build voice experiences for brands

  • ML
    Personalize your machine translation results by using fuzzy matching with Amazon Translate

    Personalize your machine translation results by using fuzzy matching with Amazon Translate

    Moderate, classify, and process documents using Amazon Rekognition and Amazon Textract

    Moderate, classify, and process documents using Amazon Rekognition and Amazon Textract

    The Intel®3D Athlete Tracking (3DAT) scalable architecture deploys pose estimation models using Amazon Kinesis Data Streams and Amazon EKS

    The Intel®3D Athlete Tracking (3DAT) scalable architecture deploys pose estimation models using Amazon Kinesis Data Streams and Amazon EKS

    Intelligently search your Jira projects with Amazon Kendra Jira cloud connector

    Intelligently search your Jira projects with Amazon Kendra Jira cloud connector

    Enhance the caller experience with hints in Amazon Lex

    Enhance the caller experience with hints in Amazon Lex

    Image classification and object detection using Amazon Rekognition Custom Labels and Amazon SageMaker JumpStart

    Image classification and object detection using Amazon Rekognition Custom Labels and Amazon SageMaker JumpStart

    Run automatic model tuning with Amazon SageMaker JumpStart

    Run automatic model tuning with Amazon SageMaker JumpStart

    Achieve in-vehicle comfort using personalized machine learning and Amazon SageMaker

    Achieve in-vehicle comfort using personalized machine learning and Amazon SageMaker

    Example of subtitles toggled on within a web video player

    Create video subtitles with Amazon Transcribe using this no-code workflow

  • NLP
    This file image, provided by SK Telecom Co., shows the telecom giant

    SK Telecom Launches AI Service that Supports Natural Language Dialogue

    Researchers Propose A Graph-Based Machine Learning Method To Quantify The Spatial Homogeneity Of Subnetworks

    Researchers Propose A Graph-Based Machine Learning Method To Quantify The Spatial Homogeneity Of Subnetworks

    Westpac fund backs start-up that enables AI phone calls

    Westpac fund backs start-up that enables AI phone calls

    Biased data is anathema to society says the SAS CTO who has made it his mission to stamp bias out

    Biased data is anathema to society says the SAS CTO who has made it his mission to stamp bias out

    ELaPro, a LOINC-mapped core dataset for top laboratory procedures of eligibility screening for clinical trials | BMC Medical Research Methodology

    ELaPro, a LOINC-mapped core dataset for top laboratory procedures of eligibility screening for clinical trials | BMC Medical Research Methodology

    The problem with self-driving cars

    The problem with self-driving cars

    These 5 robotic startups are impacting healthcare sector with their innovation

    These 5 robotic startups are impacting healthcare sector with their innovation

    Raidix Era Western Digital

    What is a supercomputer? – Dataconomy

    Data Intelligence Solutions for Sales Market Overview 2022-2029| Key Players – Linkedln, Discoverorg, Zoomlnfo, Datanyze, Dun & Bradstreet

    Japan Cloud Natural Language Processing Market Size 2022 Analysis by 2029

  • Vision
    Creator Karen X. Cheng Brings Keen AI for Design ‘In the NVIDIA Studio’

    Creator Karen X. Cheng Brings Keen AI for Design ‘In the NVIDIA Studio’

    GFN Thursday: ‘Evil Dead: The Game’ on GeForce NOW

    GFN Thursday: ‘Evil Dead: The Game’ on GeForce NOW

    pix2pix Generative Adversarial Networks

    pix2pix Generative Adversarial Networks

    AI-Generated Endangered Species Mix With Times Square’s Nightlife

    AI-Generated Endangered Species Mix With Times Square’s Nightlife

    Shopping Smart: AiFi Using AI to Spark a Retail Renaissance

    Shopping Smart: AiFi Using AI to Spark a Retail Renaissance

    Writing AlexNet from Scratch in PyTorch

    Writing AlexNet from Scratch in PyTorch

    Duos Technologies Uses AI-Powered System for Railcar Inspection

    Duos Technologies Uses AI-Powered System for Railcar Inspection

    Recycleye AI-Driven Systems Aim to Reduce Global Waste

    Recycleye AI-Driven Systems Aim to Reduce Global Waste

    NVIDIA Metropolis Edge AI-on-5G Platform Delivers IVA Over 5G

    NVIDIA Metropolis Edge AI-on-5G Platform Delivers IVA Over 5G

  • Robotics
    Eureka Robotics brings in $4.5M in pre-Series A funding

    Eureka Robotics brings in $4.5M in pre-Series A funding

    NASCAR crash test

    AB Dynamics’ robots at use crash testing NASCAR cars

    depainting a plane

    Advanced cable management lets robots depaint airplanes

    Dusty Robotics raises $45M Series B round

    Dusty Robotics raises $45M Series B round

    Flexxbotics brings in $2.9M in Series A funding

    Flexxbotics brings in $2.9M in Series A funding

    ABB's Mark Joppru joins MiR as VP of sales for the Americas

    ABB’s Mark Joppru joins MiR as VP of sales for the Americas

    Teraki, DriveU.auto partner for teleoperated delivery robots

    Teraki, DriveU.auto partner for teleoperated delivery robots

    Apex.AI receives strategic investment from Daimler Truck

    Apex.AI receives strategic investment from Daimler Truck

    Festo introduces pneumatic cobot arm

    Festo introduces pneumatic cobot arm

  • RPA
    Invoice Management Made Easy With Automation and RPA solution

    Automated Invoice Processing: An Ardent Need of Modern Day Businesses

    Conversational AI- Oomphing Up HR Digitization Factor| AutomationEdge

    Conversational AI- Oomphing Up HR Digitization Factor| AutomationEdge

    Know how to Implement Conversational AI

    Alarm Ringing! Top 10 Tips to go about Conversational Marketing

    UiPath RPA & Microsoft Cloud - Microsoft Inspire 2019

    UiPath RPA & Microsoft Cloud – Microsoft Inspire 2019

    UiPath 2019.7 Monthly Update | UiPath

    UiPath 2019.7 Monthly Update | UiPath

    Take The Wheel of Your Automation Strategy

    Take The Wheel of Your Automation Strategy

    Finding Your Unattended Robots Use Cases (Part 1)

    Finding Your Unattended Robots Use Cases (Part 1)

    EU Urges Public Sector to Use Artificial Intelligence To Improve Services

    EU Urges Public Sector to Use Artificial Intelligence To Improve Services

    2019 Gartner Peer Insights Customers' Choice for RPA

    2019 Gartner Peer Insights Customers’ Choice for RPA

  • Gaming
    Rumours grow as details of a Silent Hill 2 remake emerge following recent leak

    Rumours grow as details of a Silent Hill 2 remake emerge following recent leak

    Random: Man Rescues "Abandoned" Nintendogs, Becomes Viral Sensation On TikTok

    Random: Man Rescues “Abandoned” Nintendogs, Becomes Viral Sensation On TikTok

    Skyrim mod brings Shadow of Mordor's brilliant Nemesis system to Tamriel

    Skyrim mod brings Shadow of Mordor’s brilliant Nemesis system to Tamriel

    Finished Elden Ring but never played Dark Souls? Now's the time

    Finished Elden Ring but never played Dark Souls? Now’s the time

    You can now play Resident Evil 7 and Village in fully-immersive VR on PC

    You can now play Resident Evil 7 and Village in fully-immersive VR on PC

    UK Charts: Nintendo Switch Sports Is Number One For A Third Week

    UK Charts: Nintendo Switch Sports Is Number One For A Third Week

    Square Enix still recommends Balan Wonderworld "with confidence" despite recent lawsuit

    Square Enix still recommends Balan Wonderworld “with confidence” despite recent lawsuit

    This Elden Ring mod lets you hang out with your favourite NPCs

    This Elden Ring mod lets you hang out with your favourite NPCs

    Gears of War could be getting a Master Chief Collection-style collection

    Gears of War could be getting a Master Chief Collection-style collection

  • Investment
    StartPlaying

    StartPlaying Raises $6.5M in Seed Funding

    Akuity Raises $20M in Series A Funding

    Akuity Raises $20M in Series A Funding

    jambo

    Jambo Raises $30M in Series A Funding

    Gusto Collective Raises US$11M in Seed Plus Funding

    Gusto Collective Raises US$11M in Seed Plus Funding

    business intelligence

    Gain.pro Raises USD10M in Funding

    Fleet Nurse

    FleetNurse Receives Investment from HCAP Partners

    Optibus

    Optibus Closes USD100M Series D Funding

    Fresh Technology Raises $7M in Series A Funding

    Fresh Technology Raises $7M in Series A Funding

    ACE & Company Closes Fourth Buyout Co-Investment Fund, at $244M

    Troob Capital Management Closes Second Tactical Opportunities Fund, At $209M

  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video
No Result
View All Result
AI EXPRESS
No Result
View All Result
Home Security

What Log4Shell teaches us about open source security

seprameen by seprameen
December 23, 2021
in Security
0
What Log4Shell teaches us about open source security
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Hear from CIOs, CTOs, and different C-level and senior execs on information and AI methods on the Way forward for Work Summit this January 12, 2022. Be taught extra


A severe safety vulnerability is found in a chunk of open-source software program — extensively used behind the scenes on the web however little identified to the typical particular person — that may give attackers entry to a treasure trove of delicate information.

The incident exposes how a vulnerability in a seemingly easy little bit of infrastructure code can threaten the safety of banks, tech firms, governments, and just about every other form of group.

Firms race to repair the issue however worry it’s going to plague the web for years.

Feels like Log4Shell, the beforehand unknown flaw in a ubiquitous and free program that has been freaking out specialists because it got here to mild final week, proper? Sure, but it surely additionally describes an eerily comparable episode from 2014. Keep in mind Heartbleed?

Heartbleed was a bug in OpenSSL, the preferred open-source code library for executing the Transport Layer Safety (TLS) and Safe Sockets Layer (SSL) protocols utilized in encrypting web sites and software program.

The flaw, which allowed hackers to trick a susceptible internet server into sending them encryption keys and different confidential data, was linked to a number of assaults, together with one on a big U.S. hospital operator that resulted within the theft of 4.5 million healthcare data. Researchers at Google and software program firm Codemonicon independently found the vulnerability and reported it in April 2014.

After Heartbleed got here to mild, the world puzzled how malicious actors had been capable of compromise a chunk of software program so important to the web’s safe operation. To many, the incident additionally raised questions in regards to the safety of all open-source software program.

See also  Dazz, from ex-Microsoft team, gets $60M to automate cloud security

Quick ahead to December 2021 and those self same questions are surfacing.

Like OpenSSL, Log4j — the Java program compromised by the Log4Shell bug — is a extensively used, multi-platform open-source library. Developed and maintained beneath the auspices of the all-volunteer Apache Software program Basis, Log4j is deployed on servers to file customers’ actions to allow them to be analyzed later by safety or growth groups.

Hackers may use the flaw to entry delicate data on a wide range of units, plant ransomware assaults, and take over machines to mine crypto currencies. The vulnerability was found virtually by happenstance, when Microsoft introduced it had found suspicious exercise in Minecraft: Java Version, a preferred online game it owns.

Jen Easterly, director of the Division of Homeland Safety’s Cybersecurity and Infrastructure Safety Company, said, “To be clear, this vulnerability poses a extreme danger… We urge all organizations to hitch us on this important effort and take motion.”

As with Heartbleed, Log4Shell illustrates how the prevalence of open-source software program in enterprises around the globe — applications like OpenSSL and Log4j and the multitude of code that is determined by them in trendy software program growth — has more and more made it a favourite assault goal.

Almost each group now makes use of some quantity of open supply, because of advantages corresponding to decrease value in contrast with proprietary software program and adaptability in a world more and more dominated by cloud computing. Open supply isn’t going away anytime quickly — simply the other — and hackers know this.

See also  Funding source aims to help cities innovate to tackle water challenges

As for what Log4Shell says about open-source safety, I believe it raises extra questions than it solutions. I typically agree that open-source software program has safety benefits due to the various watchful eyes behind it — all these contributors worldwide who’re dedicated to a program’s high quality and safety. However a number of questions are truthful to ask:

Who’s minding the gates in the case of securing foundational applications like Log4j? The Apache Basis says it has greater than 8,000 committers collaborating on 350 initiatives and initiatives, however what number of are engaged to control an older, maybe “boring” one corresponding to Log4j?

Ought to giant deep-pocketed firms in addition to Google, which at all times appears to be closely concerned in such issues, be doing extra to assist the trigger with individuals and assets?

And, lastly, why does it at all times appear to take the disclosure of a vulnerability in an open-source program earlier than the world realizes how essential that program is? Is the business doing sufficient to acknowledge what these software program packages are and prioritizing their safety?

Log4Shell, like Heartbleed earlier than it, demonstrates that, if nothing else, these questions ought to be requested and answered.

Justin Dorfman is open supply program supervisor at cybersecurity firm Reblaze.

Source link

Tags: Log4Shellopensecuritysourceteaches
Previous Post

Global Robotic Process Automation (RPA) Market

Next Post

Devolver Digital’s Weird West delayed to March 31

seprameen

seprameen

Next Post
Devolver Digital's Weird West delayed to March 31

Devolver Digital's Weird West delayed to March 31

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Newsletter

Popular Stories

  • A fan is making the Metroid 64 game that never was

    A fan is making the Metroid 64 game that never was

    0 shares
    Share 0 Tweet 0
  • Android 13 needs to steal a few of Apple’s features to show off at Google IO 2022

    0 shares
    Share 0 Tweet 0
  • Bubbles Raises $8.5M in Seed Funding

    0 shares
    Share 0 Tweet 0
  • Intel shows off new Arctic Sound M graphics chips for the datacenter

    0 shares
    Share 0 Tweet 0
  • Circle Mints 8.4 Billion USDC Within 7 Days, Why?

    0 shares
    Share 0 Tweet 0

Security Jobs

View 115 Security Jobs at Tesla

View 165 Security Jobs at Nvidia

View 105 Security Jobs at Google

View 135 Security Jobs at Amamzon

View 131 Security Jobs at IBM

View 95 Security Jobs at Microsoft

View 205 Security Jobs at Meta

View 192 Security Jobs at Intel

Accounting and Finance Hub

Raised Seed, Series A, B, C Funding Round

Get a Free Insurance Quote

Try Our Accounting Service

AI EXPRESS

AI EXPRESS is a news site that covers the latest developments in Artificial Intelligence, Data Analytics, ML & DL, Algorithms, RPA, NLP, Robotics, Smart Homes & Cities, Cloud & Quantum Computing, AR & VR and Blockchains

Categories

  • AI
  • Ai videos
  • Apps
  • AR & VR
  • Blockchain
  • Cloud
  • Computer Vision
  • Crypto Currency
  • Data analytics
  • Esports
  • Gaming
  • Gaming Videos
  • Investment
  • IOT
  • Iot Videos
  • Low Code No Code
  • Machine Learning
  • NLP
  • Quantum Computing
  • Robotics
  • Robotics Videos
  • RPA
  • Security
  • Smart City
  • Smart Home

Quick Links

  • Reviews
  • Deals
  • Best
  • AI Jobs
  • AI Events
  • AI Directory
  • Industries

© 2021 Aiexpress.io - All rights reserved.

  • Contact
  • Privacy Policy
  • Terms & Conditions

No Result
View All Result
  • AI
  • ML
  • NLP
  • Vision
  • Robotics
  • RPA
  • Gaming
  • Investment
  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video

© 2021 Aiexpress.io - All rights reserved.