AI EXPRESS - Hot Deal 4 VCs instabooks.co
  • AI
    Harnessing the power of GPT-3 in scientific research

    Harnessing the power of GPT-3 in scientific research

    How Tymely combines NLP and a human-in-the-loop approach to improve chatbot conversations

    ChatGPT and LLM-based chatbots set to improve customer experience

    Light Field Lab raises $50M to manufacture its SolidLight holographic displays

    Light Field Lab raises $50M to manufacture its SolidLight holographic displays

    Google 'Live in Paris' event offers muted response to Microsoft's 'race' in search

    Google ‘Live in Paris’ event offers muted response to Microsoft’s ‘race’ in search

    The 'race starts today' in search as Microsoft reveals new OpenAI-powered Bing, 'copilot for the web'

    The ‘race starts today’ in search as Microsoft reveals new OpenAI-powered Bing, ‘copilot for the web’

    You can't find state-of-the-art suppliers alone

    You can’t find state-of-the-art suppliers alone

  • ML
    Optimize your machine learning deployments with auto scaling on Amazon SageMaker

    Optimize your machine learning deployments with auto scaling on Amazon SageMaker

    Amazon SageMaker Automatic Model Tuning now supports three new completion criteria for hyperparameter optimization

    Amazon SageMaker Automatic Model Tuning now supports three new completion criteria for hyperparameter optimization

    first sample notebook

    Share medical image research on Amazon SageMaker Studio Lab for free

    Image classification model selection using Amazon SageMaker JumpStart

    Image classification model selection using Amazon SageMaker JumpStart

    Create powerful self-service experiences with Amazon Lex on Talkdesk CX Cloud contact center

    Create powerful self-service experiences with Amazon Lex on Talkdesk CX Cloud contact center

    Analyze and visualize multi-camera events using Amazon SageMaker Studio Lab

    Analyze and visualize multi-camera events using Amazon SageMaker Studio Lab

    Predict football punt and kickoff return yards with fat-tailed distribution using GluonTS

    Predict football punt and kickoff return yards with fat-tailed distribution using GluonTS

    Scaling distributed training with AWS Trainium and Amazon EKS

    Scaling distributed training with AWS Trainium and Amazon EKS

    How to decide between Amazon Rekognition image and video API for video moderation

    How to decide between Amazon Rekognition image and video API for video moderation

  • NLP
    Presight AI and G42 Healthcare sign an MOU

    Presight AI and G42 Healthcare sign an MOU

    Meet Sketch: An AI code Writing Assistant For Pandas

    Meet Sketch: An AI code Writing Assistant For Pandas

    Exploring The Dark Side Of OpenAI's GPT Chatbot

    Exploring The Dark Side Of OpenAI’s GPT Chatbot

    OpenAI launches tool to catch AI-generated text

    OpenAI launches tool to catch AI-generated text

    Year end report, 1 May 2021- 30 April 2022.

    U.S. Consumer Spending Starts to Sputter; Labor Report to Give Fed Look at Whether Rate Increases Are Cooling Rapid Wage Growth

    Meet ETCIO SEA Transformative CIOs 2022 Winner Edmund Situmorang, CIOSEA News, ETCIO SEA

    Meet ETCIO SEA Transformative CIOs 2022 Winner Edmund Situmorang, CIOSEA News, ETCIO SEA

    His Highness Sheikh Theyab bin Zayed Al Nahyan witnesses MBZUAI inaugural commencement

    His Highness Sheikh Theyab bin Zayed Al Nahyan witnesses MBZUAI inaugural commencement

    Hyperscale Revolution

    Companies that are leading the way

    ChatGPT and I wrote this article

    ChatGPT and I wrote this article

  • Vision
    Analyzing the Power of CLIP for Image Representation in Computer Vision

    Analyzing the Power of CLIP for Image Representation in Computer Vision

    What is a Computer Vision Platform? Complete Guide in 2023

    What is a Computer Vision Platform? Complete Guide in 2023

    Training YOLOv8 on Custom Data

    Training YOLOv8 on Custom Data

    The Best Applications of Computer Vision in Agriculture (2022)

    The Best Applications of Computer Vision in Agriculture (2022)

    A Review of the Image Quality Metrics used in Image Generative Models

    A Review of the Image Quality Metrics used in Image Generative Models

    CoaXPress Frame Grabbers for Machine Vision

    CoaXPress Frame Grabbers for Machine Vision

    Translation Invariance & Equivariance in Convolutional Neural Networks

    Translation Invariance & Equivariance in Convolutional Neural Networks

    Roll Model: Smart Stroller Pushes Its Way to the Top at CES 2023

    Roll Model: Smart Stroller Pushes Its Way to the Top at CES 2023

    Image Annotation: Best Software Tools and Solutions in 2023

    Image Annotation: Best Software Tools and Solutions in 2023

  • Robotics
    A red industrial robot arm sitting on a mobile black box base on against a black background.

    Rapid Robotics to offer Yaskawa industrial robots

    A silver SCARA robot.

    Yamaha Motor announces robotics business in Singapore

    A white drone flying out of a black and grey box labeled "Airobotics" against a black and white sky.

    Airobotics receives $3.5M purchase order from SkyGo

    From left to right, a white platform on wheels with three robotic arms, a monitor on a white stand and another white and black stand.

    J&J’s Ethicon completes first robot-assisted kidney stone removal with Monarch platform

    a male model wear the shoulder harness with right arm outstretched.

    Soft robotic wearable restores arm function for people with ALS

    Meet the Robotics Summit & Expo keynote speakers

    Meet the Robotics Summit & Expo keynote speakers

    ABB uses robots to automate COVID antibody testing

    ABB uses robots to automate COVID antibody testing

    A silver and black hollow shaft gear unit from Harmonic Drive.

    Harmonic Drive launches HPF series of hollow shaft gear units

    A UR cobot performs a place operation.

    Rapid Robotics and Universal Robots team up to accelerate cobot deployments

  • RPA
    Avoid Patient Queues with Automated Query Resolution

    Avoid Patient Queues with Automated Query Resolution

    RPA in Banking & Finance 2023 (Use Cases, Benefits, Challenges, Trends)

    RPA in Banking & Finance 2023 (Use Cases, Benefits, Challenges, Trends)

    Future of Electronic Visit Verification (EVV) for Homecare

    Future of Electronic Visit Verification (EVV) for Homecare

    Benefits of Implementing RPA in Banking Industry

    Benefits of Implementing RPA in Banking Industry

    Robotic Process Automation

    What is RPA (Robotic Process Automation)?

    Top RPA Use Cases in Banking Industry in 2023

    Top RPA Use Cases in Banking Industry in 2023

    Accelerate Account Opening Process Using KYC Automation

    Accelerate Account Opening Process Using KYC Automation

    RPA Case Study in Banking

    RPA Case Study in Banking

    Reducing Service Ticket Volumes through Automated Password Reset Process

    Reducing Service Tickets Volume Using Password Reset Automation

  • Gaming
    God of War Ragnarok had a banner debut week at UK retail

    God of War Ragnarok had a banner debut week at UK retail

    A Little To The Left Review (Switch eShop)

    A Little To The Left Review (Switch eShop)

    Horizon Call of the Mountain will release alongside PlayStation VR2 in February

    Horizon Call of the Mountain will release alongside PlayStation VR2 in February

    Sonic Frontiers has Dreamcast-era jank and pop-in galore - but I can't stop playing it

    Sonic Frontiers has Dreamcast-era jank and pop-in galore – but I can’t stop playing it

    Incredible November Xbox Game Pass addition makes all other games obsolete

    Incredible November Xbox Game Pass addition makes all other games obsolete

    Free Monster Hunter DLC For Sonic Frontiers Now Available On Switch

    Free Monster Hunter DLC For Sonic Frontiers Now Available On Switch

    Somerville review: the most beautiful game I’ve ever played

    Somerville review: the most beautiful game I’ve ever played

    Microsoft Flight Sim boss confirms more crossover content like Halo's Pelican and Top Gun Maverick

    Microsoft Flight Sim boss confirms more crossover content like Halo’s Pelican and Top Gun Maverick

    The Game Awards nominations are in, with God of War Ragnarok up for 10 of them

    The Game Awards nominations are in, with God of War Ragnarok up for 10 of them

  • Investment
    TDGA Holdings Raises $20M in Seed Funding

    TDGA Holdings Raises $20M in Seed Funding

    CFEX

    CFEX Closes Seed Funding – FinSMEs

    181 travel

    181travel Raises €2.5M in Funding

    HourWork Raises $10M in Series A Funding

    Amai Group Acquires Career Sidekick

    Thorne Helthtech

    Thorne Healthtech Acquires Precon Health, for USD5M

    Partech Africa fund

    Partech Africa II Reaches 1st Close, at €245M   

    Mazepay

    Mazepay Raises €4M in Growth Funding

    uniifi

    Uniify RaiseS €3M in Seed Funding

    Uniphore

    Uniphore Acquires Hexagone

  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video
No Result
View All Result
AI EXPRESS - Hot Deal 4 VCs instabooks.co
No Result
View All Result
Home Security

What Log4Shell teaches us about open source security

seprameen by seprameen
December 23, 2021
in Security
0
What Log4Shell teaches us about open source security
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Hear from CIOs, CTOs, and different C-level and senior execs on information and AI methods on the Way forward for Work Summit this January 12, 2022. Be taught extra


A severe safety vulnerability is found in a chunk of open-source software program — extensively used behind the scenes on the web however little identified to the typical particular person — that may give attackers entry to a treasure trove of delicate information.

The incident exposes how a vulnerability in a seemingly easy little bit of infrastructure code can threaten the safety of banks, tech firms, governments, and just about every other form of group.

Firms race to repair the issue however worry it’s going to plague the web for years.

Feels like Log4Shell, the beforehand unknown flaw in a ubiquitous and free program that has been freaking out specialists because it got here to mild final week, proper? Sure, but it surely additionally describes an eerily comparable episode from 2014. Keep in mind Heartbleed?

Heartbleed was a bug in OpenSSL, the preferred open-source code library for executing the Transport Layer Safety (TLS) and Safe Sockets Layer (SSL) protocols utilized in encrypting web sites and software program.

The flaw, which allowed hackers to trick a susceptible internet server into sending them encryption keys and different confidential data, was linked to a number of assaults, together with one on a big U.S. hospital operator that resulted within the theft of 4.5 million healthcare data. Researchers at Google and software program firm Codemonicon independently found the vulnerability and reported it in April 2014.

After Heartbleed got here to mild, the world puzzled how malicious actors had been capable of compromise a chunk of software program so important to the web’s safe operation. To many, the incident additionally raised questions in regards to the safety of all open-source software program.

See also  Hacking groups launching 'cyber proxy war' over Ukraine attacks by Russia

Quick ahead to December 2021 and those self same questions are surfacing.

Like OpenSSL, Log4j — the Java program compromised by the Log4Shell bug — is a extensively used, multi-platform open-source library. Developed and maintained beneath the auspices of the all-volunteer Apache Software program Basis, Log4j is deployed on servers to file customers’ actions to allow them to be analyzed later by safety or growth groups.

Hackers may use the flaw to entry delicate data on a wide range of units, plant ransomware assaults, and take over machines to mine crypto currencies. The vulnerability was found virtually by happenstance, when Microsoft introduced it had found suspicious exercise in Minecraft: Java Version, a preferred online game it owns.

Jen Easterly, director of the Division of Homeland Safety’s Cybersecurity and Infrastructure Safety Company, said, “To be clear, this vulnerability poses a extreme danger… We urge all organizations to hitch us on this important effort and take motion.”

As with Heartbleed, Log4Shell illustrates how the prevalence of open-source software program in enterprises around the globe — applications like OpenSSL and Log4j and the multitude of code that is determined by them in trendy software program growth — has more and more made it a favourite assault goal.

Almost each group now makes use of some quantity of open supply, because of advantages corresponding to decrease value in contrast with proprietary software program and adaptability in a world more and more dominated by cloud computing. Open supply isn’t going away anytime quickly — simply the other — and hackers know this.

See also  It’s past time to figure out cross-cloud security

As for what Log4Shell says about open-source safety, I believe it raises extra questions than it solutions. I typically agree that open-source software program has safety benefits due to the various watchful eyes behind it — all these contributors worldwide who’re dedicated to a program’s high quality and safety. However a number of questions are truthful to ask:

Who’s minding the gates in the case of securing foundational applications like Log4j? The Apache Basis says it has greater than 8,000 committers collaborating on 350 initiatives and initiatives, however what number of are engaged to control an older, maybe “boring” one corresponding to Log4j?

Ought to giant deep-pocketed firms in addition to Google, which at all times appears to be closely concerned in such issues, be doing extra to assist the trigger with individuals and assets?

And, lastly, why does it at all times appear to take the disclosure of a vulnerability in an open-source program earlier than the world realizes how essential that program is? Is the business doing sufficient to acknowledge what these software program packages are and prioritizing their safety?

Log4Shell, like Heartbleed earlier than it, demonstrates that, if nothing else, these questions ought to be requested and answered.

Justin Dorfman is open supply program supervisor at cybersecurity firm Reblaze.

Source link

Tags: Log4Shellopensecuritysourceteaches
Previous Post

Global Robotic Process Automation (RPA) Market

Next Post

Devolver Digital’s Weird West delayed to March 31

seprameen

seprameen

Next Post
Devolver Digital's Weird West delayed to March 31

Devolver Digital's Weird West delayed to March 31

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Newsletter

Popular Stories

  • T-Mobile announces another data breach, impacting 37 million accounts

    T-Mobile announces another data breach, impacting 37 million accounts

    0 shares
    Share 0 Tweet 0
  • Study determine the average age at conception for men and women throughout the past 250,000 years

    0 shares
    Share 0 Tweet 0
  • Watch Boston Dynamics’ Stretch unload a DHL trailer

    0 shares
    Share 0 Tweet 0
  • How to Log in to Your Router | Secure your Wi-Fi Network

    0 shares
    Share 0 Tweet 0
  • Tiny11 is out, promising to be Windows 11 without steep hardware requirements

    0 shares
    Share 0 Tweet 0

Security Jobs

View 115 Security Jobs at Tesla

View 165 Security Jobs at Nvidia

View 105 Security Jobs at Google

View 135 Security Jobs at Amamzon

View 131 Security Jobs at IBM

View 95 Security Jobs at Microsoft

View 205 Security Jobs at Meta

View 192 Security Jobs at Intel

Accounting and Finance Hub

Raised Seed, Series A, B, C Funding Round

Get a Free Insurance Quote

Try Our Accounting Service

AI EXPRESS – Hot Deal 4 VCs instabooks.co

AI EXPRESS is a news site that covers the latest developments in Artificial Intelligence, Data Analytics, ML & DL, Algorithms, RPA, NLP, Robotics, Smart Homes & Cities, Cloud & Quantum Computing, AR & VR and Blockchains

Categories

  • AI
  • Ai videos
  • Apps
  • AR & VR
  • Blockchain
  • Cloud
  • Computer Vision
  • Crypto Currency
  • Data analytics
  • Esports
  • Gaming
  • Gaming Videos
  • Investment
  • IOT
  • Iot Videos
  • Low Code No Code
  • Machine Learning
  • NLP
  • Quantum Computing
  • Robotics
  • Robotics Videos
  • RPA
  • Security
  • Smart City
  • Smart Home

Quick Links

  • Reviews
  • Deals
  • Best
  • AI Jobs
  • AI Events
  • AI Directory
  • Industries

© 2021 Aiexpress.io - All rights reserved.

  • Contact
  • Privacy Policy
  • Terms & Conditions

No Result
View All Result
  • AI
  • ML
  • NLP
  • Vision
  • Robotics
  • RPA
  • Gaming
  • Investment
  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video

© 2021 Aiexpress.io - All rights reserved.