A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organizations around the world.
“The Internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike.
“People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said on Friday that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.
The flaw may be the worst computer vulnerability discovered in years.
It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.
The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,
Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.
New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported on Thursday and a patch released.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.
Mr Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.
The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Mr Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.
Microsoft said it had issued a software update for Minecraft users.
“Customers who apply the fix are protected,” it said.
Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.
Mr Sullivan of Cloudflare said there we no indication his company’s servers had been compromised.
MATCH INFO
Uefa Champions League final:
Who: Real Madrid v Liverpool
Where: NSC Olimpiyskiy Stadium, Kiev, Ukraine
When: Saturday, May 26, 10.45pm (UAE)
TV: Match on BeIN Sports
More from Rashmee Roshan Lall
FIXTURES
Monday, January 28
Iran v Japan, Hazza bin Zayed Stadium (6pm)
Tuesday, January 29
UAEv Qatar, Mohamed Bin Zayed Stadium (6pm)
Friday, February 1
Final, Zayed Sports City Stadium (6pm)
How to improve Arabic reading in early years
One 45-minute class per week in Standard Arabic is not sufficient
The goal should be for grade 1 and 2 students to become fluent readers
Subjects like technology, social studies, science can be taught in later grades
Grade 1 curricula should include oral instruction in Standard Arabic
First graders must regularly practice individual letters and combinations
Time should be slotted in class to read longer passages in early grades
Improve the appearance of textbooks
Revision of curriculum should be undertaken as per research findings
Conjugations of most common verb forms should be taught
Systematic learning of Standard Arabic grammar
UAE currency: the story behind the money in your pockets
MATCH INFO
Chelsea 1
Alonso (62')
Huddersfield Town 1
Depoitre (50')
The specs
Engine: Dual 180kW and 300kW front and rear motors
Power: 480kW
Torque: 850Nm
Transmission: Single-speed automatic
Price: From Dh359,900 ($98,000)
On sale: Now
Dhadak
Director: Shashank Khaitan
Starring: Janhvi Kapoor, Ishaan Khattar, Ashutosh Rana
Stars: 3
LILO & STITCH
Starring: Sydney Elizebeth Agudong, Maia Kealoha, Chris Sanders
Director: Dean Fleischer Camp
Rating: 4.5/5
Company%20profile
%3Cp%3EName%3A%20Cashew%0D%3Cbr%3EStarted%3A%202020%0D%3Cbr%3EFounders%3A%20Ibtissam%20Ouassif%20and%20Ammar%20Afif%0D%3Cbr%3EBased%3A%20Dubai%2C%20UAE%0D%3Cbr%3EIndustry%3A%20FinTech%0D%3Cbr%3EFunding%20size%3A%20%2410m%0D%3Cbr%3EInvestors%3A%20Mashreq%2C%20others%0D%3C%2Fp%3E%0A
Five famous companies founded by teens
There are numerous success stories of teen businesses that were created in college dorm rooms and other modest circumstances. Below are some of the most recognisable names in the industry:
- Facebook: Mark Zuckerberg and his friends started Facebook when he was a 19-year-old Harvard undergraduate.
- Dell: When Michael Dell was an undergraduate student at Texas University in 1984, he started upgrading computers for profit. He starting working full-time on his business when he was 19. Eventually, his company became the Dell Computer Corporation and then Dell Inc.
- Subway: Fred DeLuca opened the first Subway restaurant when he was 17. In 1965, Mr DeLuca needed extra money for college, so he decided to open his own business. Peter Buck, a family friend, lent him $1,000 and together, they opened Pete’s Super Submarines. A few years later, the company was rebranded and called Subway.
- Mashable: In 2005, Pete Cashmore created Mashable in Scotland when he was a teenager. The site was then a technology blog. Over the next few decades, Mr Cashmore has turned Mashable into a global media company.
- Oculus VR: Palmer Luckey founded Oculus VR in June 2012, when he was 19. In August that year, Oculus launched its Kickstarter campaign and raised more than $1 million in three days. Facebook bought Oculus for $2 billion two years later.
Our family matters legal consultant
Name: Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
First-round leaderbaord
-5 C Conners (Can)
-3 B Koepka (US), K Bradley (US), V Hovland (Nor), A Wise (US), S Horsfield (Eng), C Davis (Aus);
-2 C Morikawa (US), M Laird (Sco), C Tringale (US)
Selected others: -1 P Casey (Eng), R Fowler (US), T Hatton (Eng)
Level B DeChambeau (US), J Rose (Eng)
1 L Westwood (Eng), J Spieth (US)
3 R McIlroy (NI)
4 D Johnson (US)
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
The specs: 2018 GMC Terrain
Price, base / as tested: Dh94,600 / Dh159,700
Engine: 2.0-litre turbocharged four-cylinder
Power: 252hp @ 5,500rpm
Torque: 353Nm @ 2,500rpm
Transmission: Nine-speed automatic
Fuel consumption, combined: 7.4L / 100km
Wicked: For Good
Director: Jon M Chu
Starring: Ariana Grande, Cynthia Erivo, Jonathan Bailey, Jeff Goldblum, Michelle Yeoh, Ethan Slater
Rating: 4/5
Cracks in the Wall
Ben White, Pluto Press
Farasan Boat: 128km Away from Anchorage
Director: Mowaffaq Alobaid
Stars: Abdulaziz Almadhi, Mohammed Al Akkasi, Ali Al Suhaibani
Rating: 4/5
if you go
The flights
The closest international airport to the TMB trail is Geneva (just over an hour’s drive from the French ski town of Chamonix where most people start and end the walk). Direct flights from the UAE to Geneva are available with Etihad and Emirates from about Dh2,790 including taxes.
The trek
The Tour du Mont Blanc takes about 10 to 14 days to complete if walked in its entirety, but by using the services of a tour operator such as Raw Travel, a shorter “highlights” version allows you to complete the best of the route in a week, from Dh6,750 per person. The trails are blocked by snow from about late October to early May. Most people walk in July and August, but be warned that trails are often uncomfortably busy at this time and it can be very hot. The prime months are June and September.
MATCH INFO
What: 2006 World Cup quarter-final
When: July 1
Where: Gelsenkirchen Stadium, Gelsenkirchen, Germany
Result:
England 0 Portugal 0
(Portugal win 3-1 on penalties)
The Word for Woman is Wilderness
Abi Andrews, Serpent’s Tail
Juliot Vinolia’s checklist for adopting alternate-day fasting
- Don’t do it more than once in three days
- Don’t go under 700 calories on fasting days
- Ensure there is sufficient water intake, as the body can go in dehydration mode
- Ensure there is enough roughage (fibre) in the food on fasting days as well
- Do not binge on processed or fatty foods on non-fasting days
- Complement fasting with plant-based foods, fruits, vegetables, seafood. Cut out processed meats and processed carbohydrates
- Manage your sleep
- People with existing gastric or mental health issues should avoid fasting
- Do not fast for prolonged periods without supervision by a qualified expert
If you go...
Etihad flies daily from Abu Dhabi to Zurich, with fares starting from Dh2,807 return. Frequent high speed trains between Zurich and Vienna make stops at St. Anton.
Stormy seas
Weather warnings show that Storm Eunice is soon to make landfall. The videographer and I are scrambling to return to the other side of the Channel before it does. As we race to the port of Calais, I see miles of wire fencing topped with barbed wire all around it, a silent ‘Keep Out’ sign for those who, unlike us, aren’t lucky enough to have the right to move freely and safely across borders.
We set sail on a giant ferry whose length dwarfs the dinghies migrants use by nearly a 100 times. Despite the windy rain lashing at the portholes, we arrive safely in Dover; grateful but acutely aware of the miserable conditions the people we’ve left behind are in and of the privilege of choice.
The President's Cake
Director: Hasan Hadi
Starring: Baneen Ahmad Nayyef, Waheed Thabet Khreibat, Sajad Mohamad Qasem
Rating: 4/5
MATCH INFO
Borussia Dortmund 0
Bayern Munich 1 (Kimmich 43')
Man of the match: Joshua Kimmich (Bayern Munich)
UAE currency: the story behind the money in your pockets
GIANT REVIEW
Starring: Amir El-Masry, Pierce Brosnan
Director: Athale
Rating: 4/5
Easter%20Sunday
%3Cp%3EDirector%3A%20Jay%20Chandrasekhar%3Cbr%3EStars%3A%20Jo%20Koy%2C%20Tia%20Carrere%2C%20Brandon%20Wardell%2C%20Lydia%20Gaston%3Cbr%3ERating%3A%203.5%2F5%3C%2Fp%3E%0A
What can victims do?
Always use only regulated platforms
Stop all transactions and communication on suspicion
Save all evidence (screenshots, chat logs, transaction IDs)
Report to local authorities
Warn others to prevent further harm
Courtesy: Crystal Intelligence
Uefa Champions League last 16 draw
Juventus v Tottenham Hotspur
Basel v Manchester City
Sevilla v Manchester United
Porto v Liverpool
Real Madrid v Paris Saint-Germain
Shakhtar Donetsk v Roma
Chelsea v Barcelona
Bayern Munich v Besiktas
Greatest Royal Rumble results
John Cena pinned Triple H in a singles match
Cedric Alexander retained the WWE Cruiserweight title against Kalisto
Matt Hardy and Bray Wyatt win the Raw Tag Team titles against Cesaro and Sheamus
Jeff Hardy retained the United States title against Jinder Mahal
Bludgeon Brothers retain the SmackDown Tag Team titles against the Usos
Seth Rollins retains the Intercontinental title against The Miz, Finn Balor and Samoa Joe
AJ Styles remains WWE World Heavyweight champion after he and Shinsuke Nakamura are both counted out
The Undertaker beats Rusev in a casket match
Brock Lesnar retains the WWE Universal title against Roman Reigns in a steel cage match
Braun Strowman won the 50-man Royal Rumble by eliminating Big Cass last
