Log4J Zero Day: Minecraft (and everything else Java) may be in trouble -- (CVE-2021-44228)

in #technologylast year (edited)

I didn't make either video, but they both have embedding enabled (and views/ad revenue for the creators are the same as if you loaded the video on YouTube) so I figured I'd put them here.

So I know this not what I usually post, but hey, why not share it here anyway. So earlier today a vulnerability was discovered in the Java plugin Log4J that allows anybody to get remote access to any server running it. I am extremely bad at programming, so I won't go into much more details as to how it works (because I can't aside from the above paragraph), but it may be worth checking out, and the videos above seem to give a decent overview of the basics.

If you do have anything running Java it wouldn't hurt to make sure that you aren't effected (say, a Minecraft server). Otherwise, however, most of the possible exploits are probably on services you have no control over. Now of course there's no way you yourself can protect your data on a company's servers (e.g. Twitch) from a data leak, though, so there's not a ton most of use can do.

That said, complex passwords that are different for each service will help isolate any data lost in your account (if, say, your LinkedIn password was leaked and you reused your password it could be used to compromise other non-leaked accounts).

I did a video on the password manager KeePass a while back, you may wish to check it out.

Additionally, two factor authentication is always a good way prevent somebody from gaining unauthorized access to your account if they have obtained your password (but will not help you if a company's servers themselves are attacked).

That's about it. Hope you found this interesting or useful. Stay safe!