444: Mining the Logs
15 December 2021
The broader software problem the Log4Shell vulnerability reveals, and the story of how Chris lit his Coder robe on fire... While wearing it.
- Apple Silicon Guide — A guide covering Apple Silicon including the applications, libraries and tools that will make you a better and more efficient with your Apple Silicon powered device.
- notes.jupiterbroadcasting.com — This site is a searchable archive of the show notes for the all Jupiter Broadcasting shows. Home to the best shows on Linux, Open Source, Security, Privacy, Community, Development, and News.
- How does Jupiter Broadcasting’s notes site work? — It was a normal (for 2021) Sunday evening back in July, I was minding my own business, obviously doing something super cool, when I spotted a message from a certain badger-y fellow in the Self Hosted show’s Discord
- Hackers start pushing malware in worldwide Log4Shell attacks — When the Log4j application parses these logs and encounters the string, the bug will force the server to make a callback, or request, to the URL listed in the JNDI string. Threat actors can then use that URL to pass Base64-encoded commands or Java classes to execute on the vulnerable device.
- Microsoft quietly told Apple it was willing to turn big Xbox-exclusive games into iPhone apps — In reality, Microsoft was willing to play along with many of Apple’s demands — and it even offered to bring triple-A, Xbox-exclusive games to iPhone to help sweeten the deal.
- What’s in Apple’s iOS 15.2, iPadOS 15.2? Nude-Image Detection — In order for the feature to work, parents need to enable it on a family-sharing account.
- Linux Action News 219: Log4Shell Coverage — The Log4Shell vulnerability is making waves this week; we’ll explain why and break down how it works.