Imagine a concrete pillar was built into every building, every bridge. The pillar is a standard part, not great engineering, but without it houses and streets would collapse. Suddenly it turns out that all the pillars have the same design flaw.
Something similar happened on the internet. Except that it's not about a concrete pillar, but a software module called Log4j. It belongs to the Java programming language, which is widespread around the world, and is part of all kinds of software applications that have commercial interests behind them: games like Minecraft, which is played by millions of people; of cloud services in which users save vacation photos, for example.
Cybersecurity Predictions For 2022
Unfortunately, an error has crept into the block, as only now became known. Criminals or state hackers can exploit the security gap to attack IT systems and bring them under their control. It became clear overnight how unstable the architecture of the Internet is.
Now the excitement is justifiably great. Germany's highest authority for IT security put in an extra shift at the weekend. It warns of an "extremely critical threat situation". Other IT experts even speak of the "most worrying vulnerability of the past decade".
The danger is very real because it is impossible to close the vulnerability overnight. Countless attacks have already been reported, although the extent of the damage is still unclear. Companies like Amazon or Apple are potentially just as vulnerable as government agencies. Private users can only wait for the companies concerned to close the gap.
The little code that is so dangerous now is open source. That means: a handful of programmers constructed it in their free time, as did millions of other software modules, some of which are equally important. Voluntarily and without pay, because they enjoy it.
 |
| A bug in software makes prominent services from Apple to Amazon vulnerable |
Only: the programmer is not to blame. They are professionals who act to the best of their ability, but only with half their strength, because they usually have a real job on the side.
Log4j is based on the work of the Apache Software Foundation, an American foundation that claims to have 850 members and an annual budget of $ 1.5 million. Although Amazon, Google, Microsoft and Facebook are among their sponsors, the foundation's equipment is measly compared to the billions that these companies spend on software development.
In truth, the vulnerability reveals a fundamental flaw in the system: How can companies rely on a few brave, idealistic programmers for such critical infrastructure?
One thing is clear: this is practical, saves time and money, because companies can use a tool kit and do not have to write every line of code themselves. It's wrong anyway. To stay in the picture: a construction company wouldn't have a load-bearing bridge cobbled together by a few craftsmen who just do it on the side.
The idea of open source remains correct. In contrast to closed systems, it stands for open, decentralized technology in which nobody has the sole say - neither individual programmers nor corporations. The fact that the traffic light government wants to rely on open source for public IT projects was rightly celebrated by the network community. But that doesn't mean that open source is flawless. Earlier security gaps, which were also based on the principle, showed that.
 |
| Facebook Launches First 3D 'Virtual Reality Social Media App' |
In addition, the companies have to support the programmers who keep the system running more financially and personally - but without destroying the idea of the open Internet. Of all things, Facebook , which can otherwise be criticized for a lot, is a good example in this regard.
The group programs software for websites and apps with a team of developers and makes it available to everyone. Dealing with open source has to change in order for the idea of the free internet to survive.
Do You Know What We Have Posted on
0 Comments