Hey there everyone, your friendly neighborhood tech pede here. Not sure how much attention people here pay to tech news but over the past two days there has been a bit of info that's been trickling into even some mainstream news sites about a recently discovered vulnerability called Log4Shell. These sites have been saying how this vulnerability has the potential to be pretty bad. As a guy that's worked in tech for pretty much all my life, let me rephrase that for them. This vulnerability has the potential to be catastrophic.
I work in the civ, non-gov't sector and I have more NDAs signed than I can count so I can't go into specifics of clients or ongoing cases that we're involved in. But we see cases come in where massive companies get their data stolen and ransomed for millions and no one at my work really thinks twice about it because we work with this stuff every day. But this one has us all worried.
What is this vulnerability?
There's a couple jargon filled writeups here:
But long story short, in order for a website or service to be accessible via the Internet, it needs a web server in place. The most widely used one of these is a web server called Apache that's been around for about 25 years. Every web server (and really any application on a computer) keeps a log of everything that it does in order to track errors, see unauthorized access, that kind of thing. This exploit specifically targets this built-in logging feature in Apache in order to gain full access to the web server and drop pretty much anything it wants on it.
So how bad is it?
Bad. Really, really bad. Bad enough that as soon as it was released, it immediately hit the ceiling as a 10.0 out of 10.0 on the CVE index and that was only because the index didn't go higher. For reference, the HAFNIUM exploits from this past February/March that caused hundreds of thousands of mail servers across the globe to have their data stolen and their systems crashed didn't even reach that mark, with most of the affected CVEs for that exploit coming in at 7.8.
Unlike the HAFNIUM exploit, this vulnerability appears to have the potential to be a C2C (computer to computer) worm, which means that once it's infected a web server it can spread uncontrolled to basically any device connected to that web server.
So it only affects these web servers, right?
Not necessarily. Evidence is still coming out but it appears as though this may be able to spread to any device that communicates with an Apache-based web server. The biggest example right now is Minecraft, which released a zero-day patch just yesterday to help protect against this. Basically if you don't have that patch then if you connect to a multiplayer server then you're vulnerable.
But it's not just services like Minecraft. A lot of applications also have what's referred to as integrated web servers, which is where the Apache web server does not exist independently of the application. If it were to be independent, then you could just patch the web server and call it a day. But if it's integrated you need to re-code portions of the ENTIRE application in order to get it updated to protect against this. There's not enough manpower in the world to do this.
Look at the numbers of just websites running Apache alone. There are over 1.7 billion websites in the world and about 32% are known to run Apache. The actual number is most certainly higher. Even in a best-case scenario, we're looking at over 500 million websites that are affected by this.
But again, it's not just websites, it's services as well...especially services that run on Java. You know that fancy satellite radio in your car? That runs on Java and reports to a web server. You know that new TV you got on Black Friday? Yep, that runs Java and reports to a web server. That fancy new smart plug that lets you turn lights on and off from your phone? Take a guess.
Seeing why we're worried?
Well, crap.
Don't worry, it gets worse! So far there have been a list of about 150 international backbone companies that have been seen to be affected by this. These companies range from everything from home devices to antivirus and backup software. Some companies such as Kronos (UKG) have already had their services nuked...whether it's by this vulnerability or not isn't known yet. But Kronos is saying that it will be "several weeks" before things are back functioning again.
https://www.theregister.com/2021/12/13/ultimate_kronos_group_ransomware_attack/
So once this hits a server, it hits FAST and it hits HARD and it goes DOWN.
So these attacks are already happening?
They haven't even really started, that's the fun part. There has been some evidence that these have been circulating to some extent in the wild but there hasn't been a mass-scale attack like we've usually seen. Current insiders are estimating that a worm that can fully take advantage of this C2C spread will be completed and deployed within 24-48 hours:
https://nitter.net/Laughing_Mantis/status/1470165580736987137
So what should I do?
If you're in tech, get your Apache web servers updated immediately. Get off this site and just do it. If you have kids that are running a Minecraft server (hell, just even playing Minecraft on PC in general) then make sure it's updated. Microsoft has more info here:
https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition
If you're just a regular tech user then make sure you have a few good, long books just in case things go FUBAR. And strap the fuck in.
Just throwing this out there because I know that if Trump doesn't come out with confetti cannons and marching 500 people across the screen in handcuffs then half the board is going to be filled with "Whaaaa game over man, game over!"...
It's entirely possible that this speech will look like a concession. It's entirely possible he may mention the "Biden administration". It's entirely possible that he may say that he's leaving and never coming back, blah blah blah.
Before people get all doom-y about that, just remember that optics are everything and that the crux of this whole thing centers around the military, not just Trump. So if he comes out and says he's leaving, make sure to listen to his words. Get into a neutral headspace as best as possible in the next few minutes. Don't lead with your emotions, lead with your critical thinking.
Have I just had too much hopium? Sure, maybe. But with everything that we've seen going on today, there is zero reason why you should watch this and come away with the thought that everything is screwed. If Biden is inaugurated tomorrow and everyone's singing Kumbayah on the stage and everything goes as they're saying, then sure. That's the time when we know things are messed up. But it's not that time and it's not that day. So watch with a neutral mind, listen and observe. If you don't think you can handle it right now, watch it later. Take a moment to pray beforehand for our country and for your peace of mind if you're so inclined. But above all else, be calm.
I'm especially targeting this post toward all those people that have been blasting crap from that fake "Patrick Byrne" account on Telegram. Using that account as an example, let's point out some issues with this using logic:
1 - Why would someone who went out of their way to disavow Q suddenly create an account on a new platform (an unverified account at that) and one of the first posts is talking about how Q is real?
2 - Even if this was the real Patrick Byrne, so what? How are they suddenly in this super-secret inner sanctum? Even if they were, why would they broadcast comms about super-secret meetings in a public space?
3 - Why are they posting unverified garbage that's been debunked for ages about "OoOh this BelL was On JFK's ShiiIp" -- seen too many of those posts on here tonight.
4 - Why would they share a post from an imposter Lin Wood account? (see shared video on that page from 1/12 @ 12:09pm Eastern). Lin's only accounts on Telegram are @LLinWood and @LinWoodSpeaksTruth. So by sharing that either this "Patrick" account is a) extremely gullible or b) a bad actor. No positive outcomes there.
But apart from that:
Look, we're at a stage where disinfo is at the highest it's ever been on the Internet. The mass banning from social media of conservative voices only made that worse. Everyone's fleeing to these new communication apps that allow people to create unverified accounts and spread garbage like wildfire.
On top of that, there are a massive amount of both handshake accounts and newbie accounts on this board that are either spreading disinfo themselves or--frankly--too late to the game to catch up at this point. People are frantically grasping for whatever straws they can find and getting all wrapped up in nonsense.
Look. What's been the purpose of Q all along? To give us info about what's going on behind the scenes and give us a tiny glimpse behind the curtain on some things going on. But we're at a point where there cannot be any glimpses afforded behind the curtain. Do you really think that when this operation that has been said to be in the works for decades is just about to reach its peak, there would be info about the exact movements that are happening in real time? Not a chance.
Has there ever been a time that Q has said "hey I need you all to meet at this time and do X, Y, Z?" Nope. The only reason info has been shared is to provide us with spoilers for the movie. That way we can fill people in who haven't seen the movie once it's over.
And that's what it is right now: a movie. So if you're getting all wrapped up in following accounts and pages and wondering which is real and what might be going on...well, don't. There is zero you can do right now to change or affect anything. Got a little food and water stocked up for a bit in case SHTF? Cool. That's all you can do. Enjoy the movie. If it's getting to you, take a walk outside. Go to the gym. Hike a mountain or something, I don't know.
And remember one of the most important things Q has dropped:
Think logically. No outside comms.
You know, might just be me overthinking things. Or maybe someone’s already mentioned this. But I’ve been seeing a lot of people saying that today might be the start of the “10 days of darkness”. And we definitely have every reason to think that.
So if today the 7th is the first day, we have 9 more to go. And what’s the day after these 10 days of darkness end?
The 17th.
Darkness into light.