Tech Companies Racing to Fix At-Risk Internet Software
2021-12-17
LRC
TXT
大字
小字
滚动
全页
1Computer security experts around the world are trying to fix one of the worst software weaknesses found in years.
2The vulnerability is in an open-source program widely used by government and industry.
3It has become a major threat to organizations around the world.
4"The internet's on fire right now," said Adam Meyers.
5He is the vice president at the cybersecurity company Crowdstrike.
6The problem is found in an open-source Apache utility called log4j.
7It is used to run websites and other web services.
8The vulnerability is known as "Log4Shell."
9The software problem's severity was rated 10 on a scale from one to 10 by the Apache Software Foundation,
10which oversees development of the software.
11The vulnerability was reported on November 24 by the Chinese technology company Alibaba.
12It took two weeks to develop a patch.
13Last week, Meyers said that within 12 hours of discovering the problem it had been "fully weaponized."
14He said criminals have already developed and distributed tools to exploit it.
15Experts say the bug, another word for a software problem, may be the worst computer weakness discovered in years.
16The Apache software is used in almost all cloud computing servers, across industry and government.
17Unless it is fixed, the bug gives criminals the ability to easily access internal networks.
18There, they could steal important data, put malware in place, and do much more damage.
19Joe Sullivan is the head of security for Cloudflare, a company that protects websites from security threats.
20"I'd be hard-pressed to think of a company that's not at risk," he said.
21Millions of servers have the software, and experts said the impact would not be known for several days.
22Amit Yoran is the head the cybersecurity company Tenable.
23He called it "the single biggest, most critical vulnerability of the last decade,"
24and maybe the history of modern computing.
25Experts said the vulnerability makes it easy for an attacker to access a web server, and makes it very dangerous.
26There is no password required to access a server.
27Patching the bug could be a difficult job.
28Most organizations and cloud providers like Amazon should be able to update their web servers easily.
29But the same Apache software is also used by many third-party programs, which often can only be updated by their owners.
30Yoran, of Tenable, said organizations need to act as if they have been affected and fix the problem.
31The first clear signs of the bug's exploitation appeared in Minecraft, an online game popular with children.
32Attackers were able to take over one of the world-building game's servers before Microsoft,
33which owns Minecraft, patched the problem.
34Microsoft said it had completed a software update for Minecraft users.
35"Customers who apply the fix are protected," the company said.
36Researchers say the vulnerability could also be exploited in servers run by companies like Apple, Amazon, Twitter and Cloudflare.
37I'm Dan Novak.
1Computer security experts around the world are trying to fix one of the worst software weaknesses found in years. 2The vulnerability is in an open-source program widely used by government and industry. It has become a major threat to organizations around the world. 3"The internet's on fire right now," said Adam Meyers. He is the vice president at the cybersecurity company Crowdstrike. 4The problem is found in an open-source Apache utility called log4j. It is used to run websites and other web services. The vulnerability is known as "Log4Shell." 5The software problem's severity was rated 10 on a scale from one to 10 by the Apache Software Foundation, which oversees development of the software. 6The vulnerability was reported on November 24 by the Chinese technology company Alibaba. It took two weeks to develop a patch. 7Last week, Meyers said that within 12 hours of discovering the problem it had been "fully weaponized." He said criminals have already developed and distributed tools to exploit it. 8Experts say the bug, another word for a software problem, may be the worst computer weakness discovered in years. The Apache software is used in almost all cloud computing servers, across industry and government. 9Unless it is fixed, the bug gives criminals the ability to easily access internal networks. There, they could steal important data, put malware in place, and do much more damage. 10Joe Sullivan is the head of security for Cloudflare, a company that protects websites from security threats. 11"I'd be hard-pressed to think of a company that's not at risk," he said. Millions of servers have the software, and experts said the impact would not be known for several days. 12Amit Yoran is the head the cybersecurity company Tenable. He called it "the single biggest, most critical vulnerability of the last decade," and maybe the history of modern computing. 13Experts said the vulnerability makes it easy for an attacker to access a web server, and makes it very dangerous. There is no password required to access a server. 14Patching the bug could be a difficult job. Most organizations and cloud providers like Amazon should be able to update their web servers easily. But the same Apache software is also used by many third-party programs, which often can only be updated by their owners. 15Yoran, of Tenable, said organizations need to act as if they have been affected and fix the problem. 16The first clear signs of the bug's exploitation appeared in Minecraft, an online game popular with children. Attackers were able to take over one of the world-building game's servers before Microsoft, which owns Minecraft, patched the problem. 17Microsoft said it had completed a software update for Minecraft users. "Customers who apply the fix are protected," the company said. 18Researchers say the vulnerability could also be exploited in servers run by companies like Apple, Amazon, Twitter and Cloudflare. 19I'm Dan Novak. 20The Associated Press reported this story. Dan Novak adapted for VOA Learning English. Susan Shand was the editor. 21_______________________________________ 22Words in This Story 23vulnerability - n. something open to attack, harm, or damage 24utility - n. a computer program that does a specific task 25patch - n. a program that corrects or updates an existing program 26exploit - v. to use in a way that helps you unfairly 27malware - n. a computer program that is designed to damage or break into a computer