Originally discovered by some bright spark at Alibaba, the vulnerability was reported to the Apache Software Foundation on December 9th, who gave it a CVSS rating of 10, the highest possible score. Dubbed “Log4Shell”, and christened with an awe-inspiring MS Paint logo, the vulnerability has been described as “the single biggest, most critical vulnerability of the last decade”, due to the library’s widespread usage.
In another series of platform outages, AWS has this morning been experiencing downtime. The issues have been reported to affect sites including Facebook, Amazon, McDonalds, and several gaming platforms, according to Downdetector:
Nextcloud is sending their congratulations to the German government for adopting measures to increase the use of open-source software in public IT projects, with “an eye towards Digital Sovereignty of the German government”:
According to Internet monitoring sites Pingdom and Downdetector, multiple major websites have been experiencing outages today, apparently as a result of a Google Cloud outage. According to Internet tracking website NetBlocks, the outage is:
After posting a record profit of $1.321 billion dollars back in August, ASB has decided to sign on with Microsoft as an anchor tenant for their yet-to-be-completed Auckland datacenter. This follows ACC signing up last month as part of an all-of-government agreement between Microsoft and the Department of Internal Affairs.
Major social media services are suffering outages today, further highlighting the importance of decentralised services. It’ll likely be a while before anyone figures out exactly Whatsappened, but security researcher Brian Krebs seems to think the following:
Amazon have announced they’ll be joining Microsoft in the New Zealand market, which above all else, means we’re going to have to put up with two marketing departments trying to compete with each other for the cleverest use of “long white cloud” in their advertising campaigns. We’ll all be looking forward to that.
If you’ve been having trouble accessing services like KiwiBank and NZ Post recently, the latest announcement by CERT NZ may shed some light on the matter. While still pretty scarce ondetail, it sounds like there is a DDoS attack underway targeting several NZ organisations.
ThinLinc 4.13.0 has been released after nearly 8 months of development. According to the release notes the re are 120+ enhancements and fixes, but the big news is support for Python 3. That makes this release very much worth updating to, since Python 2 is no longer receiving security updates and will likely be removed from most distributions in short order.