444: Mining the Logs
40:50 Share

The broader software problem the Log4Shell vulnerability reveals, and the story of how Chris lit his Coder robe on fire... While wearing it.

Sponsored By:

• Linode): Receive a $100 60-day credit towards your new account. ) Promo Code: linode.com/coder
• Network Membership Holiday Discount): Support the entire network, and get access to every member's special feed for every show on the network. Sign up now and save $3/m FOREVER!) Promo Code: 2024

Support Coder Radio)

Links:

• Apple Silicon Guide) — A guide covering Apple Silicon including the applications, libraries and tools that will make you a better and more efficient with your Apple Silicon powered device.
• notes.jupiterbroadcasting.com) — This site is a searchable archive of the show notes for the all Jupiter Broadcasting shows. Home to the best shows on Linux, Open Source, Security, Privacy, Community, Development, and News.
• How does Jupiter Broadcasting's notes site work?) — It was a normal (for 2021) Sunday evening back in July, I was minding my own business, obviously doing something super cool, when I spotted a message from a certain badger-y fellow in the Self Hosted show’s Discord
• Hackers start pushing malware in worldwide Log4Shell attacks) — When the Log4j application parses these logs and encounters the string, the bug will force the server to make a callback, or request, to the URL listed in the JNDI string. Threat actors can then use that URL to pass Base64-encoded commands or Java classes to execute on the vulnerable device. 
• Microsoft quietly told Apple it was willing to turn big Xbox-exclusive games into iPhone apps) — In reality, Microsoft was willing to play along with many of Apple’s demands — and it even offered to bring triple-A, Xbox-exclusive games to iPhone to help sweeten the deal.
• What’s in Apple’s iOS 15.2, iPadOS 15.2? Nude-Image Detection) — In order for the feature to work, parents need to enable it on a family-sharing account. 
• Linux Action News 219: Log4Shell Coverage) — The Log4Shell vulnerability is making waves this week; we'll explain why and break down how it works.