Vulnerabilities don’t get much worse than cases where typing the right characters into a chat box gives you remote access to the world’s Minecraft servers. Whoops.
It’s been termed the worst hack in history, primarily by those seeking cheap clicks, but still…it’s not good. The CVE is rated a 10.0.
The vulnerability will “haunt the Internet for years” (according to some). The reason is that it’s not a front-line or top-stack component but rather something that’s bolted-on as needed at various places in the Java ecosystem. The problem is identifying where it’s in use – your own code, vendor products, open source dependencies, etc.
Interestingly, this may give a boost to those demanding a “software bill of materials”. You can’t buy a piece of industrial equipment without being told all the hazardous materials involved, etc., so why not receive a similar safety list when buying software?
Patches for this vulnerability are already available. The typical LowEndBox reader is less likely to be running a lot of Java…but it does show up in places like Minecraft and also most enterprisey software. Just update already.
Related Posts:
How to Keep Your VPS Safe From Hackers in Less Than 10 Minutes
Five Times When Updating Your OS Would Have Saved You From Being Hacked
Get Ready to Scan Your Passport If You Want to Buy a VM This Summer
My Server Was Getting Constantly Hacked Until I Changed This One Parameter
Danish Cloud Hosting Provider, CloudNordic, Loses All Client Data After Ransomware Attack
No, 'airforce' is Not a Good Password: Check Out This Honeypot
Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.
As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.
Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.
His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.
You can find him daily in the forums at LowEndTalk under the handle @raindog308.
Leave a Reply