We’re in the middle of the holiday season and we couldn’t be more excited. A far cry from last year when the festive mood was abruptly interrupted by the disclosure of Log4shell, a zero-day vulnerability in the popular Java-based logging system Log4j. 

For most of us, last December will be remembered as the month when the soothing jingle of bells, the soaring notes of carolers, and the traditional “Silent Night” were drowned by a bombardment of Slack notifications. 

The ones that required instant remediation.

The ones you don’t want to receive during the holiday season.

If you’re a security professional or a Java developer—or someone who cares at all about not being hacked—your holiday was probably ruined.

As we wrap up the year, we wanted to take a moment not only to reflect on Log4j but also on the other two “4shell” vulnerabilities that were disclosed in 2022. 

And as a special treat, you’ll find an audio representation of the artifacts: three calming LoFi tracks generated by our teammate Lex Vorona that give the listener an aural idea of the health of the packages. On this project, he said: “It is still very much work in progress. There are big chunks of fairly meditative low frequency waves. That’s how the good code should sound with this routine. If anything like a melody starts to emerge—any actual discernible tones—it is something calling to attention. Some method that should be refactored.”

Alright, let’s dive right in…

Log4Shell

The Log4Shell bug posed (and by our most recent report, it’s still posing) a major threat to our global digital infrastructure. It was a major news story and it’s been called “the single biggest, most critical vulnerability ever.” It’s no surprise that this vulnerability received a whopping (Read more...)