Dangerous vulnerability in standard program affects us all

logo_300

Politics must protect consumers and companies

The vulnerability in the Log4j program that was uncovered over the weekend is a security emergency for everyone. Large corporations and home users of Apple, Google, Amazon and other applications are now vulnerable to a vulnerability in a widely used component of Java software. Hans Wilhelm DĂŒnn, President of the Cyber-Sicherheitsrat Deutschland e.V. said:

“Imagine that the standard brick used in your house does not hold up and puts the whole building in danger of collapsing – at the same time criminals use the stone to break your window. We now have this risk situation millions of times with the Log4j vulnerability.”

The Log4j program module was developed using the open source process and has been adopted by numerous software manufacturers. It is used to log the activities of a program in order to be able to solve problems afterwards. The discovered vulnerability allows intruders to write and execute their own program code in the log. Possible goals are the use of third-party computers to produce cryptocurrencies, the encryption of files to extort a ransom or a complete takeover of the system.

Since the security gap has to be closed by the program operators, companies and consumers are currently helpless. The incident shows the dependence on software components – both for individuals and large corporations. Hans-Wilhelm DĂŒnn recommends in this situation:

“Promptly install the updates that are offered to you. Back up all relevant data offline to keep the potential for damage low.”

The Federal Authority for Information Security (BSI) has now issued a red warning and considers the vulnerability to be the greatest threat in cyberspace at the moment. Hans-Wilhelm DĂŒnn demands:

“We must not blindly rely on what software vendors write into their programs for us. Businesses and consumers don’t have the expertise to protect themselves from the mistakes of others. That is why politicians must act and enable independent certification of security-related software. Security is a state task – the federal government must also live up to this claim in the digital sphere.”

The Cyber Security Council Germany e.V. was founded in August 2012 by well-known personalities. The Berlin-based association is politically neutral and advises companies, public authorities and political decision-makers in the field of cyber security. The association’s members include large and medium-sized companies, operators of critical infrastructures as well as federal states and federal institutions, experts and political decision-makers with a connection to cyber security. Through its members, the association represents more than three million employees from the business community and nearly two million members from associations and clubs. The Cyber Security Council Germany e.V. informs and supports its members with a wide range of services and aligns its activities with their operational and business needs.

V.i.S.d.P.: Hans-Wilhelm DĂŒnn, PrĂ€sident, Cyber-Sicherheitsrat Deutschland e.V.

Contact: Hannes Harthun, Chief of Staff; Telefon: +49 30 / 6796 365 26
E-Mail: harthun@cybersicherheitsrat.de

Datenschutz
Wenn Sie unsere Website besuchen, werden möglicherweise Informationen ĂŒber Ihren Browser von bestimmten Diensten gespeichert, in der Regel in Form von Cookies. Weitere Informationen finden Sie in unserer DatenschutzerklĂ€rung.