L*********s
发帖数: 3063 | 1 这个漏洞是有人故意按插进去的吗?作者是干嘛的,黑客?NSA员工吗? |
m*****n
发帖数: 204 | |
h******t
发帖数: 872 | 3 Alibaba Cloud Security team’s Chen Zhaojun
Allocated CVE-2021-44228 and first reported by Alibaba Cloud Security team’
s Chen Zhaojun, the vulnerability (dubbed “Log4Shell”) is in widely used
open source software Log4j.
https://thestack.technology/critical-vulnerability-in-log4j-sets-off-an-
internet-cluster-bomb/ |
l******t
发帖数: 55733 | 4 这是reporter把
【在 h******t 的大作中提到】
: Alibaba Cloud Security team’s Chen Zhaojun
: Allocated CVE-2021-44228 and first reported by Alibaba Cloud Security team’
: s Chen Zhaojun, the vulnerability (dubbed “Log4Shell”) is in widely used
: open source software Log4j.
: https://thestack.technology/critical-vulnerability-in-log4j-sets-off-an-
: internet-cluster-bomb/
|
h******t
发帖数: 872 | 5 Can't you read English?
Inside the Race to Fix a Potentially Disastrous Software Flaw
An employee on Alibaba’s cloud-security team alerted Apache’s developers
of the flaw and urged them to ‘please hurry up’
https://www.bloomberg.com/news/articles/2021-12-13/how-apache-raced-to-fix-a
-potentially-disastrous-software-flaw |
l******t
发帖数: 55733 | 6 这是报告者啊最先发现的。难道不是在问谁搞的吗?
-a
【在 h******t 的大作中提到】
: Can't you read English?
: Inside the Race to Fix a Potentially Disastrous Software Flaw
: An employee on Alibaba’s cloud-security team alerted Apache’s developers
: of the flaw and urged them to ‘please hurry up’
: https://www.bloomberg.com/news/articles/2021-12-13/how-apache-raced-to-fix-a
: -potentially-disastrous-software-flaw
|
L*********s
发帖数: 3063 | 7 不懂中文吗?
我问的是始作俑者不是reporter,是谁把有后门的代码push上去的。那个作者是否可能
是故意的,要
查他的背景,是不是给C-I-A工作过。
-a
【在 h******t 的大作中提到】
: Can't you read English?
: Inside the Race to Fix a Potentially Disastrous Software Flaw
: An employee on Alibaba’s cloud-security team alerted Apache’s developers
: of the flaw and urged them to ‘please hurry up’
: https://www.bloomberg.com/news/articles/2021-12-13/how-apache-raced-to-fix-a
: -potentially-disastrous-software-flaw
|
L*********s
发帖数: 3063 | 8 我不懂那些代码。报道有说查到最初是哪个commit吗?
【在 m*****n 的大作中提到】
: 你去扒吧,GitHub上都有。
|
