{"id":2429,"date":"2021-12-17T15:06:01","date_gmt":"2021-12-17T19:06:01","guid":{"rendered":"https:\/\/www.uqac.ca\/cybersecurite\/?p=2429"},"modified":"2021-12-19T16:03:56","modified_gmt":"2021-12-19T20:03:56","slug":"vulgariser-la-vulnerabilite-log4shell","status":"publish","type":"post","link":"https:\/\/www.uqac.ca\/cybersecurite\/vulgariser-la-vulnerabilite-log4shell\/","title":{"rendered":"Vulgariser la vuln\u00e9rabilit\u00e9  \u00ablog4shell\u00bb"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"alignright is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.uqac.ca\/cybersecurite\/wp-content\/uploads\/2018\/10\/hacker-2300772_1920-1024x683.jpg\" alt=\"\" class=\"wp-image-111\" width=\"291\" height=\"193\" srcset=\"https:\/\/www.uqac.ca\/cybersecurite\/wp-content\/uploads\/2018\/10\/hacker-2300772_1920-1024x683.jpg 1024w, https:\/\/www.uqac.ca\/cybersecurite\/wp-content\/uploads\/2018\/10\/hacker-2300772_1920-300x200.jpg 300w, https:\/\/www.uqac.ca\/cybersecurite\/wp-content\/uploads\/2018\/10\/hacker-2300772_1920-768x512.jpg 768w, https:\/\/www.uqac.ca\/cybersecurite\/wp-content\/uploads\/2018\/10\/hacker-2300772_1920.jpg 1920w\" sizes=\"auto, (max-width: 291px) 100vw, 291px\" \/><\/figure><\/div>\n\n\n\n<p>Cette faille, qui porte le nom \u00ab Log4Shell \u00bb, pr\u00e9occupe \u00e9norm\u00e9ment les ressources en s\u00e9curit\u00e9 de l\u2019information et en cybers\u00e9curit\u00e9. Celle-ci est potentiellement pr\u00e9sente dans de nombreux syst\u00e8mes d\u2019information via des applications qui utilisent du code Java. Par cons\u00e9quent elle peut prendre du temps pour \u00eatre d\u00e9tect\u00e9e et donc \u00eatre corrig\u00e9e.<\/p>\n\n\n\n<p>L\u2019exploitation de cette vuln\u00e9rabilit\u00e9 permet d\u2019ex\u00e9cuter un code malveillant en utilisant la biblioth\u00e8que Log4j. L\u2019attaquant pourrait prendre le contr\u00f4le complet du serveur en tant qu\u2019administrateur et possiblement voler des informations sensibles ou encore de lancer une attaque par d\u00e9ni de service ou introduire un ran\u00e7ongiciel.<\/p>\n\n\n\n<p>C\u2019est une course contre la montre dans le but de d\u00e9tecter la faille et de la corriger avant que les groupes de cybercriminels arrivent \u00e0 l\u2019exploiter.<\/p>\n\n\n\n<p>Que\npouvez-vous faire pour aider l\u2019UQAC \u00e0 assurer la s\u00e9curit\u00e9 de l\u2019information ??<\/p>\n\n\n\n<p style=\"background-color:#5a7410\" class=\"has-text-color has-background has-very-light-gray-color\">Respectez les dispositifs de s\u00e9curit\u00e9 mis en place par l&rsquo;UQAC;<br>Appliquez des  <a href=\"https:\/\/www.uqac.ca\/cybersecurite\/wp-content\/uploads\/2019\/10\/Semaine-5-Meilleures-pratiques-1.pdf\">bonnes pratiques<\/a>  pour une hygi\u00e8ne num\u00e9rique  dans vos activit\u00e9s professionnelles;<br>Compl\u00e9tez l<a href=\"https:\/\/secure.terranovasite.com\/portal\/Login\/e\/84aaf608-9278-4b17-9a30-866caa6ea8f3\">es modules de sensibilisat<\/a>ion \u00e0 la cybers\u00e9curit\u00e9;<br>D\u00e9clarez les <a href=\"https:\/\/www.uqac.ca\/cybersecurite\/index.php\/disi\/\">incidents de s\u00e9curit\u00e9<\/a> de l&rsquo;information.<\/p>\n\n\n\n<p>Concernant Log4shell:<br><a href=\"https:\/\/www.lemondeinformatique.fr\/actualites\/lire-cryptomineur-ransomware-botnet-la-faille-log4shell-exploitee-ad-nauseam-85152.html?utm_source=ActiveCampaign&amp;utm_medium=email&amp;utm_campaign=NL+LMI+Selection+19122021&amp;ep_ee=c699293ffe46dc17b700d097beede03dd3b66bf5&amp;vgo_ee=yHs4FVvMf7ZPUv9Y8IPl9%2FnfP220uInzfzcbXDtbGZ8%3D\">Cryptomineur, ransomware, botnet : la faille Log4shell exploit\u00e9e ad nauseam &#8211; Le Monde Informatique<\/a><br><a href=\"https:\/\/www.clubic.com\/antivirus-securite-informatique\/dossier-398829-qu-est-ce-que-log4shell-la-vulnerabilite-qui-enflamme-internet.html\">Qu&rsquo;est-ce que Log4Shell, la vuln\u00e9rabilit\u00e9 qui enflamme Internet ? (clubic.com)<\/a> <br><a href=\"https:\/\/www.commentcamarche.net\/securite\/piratage\/25089-log4shell-la-faille-de-securite-qui-affole-internet\/\">Log4Shell&nbsp;: la faille de s\u00e9curit\u00e9 qui affole Internet (commentcamarche.net)<\/a> <\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cette faille, qui porte le nom \u00ab Log4Shell \u00bb, pr\u00e9occupe \u00e9norm\u00e9ment les ressources en s\u00e9curit\u00e9 de l\u2019information et en cybers\u00e9curit\u00e9.<\/p>\n","protected":false},"author":9,"featured_media":111,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4,6],"tags":[],"class_list":["post-2429","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-actualite","category-tentatives-de-fraude"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/posts\/2429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/comments?post=2429"}],"version-history":[{"count":11,"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/posts\/2429\/revisions"}],"predecessor-version":[{"id":2446,"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/posts\/2429\/revisions\/2446"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/media\/111"}],"wp:attachment":[{"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/media?parent=2429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/categories?post=2429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.uqac.ca\/cybersecurite\/wp-json\/wp\/v2\/tags?post=2429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}