Results 1 to 13 of 13

Thread: log4j - High vulnerability malware

  1. #1

    Thread Starter
    Wall Poster TysonLPrice's Avatar
    Join Date
    Sep 2002
    Location
    Columbus, Ohio
    Posts
    3,670

    log4j - High vulnerability malware

    This might be the Covid-19 of the internet...

    https://www.theverge.com/2021/12/10/...ro-day-exploit

    https://www.pcmag.com/news/countless...ro-day-exploit

    I take it to be a way to inject malicious code via a error logging application common in JAVA apps. There is already a fix at the highest levels. It is a matter of getting everyone "vaccinated".
    Please remember next time...elections matter!

  2. #2

  3. #3
    Angel of Code Niya's Avatar
    Join Date
    Nov 2011
    Posts
    7,596

    Re: log4j - High vulnerability malware

    Oh my. I wonder if Windows uses this anywhere in it's guts. I know that some software requires a Java installation on Windows so it's possible. Maybe it's time for me to trigger a Windows Update.
    Treeview with NodeAdded/NodesRemoved events | BlinkLabel control | Calculate Permutations | Object Enums | ComboBox with centered items | .Net Internals article(not mine) | Wizard Control | Understanding Multi-Threading | Simple file compression | Demon Arena

    Copy/move files using Windows Shell | I'm not wanted

    C++ programmers will dismiss you as a cretinous simpleton for your inability to keep track of pointers chained 6 levels deep and Java programmers will pillory you for buying into the evils of Microsoft. Meanwhile C# programmers will get paid just a little bit more than you for writing exactly the same code and VB6 programmers will continue to whitter on about "footprints". - FunkyDexter

    There's just no reason to use garbage like InputBox. - jmcilhinney

    The threads I start are Niya and Olaf free zones. No arguing about the benefits of VB6 over .NET here please. Happiness must reign. - yereverluvinuncleber

  4. #4

    Thread Starter
    Wall Poster TysonLPrice's Avatar
    Join Date
    Sep 2002
    Location
    Columbus, Ohio
    Posts
    3,670

    Re: log4j - High vulnerability malware

    We are affected by this and are scrambling with fixes. I don't know the details. I'm not in that area.
    Please remember next time...elections matter!

  5. #5
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,785

    Re: log4j - High vulnerability malware

    We're getting lots of customers asking if we're affected. We're not but some of them really seem to want us to be.
    The best argument against democracy is a five minute conversation with the average voter - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

  6. #6
    Smooth Moperator techgnome's Avatar
    Join Date
    May 2002
    Posts
    33,804

    Re: log4j - High vulnerability malware

    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  7. #7
    Angel of Code Niya's Avatar
    Join Date
    Nov 2011
    Posts
    7,596

    Re: log4j - High vulnerability malware

    LMAO... That is so funny.
    Treeview with NodeAdded/NodesRemoved events | BlinkLabel control | Calculate Permutations | Object Enums | ComboBox with centered items | .Net Internals article(not mine) | Wizard Control | Understanding Multi-Threading | Simple file compression | Demon Arena

    Copy/move files using Windows Shell | I'm not wanted

    C++ programmers will dismiss you as a cretinous simpleton for your inability to keep track of pointers chained 6 levels deep and Java programmers will pillory you for buying into the evils of Microsoft. Meanwhile C# programmers will get paid just a little bit more than you for writing exactly the same code and VB6 programmers will continue to whitter on about "footprints". - FunkyDexter

    There's just no reason to use garbage like InputBox. - jmcilhinney

    The threads I start are Niya and Olaf free zones. No arguing about the benefits of VB6 over .NET here please. Happiness must reign. - yereverluvinuncleber

  8. #8
    Smooth Moperator techgnome's Avatar
    Join Date
    May 2002
    Posts
    33,804

    Re: log4j - High vulnerability malware

    It gets better ... here's the full twitter thread... https://twitter.com/rickhanlonii/sta...74730279546895

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  9. #9
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    18,152

    Re: log4j - High vulnerability malware

    Quote Originally Posted by techgnome View Post
    It gets better ... here's the full twitter thread... https://twitter.com/rickhanlonii/sta...74730279546895

    -tg
    This is twitter actually funny!

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  10. #10
    Angel of Code Niya's Avatar
    Join Date
    Nov 2011
    Posts
    7,596

    Re: log4j - High vulnerability malware

    Quote Originally Posted by techgnome View Post
    It gets better ... here's the full twitter thread... https://twitter.com/rickhanlonii/sta...74730279546895

    -tg
    Some of those posts are hilarious.
    Treeview with NodeAdded/NodesRemoved events | BlinkLabel control | Calculate Permutations | Object Enums | ComboBox with centered items | .Net Internals article(not mine) | Wizard Control | Understanding Multi-Threading | Simple file compression | Demon Arena

    Copy/move files using Windows Shell | I'm not wanted

    C++ programmers will dismiss you as a cretinous simpleton for your inability to keep track of pointers chained 6 levels deep and Java programmers will pillory you for buying into the evils of Microsoft. Meanwhile C# programmers will get paid just a little bit more than you for writing exactly the same code and VB6 programmers will continue to whitter on about "footprints". - FunkyDexter

    There's just no reason to use garbage like InputBox. - jmcilhinney

    The threads I start are Niya and Olaf free zones. No arguing about the benefits of VB6 over .NET here please. Happiness must reign. - yereverluvinuncleber

  11. #11
    New Member
    Join Date
    Dec 2021
    Posts
    1

    Re: log4j - High vulnerability malware

    New virus

  12. #12

    Thread Starter
    Wall Poster TysonLPrice's Avatar
    Join Date
    Sep 2002
    Location
    Columbus, Ohio
    Posts
    3,670

    Re: log4j - High vulnerability malware

    Quote Originally Posted by Mezer View Post
    New virus
    I don't think it is a virus, it is a vulnerability.
    Please remember next time...elections matter!

  13. #13
    Smooth Moperator techgnome's Avatar
    Join Date
    May 2002
    Posts
    33,804

    Re: log4j - High vulnerability malware

    Nope, not a virus.... just a vulnerability in an existing widely used logging library. Problem is, as soon as one vulnerability is patched, another hole seems to crop up. It's kind of like playing whack-a-mole. Fortunately we patched ours the easy way by simply removing all the references to lof4j ... we weren't using it anyways. We were using the API to interface with another logging system, so we didn't even need the lof4j references, so we yoinked them out and that's that. Based on the chatter though it sounds like some our sister systems weren't quite so fortunate. O.o


    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width