-
Dec 11th, 2021, 06:23 AM
#1
log4j - High vulnerability malware
This might be the Covid-19 of the internet...
https://www.theverge.com/2021/12/10/...ro-day-exploit
https://www.pcmag.com/news/countless...ro-day-exploit
I take it to be a way to inject malicious code via a error logging application common in JAVA apps. There is already a fix at the highest levels. It is a matter of getting everyone "vaccinated".
Please remember next time...elections matter!
-
Dec 11th, 2021, 07:33 AM
#2
Re: log4j - High vulnerability malware
The good part is that log4net is *not* impacted by the JNDI debacle so. . . waiting for the next CVE here.
cheers,
</wqw>
-
Dec 13th, 2021, 08:32 AM
#3
Re: log4j - High vulnerability malware
Oh my. I wonder if Windows uses this anywhere in it's guts. I know that some software requires a Java installation on Windows so it's possible. Maybe it's time for me to trigger a Windows Update.
-
Dec 15th, 2021, 01:38 PM
#4
Re: log4j - High vulnerability malware
We are affected by this and are scrambling with fixes. I don't know the details. I'm not in that area.
Please remember next time...elections matter!
-
Dec 16th, 2021, 05:02 AM
#5
Re: log4j - High vulnerability malware
We're getting lots of customers asking if we're affected. We're not but some of them really seem to want us to be.
The best argument against democracy is a five minute conversation with the average voter - Winston Churchill
Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd
-
Dec 16th, 2021, 10:57 AM
#6
Re: log4j - High vulnerability malware
-
Dec 16th, 2021, 11:18 AM
#7
Re: log4j - High vulnerability malware
LMAO... That is so funny.
-
Dec 16th, 2021, 02:03 PM
#8
Re: log4j - High vulnerability malware
It gets better ... here's the full twitter thread... https://twitter.com/rickhanlonii/sta...74730279546895
-tg
-
Dec 17th, 2021, 06:08 AM
#9
Re: log4j - High vulnerability malware
Originally Posted by techgnome
This is twitter actually funny!
-
Dec 17th, 2021, 08:40 AM
#10
Re: log4j - High vulnerability malware
Originally Posted by techgnome
Some of those posts are hilarious.
-
Dec 22nd, 2021, 02:32 PM
#11
New Member
Re: log4j - High vulnerability malware
-
Dec 22nd, 2021, 02:36 PM
#12
Re: log4j - High vulnerability malware
Originally Posted by Mezer
New virus
I don't think it is a virus, it is a vulnerability.
Please remember next time...elections matter!
-
Dec 22nd, 2021, 03:09 PM
#13
Re: log4j - High vulnerability malware
Nope, not a virus.... just a vulnerability in an existing widely used logging library. Problem is, as soon as one vulnerability is patched, another hole seems to crop up. It's kind of like playing whack-a-mole. Fortunately we patched ours the easy way by simply removing all the references to lof4j ... we weren't using it anyways. We were using the API to interface with another logging system, so we didn't even need the lof4j references, so we yoinked them out and that's that. Based on the chatter though it sounds like some our sister systems weren't quite so fortunate. O.o
-tg
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|