Article

2021-12-18 Cyber

Log4j Chatter: What Threat Actors Are Sharing About the Log4Shell Vulnerability

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by newc 2021-12-18 00:00|| || Front Page|| [7 views ] Top

#1 1. Why is the IT staff lazy?
2. Why doesn't GitHub sieve their own content?
3. why is there no AI monitoring forums?
4. Ad for Flashpoint.

Posted by Skidmark 2021-12-18 01:03|| 2021-12-18 01:03|| Front Page Top

#2 Basically: a widely used bit of shared code has a feature that makes it easy to open access to the computer running it. That feature, for some reason, was enabled for everyone rather than requiring the few people who wanted it to enable it for themselves.

In the last week and a half, most of the software using that shared code -- and a lot that doesn't -- has been updated so that feature is disabled. I've personally burnt half the week on it, despite none of the projects I'm responsible for using the vulnerable code.

The only consumer application I'm aware of that uses the code is Java Minecraft, and updates for it and its various utilities went out the first night after the vulnerability was announced.

Posted by Rob Crawford 2021-12-18 05:08|| 2021-12-18 05:08|| Front Page Top

#3 That does help, Rob. Thank you for explaining, and also for being part of the crew keeping the internet safe for us end-users.

Posted by trailing wife 2021-12-18 19:12|| 2021-12-18 19:12|| Front Page Top

#4 Apache is used too many places.
I looked in my linux apps... lots of apache code re-used for who the hell knows what.

Posted by 3dc 2021-12-18 20:03|| 2021-12-18 20:03|| Front Page Top

#5 It is used in a lot of Java-based business applications I'm afraid. Even if it is not used directly, a library which you app uses might use it. The Minecraft server is just one example - and it is just game.
For example a widely used application server, karaf, uses it. A 'patched' version is due out in the next day or two. in the meantime a lot of business had to go and explicitly disable the 'feature'.
There is also a lot of scanning and looking for the exploit going on the internet according those who monitor such things.

Code these days are build much like a house of cards and if one of the cards get wet and folds.

Posted by CrazyFool 2021-12-18 22:34|| 2021-12-18 22:34|| Front Page Top