log4j CVE-2021-44228

Big_Bend

Poster Extraordinaire
Joined
Feb 19, 2010
Posts
7,362
Age
58
Location
Houston, TX
Holy cow! I've been in corporate IT for 35 years and I've never seen anything like this.



log4j is a java library, and this flaw is allowing every hacker wannabe to easily hack into over 3 billion devices. Huge level 10 zero day exploit.

I work for an investment firm, its all chaos, massive all hands on deck as we research the progress of patches needed to secure our systems.

Funny this all started with Mindcraft, now its everywhere.

Anyone else dealing with this...

This is going to be really bad.
 

aging_rocker

Friend of Leo's
Joined
May 8, 2019
Posts
4,048
Location
Aotearoa
Yeah, it's been keeping me busy for the last few days. Potentially devastating for some.

Luckily, we (govt department) don't seem to have much vulnerability to this, but explaining all that to (some) managers can be a challenge...
 

dankilling

Tele-Afflicted
Silver Supporter
Joined
Oct 28, 2014
Posts
1,700
Location
Lehigh Valley, PA
Funny that Mojang issued a patch in hours and we are still waiting for one from the big players in the IT market space
 

ghostchord

Tele-Holic
Joined
Aug 5, 2020
Posts
880
Age
53
Location
Vancouver, BC, Canada
Yeah some headaches over here as well. I don't think this is the worst one I've seen by any means. There have been a few over the years. To exploit it you do need to be able to inject specific text into the logger. This is only log4j2 there's plenty of unaffected log4j1 around. But yeah, it's not fun. The more scary thing is there's probably an infinite number of similar issues we just don't know about.
 

HoodieMcFoodie

Telefied
Ad Free Member
Joined
Oct 22, 2007
Posts
22,114
Age
60
Location
Tamworth, 'straya.
download.jpg
 




Top