SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Log4j -- The Internet is on fire. HUGE global security vulnerability.
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
Log4j -- The Internet is on fire. HUGE global security vulnerability. Login/Join 
Shit don't
mean shit
posted Hide Post
I'm fixing this on my work servers as we type. Some of my systems they don't even have fixes for....yet.
 
Posts: 5835 | Location: 7400 feet in Conifer CO | Registered: November 14, 2006Reply With QuoteReport This Post
Member
posted Hide Post
quote:
Originally posted by sigmonkey:
Checked the list.

sigmonkey 1.0 retired not vulnerable


Ahh, but did you check the data exfilteration functions of the TrunkMonkey beta app?



 
Posts: 4756 | Registered: July 06, 2005Reply With QuoteReport This Post
A Grateful American
Picture of sigmonkey
posted Hide Post
Yes. TrunkMonkey went Silver long ago, and is in use in several applications, mainly classic Buick, Street Rod, and drag racing forums.




"the meaning of life, is to give life meaning" Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב!
 
Posts: 44688 | Location: ...... I am thrice divorced, and I live in a van DOWN BY THE RIVER!!! (in Arkansas) | Registered: December 20, 2008Reply With QuoteReport This Post
Serenity now!
Picture of 4x5
posted Hide Post
My manager woke me up at 7:30 am Saturday to get on it.



Ladies and gentlemen, take my advice - pull down your pants and slide on the ice.
ʘ ͜ʖ ʘ
 
Posts: 4950 | Location: Highland, UT | Registered: September 14, 2006Reply With QuoteReport This Post
Ammoholic
Picture of Skins2881
posted Hide Post
I assume this is the same as the log 4 shell one from a few days ago?



Jesse

Sic Semper Tyrannis
 
Posts: 21336 | Location: Loudoun County, Virginia | Registered: December 27, 2014Reply With QuoteReport This Post
Member
Picture of maladat
posted Hide Post
quote:
Originally posted by Skins2881:
I assume this is the same as the log 4 shell one from a few days ago?


Log4shell is what they've taken to calling the exploit, which occurs in the Log4j library.

While Java certainly has its history of security vulnerabilities, blaming Java for an exploit in a third-party library seems a little iffy.
 
Posts: 6320 | Location: CA | Registered: January 24, 2011Reply With QuoteReport This Post
I Deal In Lead
Picture of Flash-LB
posted Hide Post
quote:
Originally posted by 4x5:
My manager woke me up at 7:30 am Saturday to get on it.



You're in bed at 7:30AM? That's the best part of the day wasted.
 
Posts: 10626 | Location: Gilbert Arizona | Registered: March 21, 2013Reply With QuoteReport This Post
Seeker of Clarity
Picture of r0gue
posted Hide Post
quote:
Originally posted by ensigmatic:
In the router, or in the Ubiquiti UniFi Network framework? Near as I've been able to tell, only in the latter. E.g.: My Ubiquiti ERL is not vulnerable..


In my UDM-Pro. Which is my network router, amongst other things.

https://community.ui.com/quest...16-ae76-17942539208c




 
Posts: 11468 | Registered: August 02, 2004Reply With QuoteReport This Post
I run trains!
Picture of SigM4
posted Hide Post
Yep, our third party timekeeping system at work went down on Monday, being told it’s going to be a while before it’s back. In the mean time we’re back to spreadsheet tracking of our team member’s time.



Success always occurs in private, and failure in full view.

Complacency sucks…
 
Posts: 5432 | Location: Wichita, KS (for now)…always a Texan… | Registered: April 14, 2006Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by r0gue:
quote:
Originally posted by ensigmatic:
In the router, or in the Ubiquiti UniFi Network framework? Near as I've been able to tell, only in the latter. E.g.: My Ubiquiti ERL is not vulnerable..

In my UDM-Pro. Which is my network router, amongst other things.

Oh. Because it includes the UniFi network management cruft, I'm guessing?



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26029 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
McNoob
Picture of xantom
posted Hide Post
Yep got called at midnight Saturday to make an assessment. Luckily we were not greatly impacted by this in our work unit.




"We've done four already, but now we're steady..."
 
Posts: 1868 | Location: MN | Registered: November 20, 2013Reply With QuoteReport This Post
Seeker of Clarity
Picture of r0gue
posted Hide Post
quote:
Originally posted by ensigmatic:
quote:
Originally posted by r0gue:
quote:
Originally posted by ensigmatic:
In the router, or in the Ubiquiti UniFi Network framework? Near as I've been able to tell, only in the latter. E.g.: My Ubiquiti ERL is not vulnerable..

In my UDM-Pro. Which is my network router, amongst other things.

Oh. Because it includes the UniFi network management cruft, I'm guessing?


Yeah, at the root screen there's a way to click into Network, and a way to click into Protect. I mean. Usually.... When AWS isn't down. Which it is. And thus I cannot do yet another upgrade that is needed. Now to 6.5.55. I did 6.5.54 yesterday.

https://community.ui.com/releases

I'm going to move to a cave. Technology owns me.




 
Posts: 11468 | Registered: August 02, 2004Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Log4j -- The Internet is on fire. HUGE global security vulnerability.

© SIGforum 2024