SIGforum
Log4j -- The Internet is on fire. HUGE global security vulnerability.
December 14, 2021, 12:59 PM
1967GoatLog4j -- The Internet is on fire. HUGE global security vulnerability.
I'm fixing this on my work servers as we type. Some of my systems they don't even have fixes for....yet.
December 14, 2021, 01:14 PM
tannerquote:
Originally posted by sigmonkey:
Checked the list.
sigmonkey 1.0 retired not vulnerable
Ahh, but did you check the data exfilteration functions of the TrunkMonkey beta app?
December 14, 2021, 01:50 PM
sigmonkeyYes. TrunkMonkey went Silver long ago, and is in use in several applications, mainly classic Buick, Street Rod, and drag racing forums.
"the meaning of life, is to give life meaning" ✡ Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב! December 14, 2021, 02:15 PM
4x5My manager woke me up at 7:30 am Saturday to get on it.
Ladies and gentlemen, take my advice - pull down your pants and slide on the ice.
ʘ ͜ʖ ʘ December 14, 2021, 02:41 PM
Skins2881I assume this is the same as the log 4 shell one from a few days ago?
Jesse
Sic Semper Tyrannis December 14, 2021, 03:39 PM
maladatquote:
Originally posted by Skins2881:
I assume this is the same as the log 4 shell one from a few days ago?
Log4shell is what they've taken to calling the exploit, which occurs in the Log4j library.
While Java certainly has its history of security vulnerabilities, blaming Java for an exploit in a third-party library seems a little iffy.
December 14, 2021, 04:06 PM
Flash-LBquote:
Originally posted by 4x5:
My manager woke me up at 7:30 am Saturday to get on it.
You're in bed at 7:30AM? That's the best part of the day wasted.
December 14, 2021, 05:16 PM
r0guequote:
Originally posted by ensigmatic:
In the router, or in the Ubiquiti UniFi Network framework? Near as I've been able to tell, only in the latter. E.g.: My Ubiquiti ERL is not vulnerable..
In my UDM-Pro. Which is my network router, amongst other things.
https://community.ui.com/quest...16-ae76-17942539208cDecember 15, 2021, 03:57 AM
SigM4Yep, our third party timekeeping system at work went down on Monday, being told it’s going to be a while before it’s back. In the mean time we’re back to spreadsheet tracking of our team member’s time.
Success always occurs in private, and failure in full view.
Complacency sucks… December 15, 2021, 07:45 AM
ensigmaticquote:
Originally posted by r0gue:
quote:
Originally posted by ensigmatic:
In the router, or in the Ubiquiti UniFi Network framework? Near as I've been able to tell, only in the latter. E.g.: My Ubiquiti ERL is not vulnerable..
In my UDM-Pro. Which is my network router, amongst other things.
Oh. Because it includes the UniFi network management cruft, I'm guessing?
"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher December 15, 2021, 04:28 PM
xantomYep got called at midnight Saturday to make an assessment. Luckily we were not greatly impacted by this in our work unit.
"We've done four already, but now we're steady..." December 15, 2021, 05:12 PM
r0guequote:
Originally posted by ensigmatic:
quote:
Originally posted by r0gue:
quote:
Originally posted by ensigmatic:
In the router, or in the Ubiquiti UniFi Network framework? Near as I've been able to tell, only in the latter. E.g.: My Ubiquiti ERL is not vulnerable..
In my UDM-Pro. Which is my network router, amongst other things.
Oh. Because it includes the UniFi network management cruft, I'm guessing?
Yeah, at the root screen there's a way to click into Network, and a way to click into Protect. I mean. Usually.... When AWS isn't down. Which it is. And thus I cannot do yet another upgrade that is needed. Now to 6.5.55. I did 6.5.54 yesterday.
https://community.ui.com/releasesI'm going to move to a cave. Technology owns me.
