log4j

For general computer discussion & help, come here

Moderators: Bakhtosh, EvilHomer3k

Post Reply
User avatar
Jaymon
Posts: 3006
Joined: Wed Sep 10, 2008 12:51 pm

log4j

Post by Jaymon »

Damn you log4j. This was supposed to be a nice and slack week. easy easy, nobody at work, just watch some videos and eat christmas cookies. but noooo, somebody had to go and vulnerability the entire god damn internet, and now I have to work my ass off.

stupid hackers, we hates them.
Bunnies like beer because its made from hops.
User avatar
telcta
Posts: 1113
Joined: Mon Dec 20, 2004 3:47 pm
Location: Connecticut

Re: log4j

Post by telcta »

It was this time last year I was wrapping up my job and retiring. I can't imagine getting hit with this now during the holidays. We have a few products that have log4j heavily embedded... my co-worker has basically shut everything down and will only run some services when using a VPN.

He said the only good thing that came out of this is: https://log4jmemes.com/

This would be me...
Enlarge Image
User avatar
hepcat
Posts: 51302
Joined: Wed Oct 13, 2004 3:02 pm
Location: Chicago, IL Home of the triple homicide!

Re: log4j

Post by hepcat »

I’ve deployed updated war files twice in 3 days over this exploit. Thankfully, we’re moving away from deployments using log4j though, so it’s just some legacy systems.
Covfefe!
User avatar
Zaxxon
Forum Moderator
Posts: 28118
Joined: Wed Oct 13, 2004 12:11 am
Location: Surrounded by Mountains

Re: log4j

Post by Zaxxon »

It's a pain in the ass.
User avatar
coopasonic
Posts: 20968
Joined: Fri Mar 04, 2005 11:43 pm
Location: Dallas-ish

Re: log4j

Post by coopasonic »

Yup, last week was supposed to be the quiet week, after the implementation freeze and before everyone started their vacations. Haha, nah, how about one of the biggest fire drills we have ever seen instead?

Jenkins was crying for mercy all week.
-Coop
Black Lives Matter
malchior
Posts: 24794
Joined: Wed Oct 13, 2004 12:58 pm

Re: log4j

Post by malchior »

The good thing is we got to practice updating it multiple times. It has to be finally fixed now, right? :doh:
User avatar
hitbyambulance
Posts: 10233
Joined: Wed Oct 13, 2004 3:51 am
Location: Map Ref 47.6°N 122.35°W
Contact:

Re: log4j

Post by hitbyambulance »

i remember using this in my Java certification class
User avatar
gilraen
Posts: 4312
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: log4j

Post by gilraen »

The Apache library version that we use in our software is so old, it's actually not affected by the exploit. Win!
User avatar
naednek
Posts: 10866
Joined: Tue Oct 19, 2004 9:23 pm

Re: log4j

Post by naednek »

gilraen wrote: Wed Dec 22, 2021 3:06 pm The Apache library version that we use in our software is so old, it's actually not affected by the exploit. Win!
hah same boat here.

Our linux guy is soaking that up.

We have found 30 + servers so far.
hepcat - "I agree with Naednek"
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: log4j

Post by Pyperkub »

Jaymon wrote:Damn you log4j. This was supposed to be a nice and slack week. easy easy, nobody at work, just watch some videos and eat christmas cookies. but noooo, somebody had to go and vulnerability the entire god damn internet, and now I have to work my ass off.

stupid hackers, we hates them.
Last year it was the SolarWinds hack. The slack weeks around the holidays don't apply anymore.
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
Post Reply