Notices tagged with log4j

LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 20-Feb-2022 17:47:58 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

A member of the #log4j team talks about #log4shell and their patching process https://therecord.media/the-apache-log4j-team-talks-about-the-log4shell-patching-process/ [therecord media]

He's clearly been coached in avoiding making any sensational or upsetting statements. I wish more of us got such coaching.
In conversation Sunday, 20-Feb-2022 17:47:58 UTC from web permalink
Attachments
1. The Apache Log4j team talks about the Log4Shell patching process
  
  from @campuscodi
  
  The Record spoke with Christian Grobmeier, a member of the Apache Logging team and one of the developers who maintain the Log4j library.
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 15-Jan-2022 20:36:33 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
in reply to
- GeniusMusing
The other thing that concerns me about these systems is when some library ( #log4j for example ) has a security vulnerability. If your software is locked up inside of these containers, that means each one will need to publish an update and get you to download it when it could all be updated at once with your system updater.

In conversation Saturday, 15-Jan-2022 20:36:33 UTC from web permalink
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 12-Jan-2022 19:07:03 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

It starts. #Cybercriminals using #log4j vulnerabilities to penetrate virtualization systems. https://www.cyberscoop.com/chinese-hackers-log4j-night-sky-ransomware-microsoft/ [www cyberscoop com]
In conversation Wednesday, 12-Jan-2022 19:07:03 UTC from web permalink
Attachments
1. Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns - CyberScoop
  
  from AJ Vicens
  
  A China-based ransomware operator has been exploiting a vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service, Microsoft analysts reported Monday. The findings point toward attacks on VMWare Horizon, an application that allows remote users access to virtual computers and servers. Successful attacks have led to the deployment of ransomware via a hacking campaign that calls itself Night Sky. The group behind this effort has previously deployed other ransomware strains, including LockFile, AtomSilo, and Rook, the Microsoft researchers reported. This new campaign, which dates back to Jan. 4 — even though the VMWare Horizon exploitation at the hands of the Log4j vulnerability was spotted toward the end of December — relies in part on spoofed domains made to look as though they’re associated with known technology firms such as TrendMicro, Sophos, Nvidia, and Rogers. VMware issued guidance on remediation on Dec. 14, less than a week after […]
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 23-Dec-2021 13:30:39 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

https://gleasonator.com/objects/d9043839-33b7-4ddf-ae84-8472177f88c3

Deavmi releases DLog, a logging library for #DLang. Hopefully, he's taken care not to do things the way #Log4J does. I mean, there are several log4* projects that use a similar API, but AFAIK, only the Java library is causing these problems right now. So #DLog could probably serve as the Log4D equivalent without having all the same flaws.

In conversation Thursday, 23-Dec-2021 13:30:39 UTC from web permalink
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 18-Dec-2021 10:38:13 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

https://thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html

#log4j ... 3rd emergency patch issued
In conversation Saturday, 18-Dec-2021 10:38:13 UTC from mustard permalink
Attachments
1. Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability
  
  from https://www.facebook.com/thehackernews
  
  Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 12-Dec-2021 19:26:55 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}

#Android apps updating. #F-Droid presented me with 34 updates. Likely due to #log4j vulnerability.

In conversation Sunday, 12-Dec-2021 19:26:55 UTC from mustard permalink
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 11-Dec-2021 17:47:40 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
- Federati Networks
- Open Source Playground
For the record, !fnetworks does not run any #Java software, nor is the JVM installed on any Federati server.

The same applies for !OSP.

I have not yet grepped logs for #log4j exploitation attempts, but other server admins report multiple log entries.

In conversation Saturday, 11-Dec-2021 17:47:40 UTC from mustard permalink
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 11-Dec-2021 04:41:51 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
in reply to
- GeniusMusing
- clacke: looking for something 🇸🇪🇭🇰💙💛
@geniusmusing

Believed affected: * cloud platforms
* enterprise applications ( which are often written in #Java )
* Minecraft ( which was where the #log4j flaw was discovered )
* #Android apps ( noted by @clacke )

Possibly, other "log4" libraries may have a similar flaw.

In conversation Saturday, 11-Dec-2021 04:41:51 UTC from web permalink
Douglas A. Whitfield (musicman@nu.federati.net)'s status on Monday, 14-Jun-2021 14:55:52 UTC Douglas A. Whitfield

I’ve got a customer with what looks like a character encoding issue in either #elasticsearch or #fluentd.

Here’s the message:
2021-06-08 17:05:50 +0800 [warn]: #0 dump an error event: error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error=“400 - Rejected by Elasticsearch [error type]: mapper_parsing_exception [reason]: ‘failed to parse field [message] of type [text] in document with id ‘fPHe6nkBSuYtlT3W3H56’. Preview of field’s value: ‘’’” location=nil tag=“app.was-aiahk-intranet-prod-aiab-app1-SystemOut” time=2021-06-08 17:05:14.438022000 +0800 record=
{“message”=>"[6/8/21 14:37:39:438 CST] 000000f6 SystemOut O {call bunch of nulls and some sensitive data,‘CANTONESE’)}

I can’t tell at what point it is being recognized as Cantonese. Maybe that’s a metadata field. They gave what they claim is a fluentd config, but it doesn’t mention anything about character encoding. I’m waiting for their #log4j config.

Any thoughts? Thanks!

In conversation Monday, 14-Jun-2021 14:55:52 UTC from web permalink
Douglas A. Whitfield (musicman@nu.federati.net)'s status on Friday, 19-Jun-2020 22:01:53 UTC Douglas A. Whitfield

just marked my first customer issue resolved on my new team. It's always frustrating when a customer doesn't get back to you, but it's been over a week and I've checked in, so I am calling it done.

In any case, I told him the answer in my first response, he just didn't like it. I mean, #log4j may well be a better longterm solution for them, but it doesn't do exactly what they asked like my first response.

In conversation Friday, 19-Jun-2020 22:01:53 UTC from web permalink

Public

Notices tagged with log4j

Feeds