1. Forum
  2. Usenet
  3. COMP.SYS.MAC.SYSTEM

  • OT-ish: Apache Log4J attack

    From Alan Browne@21:1/5 to All on Mon Dec 13 17:10:45 2021
    Several government sites in Quebec are down - couldn't get into the
    ClicSecure gate today ...

    https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html

    Suggested action
    ----------------
    The Cyber Centre encourages those organizations with applications
    leveraging Apache Log4j to:

    Upgrade to Log4j version 2.15.0 where possible.
    Apply the suggested workarounds from Apache if upgrading is not
    immediately possible.
    Check logs for signs of compromise.


    Mitigation
    ----------
    Apache recommends the following mitigations if patching cannot be
    immediately performed: Footnote1

    In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by
    setting the system property “log4j2.formatMsgNoLookups” to “true”.

    Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS”
    can be set to “true” in order to mitigate this behavior.

    For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath by running the following command.
    “zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class”


    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Steven@21:1/5 to Alan Browne on Tue Dec 14 00:31:59 2021
    On Monday, December 13, 2021 at 3:10:50 PM UTC-7, Alan Browne wrote:
    Several government sites in Quebec are down - couldn't get into the ClicSecure gate today ...

    https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html

    Suggested action
    ----------------
    The Cyber Centre encourages those organizations with applications
    leveraging Apache Log4j to:

    Upgrade to Log4j version 2.15.0 where possible.
    Apply the suggested workarounds from Apache if upgrading is not
    immediately possible.
    Check logs for signs of compromise.


    Mitigation
    ----------
    Apache recommends the following mitigations if patching cannot be immediately performed: Footnote1

    In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by setting the system property “log4j2.formatMsgNoLookups” to “true”.

    Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS” can be set to “true” in order to mitigate this behavior.

    For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath by running the following command.
    “zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class”


    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens


    Time to blame the herd! Can you get a little less dense?

    Ha, ha!

    Apd can only speculate from the viewpoint of a sociopath.


    --
    Do not click this link!! https://ftp.cdc.gov/pub/health_Statistics/nchs/Software/mmds/2009/spell/mmds_spell.txt
    https://search.givewater.com/serp?q=%22functional%20illiterate%20fraud%22 <https://www.whitepages.com/phone/1-423-491-1448>
    Dustin Cook is a functionally illiterate fraud

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From HHI@21:1/5 to Alan Browne on Tue Dec 14 01:19:16 2021
    On Monday, December 13, 2021 at 3:10:50 PM UTC-7, Alan Browne wrote:
    Several government sites in Quebec are down - couldn't get into the ClicSecure gate today ...

    https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html

    Suggested action
    ----------------
    The Cyber Centre encourages those organizations with applications
    leveraging Apache Log4j to:

    Upgrade to Log4j version 2.15.0 where possible.
    Apply the suggested workarounds from Apache if upgrading is not
    immediately possible.
    Check logs for signs of compromise.


    Mitigation
    ----------
    Apache recommends the following mitigations if patching cannot be immediately performed: Footnote1

    In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by setting the system property “log4j2.formatMsgNoLookups” to “true”.

    Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS” can be set to “true” in order to mitigate this behavior.

    For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath by running the following command.
    “zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class”


    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens


    Which do you think is the better troll? Shadow or Michael Glasser Snit?
    I vote for Michael Glasser Snit; only because he occasionally does figure
    out what he is told, even if, sadly, he forgets it sometimes moments later.

    Are people still debating this?

    Plenty of people persist in talking to Michael Glasser Snit. I do not blame Shadow for his hissy fit but, frankly, I don't figure out why he writes
    here now that he gets what this place is. Shadow is focused on dialog as
    done in a moderated forum and trolling environments bother him too much.
    Both Einstein and Michael Glasser Snit had their successes and their pickles. One played it well and didn't do anything too shocking that could not be obfuscated with a larger scandal.


    --
    Get Rich Slow https://www.google.com/search?q=dustin+cook%3A+functionally+illiterate+fraud https://www.zillow.com/homedetails/108-Warrior-Dr-Kingsport-TN-37663/42459578_zpid/
    Dustin Cook the Fraud

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From HHI@21:1/5 to Alan Browne on Tue Dec 14 03:26:40 2021
    On Monday, December 13, 2021 at 3:10:50 PM UTC-7, Alan Browne wrote:
    Several government sites in Quebec are down - couldn't get into the ClicSecure gate today ...

    https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html

    Suggested action
    ----------------
    The Cyber Centre encourages those organizations with applications
    leveraging Apache Log4j to:

    Upgrade to Log4j version 2.15.0 where possible.
    Apply the suggested workarounds from Apache if upgrading is not
    immediately possible.
    Check logs for signs of compromise.


    Mitigation
    ----------
    Apache recommends the following mitigations if patching cannot be immediately performed: Footnote1

    In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by setting the system property “log4j2.formatMsgNoLookups” to “true”.

    Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS” can be set to “true” in order to mitigate this behavior.

    For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath by running the following command.
    “zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class”


    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens


    For most I'd just say it is dubious. Of course, given that it's Snit sock
    Snit Michael Glasser I would forget that step and go straight to 'lie'
    because that's most of what Snit sock Snit Michael Glasser does. Just call
    it a lie and watch him beg you to prove it. If Snit sock Snit Michael Glasser calls getting his ass *kicked hard* every single day by everyone successful 'trolling', then no doubt... he is a fine troll. I do not go along with
    that definition, I use another term. I call Snit sock Snit Michael Glasser
    a perfect dork. Snit sock Snit Michael Glasser's posts are nothing but
    a senseless prattle. And given how repeatedly it is clear that Snit sock
    Snit Michael Glasser's signature is some distortion of an observation
    Just Wondering wrote which had been a thrashing on Snit sock Snit Michael Glasser for something he did which was brainless/false/etc... its undoubtedly a daily gesture of Snit sock Snit Michael Glasser's lingering butthurt
    for having been so routinely defeated: Snit sock Snit Michael Glasser is undeniably unable of dealing with this group.

    You installed and read multiple reviews and your "diagnostic abilities"
    lead you to that conclusion, and... In Snit sock Snit Michael Glasser's
    case, I, and many "trolls", had pointed to things Snit sock Snit Michael Glasser said and did, he denied them. What Snit sock Snit Michael Glasser could not deny was people sharing such stories, which is how he ended up
    with his list, of course. No no hell no. He never agreed to stop trolling.
    He lied about his trolling which surprised nobody.

    --
    E-commerce Simplified! https://www.bing.com/search?q=Steve%20Petruzzellis%20narcissistic%20bigot https://www.google.com/search?q=Steve+Petruzzellis+the+narcissistic+bigot Dustin Cook: Functionally Illiterate Fraud

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)