Tweet
Bwaaaaahahahahahahha this is not fun. Cisco on top of it so thats nice. APC/Schneider? Hahaha what patch?
-
vindicta inducit ad salutem? -
FML -
Comment
-
Comment
-
Total clusterflock fire drill here…MAGA - drain the swamp^D^D^D^D^Dcesspool!
Proud deplorable wacist!
#NotMyStateGovernment!
Just remember BAMN - there is no level too low for them to stoop!
COVID survivor - ain?t gonna get pricked!Comment
-
I take it back. We had two Samsung Tizen TVs that needed an updateComment
-
That’s just it. It’s random crap. Have to dig into everything that has a web interface and see if it’s Apache based or Tomcat or whatever. Stupid stuff like serial over IP devices, etc. We have a ton of TVs all over but we don’t connect them to any networks, but still we are going through them. The ASAs and Cisco phone stuff had to be updated. Still looking into the Meraki and Cradlepoint stuff.
In my old office I had a poster with the Java logo crossed out and a big ol “NO JAVA” on it. I Fn HATE Java. Always have. It’s garbage. Always has been.vindicta inducit ad salutem?Comment
-
Cisco provided a list of non-affected products. Certain ASA and meraki is on that listRIP iTrader: Feedback Profile for L4DComment
-
Still in progress. We had a security appliance have an issue that the Vendor had to emergency patch. Now to do all the apps. Total Java based shop!sigpic
Application submitted: 1/3/22
Appointment: 2/3/22
Live Scan : 2/3/22
Proceed to Training: 5/31/22
Training Completed: 7/9/22
Document Uploaded: 7/10/22
CCW approved: 7/20/22
CCW picked up: 7/27/22
Utah Non-Res CCW 8/31/22Comment
-
Comment
-
I thought log4j was used to log activities? Why would my Sony TV (Android) be logging anything?#NotMyPresident
#ArrestFauci
sigpicComment
-
For app developers. In the .Net case, I can only assume it was included to adhere to the CLR spec for ability to log to files.Comment
-
Most things are logged all the time, for tech troubleshooting if nothing else. Thats why I never believe any of the VPN companies saying they don't keep logs. Yeah right, otherwise how else would they know how their system is performing. Theres always logs. You can dump the logs to null but still, logging is happening...vindicta inducit ad salutem?Comment
-
-
I'm waiting for the indirect log4j exploits where people cause upstream systems that aren't even remotely related to the Java frameworks to generate events that flow downstream to some app or a logging server or SIEM that is still vulnerable and ends up processing the event to make the jdni callout for the payload.
Based on response to this CVE, I also anticipate this will have post-incident changes, specifically consideration for SSL decryption in organization or institutions that lean towards privacy and have been hesitant to go that route for security controls.
Distinguished Rifleman #1924
NRA Certified Instructor (Rifle and Metallic Cartridge Reloading) and RSO
NRL22 Match Director at WEGC
https://www.ocabj.netComment
There are currently 3779 users online. 184 members and 3595 guests.
Most users ever online was 65,177 at 8:20 PM on 09-21-2024.
Comment