Jump to content

Cybersecurity problem


xsubsailor

Recommended Posts

This doesn't mean diddly squat to me but there seems to be a lot of people really excited about it. Maybe someone who speaks the language can explain in layman's terms. icon-confused.gif

A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. 

https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/

Link to comment
  • Replies 8
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Apache is the most used web server (which runs web sites) in the world.  Many of those use Log4j to log error messages.  As an end user, you don't have control over what's in the cloud and have to trust the vendors to patch the web server.

You can also find web servers in internet connected appliances like routers and TVs.  So it's probably a good idea to update them.  On the PC side of things, unless you are a developer, you normally won't have Log4j running on a computer. 

Link to comment
13 minutes ago, billmeek said:

Apache is the most used web server (which runs web sites) in the world.  Many of those use Log4j to log error messages.  As an end user, you don't have control over what's in the cloud and have to trust the vendors to patch the web server.

You can also find web servers in internet connected appliances like routers and TVs.  So it's probably a good idea to update them.  On the PC side of things, unless you are a developer, you normally won't have Log4j running on a computer. 

Thanks

Link to comment

I just patched a server today for it. My co-worker did another. A third is slated for tomorrow.

This Log4j is in the back end of lots of servers that run web pages for one. So if they get hacked the hacker might have access to the database they run off of or other servers containing key info. For instance the one I patched today could have interfaced with your ATM card in the past. 

I think the big deal is this is very widespread, but is not a software someone installed. It got loaded with other software and people may not even know it is running. We have been running a special scan to find any other machines running it. 

Link to comment
On 12/14/2021 at 4:17 PM, billmeek said:

Apache is the most used web server (which runs web sites) in the world.  Many of those use Log4j to log error messages.  As an end user, you don't have control over what's in the cloud and have to trust the vendors to patch the web server.

You can also find web servers in internet connected appliances like routers and TVs.  So it's probably a good idea to update them.  On the PC side of things, unless you are a developer, you normally won't have Log4j running on a computer. 

So is a software update the best way to guard against this then? I'm not computer savvy to really understand this stuff. It sounds like it more affects companies that use the vulnerability?

Link to comment
  • Administrator
43 minutes ago, Eggplant said:

So is a software update the best way to guard against this then? I'm not computer savvy to really understand this stuff. It sounds like it more affects companies that use the vulnerability?

This one really isn't a problem for the average computer user at home to worry about.

Link to comment

The biggest concern for a home user is that companies on the Internet are often lax in updating/patching their software.  So it's very likely that some end-user private data may be exposed.  My advice would be to avoid using a debit card online and not use echeck/bank draft either.  As much as I detest credit cards, they usually have much better protection in case of fraud.  Use a credit card if you must make online purchases.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

TRADING POST NOTICE

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions.

TGO makes no claims, guarantees or assurances regarding any such transactions.

THE FINE PRINT

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

TNGunOwners.com (TGO) is not a lobbying organization and has no affiliation with any lobbying organizations.  Beware of scammers using the Tennessee Gun Owners name, purporting to be Pro-2A lobbying organizations!

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines
 
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.