Clean up his pc: software that go!

Hi-tech electronic and computer equipment and Internet. Better use of electricity, help with the work and specifications, equipment selection. Presentations fixtures and plans. Waves and electromagnetic pollution.
izentrop
Econologue expert
Econologue expert
posts: 13644
Registration: 17/03/14, 23:42
Location: picardie
x 1502
Contact :

Re: Clean up your pc: the software that is going well!




by izentrop » 13/12/21, 23:52

This kind of flaw could happen on this forum for example. Will the passwords need to be changed?
Weird version 2.15 recommended, not available for download? https://logging.apache.org/log4j/log4j- ... nload.html
0 x
jean.caissepas
I posted 500 messages!
I posted 500 messages!
posts: 660
Registration: 01/12/09, 00:20
Location: R.alpes
x 423

Clean up his pc: software that go!




by jean.caissepas » 15/12/21, 22:38

izentrop wrote:This kind of flaw could happen on this forum for example. Will the passwords need to be changed?
Weird version 2.15 recommended, not available for download? https://logging.apache.org/log4j/log4j- ... nload.html


Working in IT (Lead Dev), I have some info:
- You only need to update the LOG4J library of JAVA projects and redeploy them corrected
- Some VPNs written in JAVA need to be updated!
- Other programs based on JAVA (Talend, Eclipse, Jasper Report, ...) and using LOG4J (less risk if inaccessible to the public)

The flaw would allow a remote user to inject - and execute - unwanted code remotely and therefore access files on the server, or worse ...
If text files, PHP, JAVA, Shell contain clear users and password, it is sure that they will have to be changed after updating ALL the vulnerabilities!

A link that talks about it in more detail:
https://www.itespresso.fr/log4shell-ce- ... 61204.html

Link for the fix:
https://logging.apache.org/log4j/2.x/download.html
(to see if a change of JAVA version is necessary on the server)
3 x
Past habits must change,
because the future must not die.
izentrop
Econologue expert
Econologue expert
posts: 13644
Registration: 17/03/14, 23:42
Location: picardie
x 1502
Contact :

Re: Clean up your pc: the software that is going well!




by izentrop » 19/12/21, 01:10

It sucks ... Econology is vaccinated from this flaw :?:
The Log4Shell computer breach that forced the Quebec government to shut down 4000 vulnerable websites last weekend is a real time bomb. It endangers the systems of almost every business and every government on the planet. It risks crippling organizations for months and entertaining hackers for years. Our Investigation Office and our Parliamentary Office spoke with several computer security experts and government sources to better understand the risks of this flaw.
Who is vulnerable?

"It affects everyone," says Patrick Mathieu, the co-founder of Hackfest and specialist in computer security.

All governments, all companies, SMEs, banks, companies offering web services, etc.

Most everyone uses this component, sometimes without even knowing it.

From Google to the local garage, no one is immune.
https://www.journaldequebec.com/2021/12 ... historique
0 x
User avatar
Obamot
Econologue expert
Econologue expert
posts: 28725
Registration: 22/08/09, 22:38
Location: regio genevesis
x 5538

Re: Clean up your pc: the software that is going well!




by Obamot » 19/12/21, 01:24

jean.caissepas wrote:
izentrop wrote:This kind of flaw could happen on this forum for example. Will the passwords need to be changed?
Weird version 2.15 recommended, not available for download? https://logging.apache.org/log4j/log4j- ... nload.html


Working in IT (Lead Dev), I have some info:
- You only need to update the LOG4J library of JAVA projects and redeploy them corrected
- Some VPNs written in JAVA need to be updated!
- Other programs based on JAVA (Talend, Eclipse, Jasper Report, ...) and using LOG4J (less risk if inaccessible to the public)

The flaw would allow a remote user to inject - and execute - unwanted code remotely and therefore access files on the server, or worse ...
If text files, PHP, JAVA, Shell contain clear users and password, it is sure that they will have to be changed after updating ALL the vulnerabilities!

A link that talks about it in more detail:
https://www.itespresso.fr/log4shell-ce- ... 61204.html

Link for the fix:
https://logging.apache.org/log4j/2.x/download.html
(to see if a change of JAVA version is necessary on the server)
Perfect thank you !
0 x

Back to "Electricity, electronics and computers: Hi-tech, Internet, DIY, lighting, materials, and new"

Who is online ?

Users browsing this forum : No registered users and 218 guests