[Lex Computer & Tech Group/LCTG] Log4j

Robert Primak bobprimak at yahoo.com
Sun Dec 26 23:57:00 PST 2021 

 "What is Log4j?"

"Log4J is a widely used Java library for logging error messages in applications. It is used in enterprise software applications, including those custom applications developed in-house by businesses, and forms part of many cloud computing services."
Log4j zero-day flaw: What you need to know and how to protect yourself
https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/ 
This is not to say it can never show up on personal computers and laptops. Just that this is not common.
If it is on a personal computer or laptop, it likely has some sort of corresponding component in the Cloud. Either way, you cannot by yourself correct for both ends of the problem. 
-- Bob Primak

    On Sunday, December 26, 2021, 04:25:35 PM EST, Smita Desai <smitausa at gmail.com> wrote:  
 
 Mine is a personal laptop and does not connect to any domain. 
Smita Desai 

Sent from my iPhone

On Dec 26, 2021, at 4:01 PM, Robert Primak <bobprimak at yahoo.com> wrote:



 It is not in stand-alone home or Pro versions of Windows. Unless you are connecting to an Enterprise Domain, you do not have the affected file(s), and your computer does not do the logging which uses the vulnerable logging.
-- Bob Primak

    On Sunday, December 26, 2021, 02:51:51 PM EST, Smita Desai <smitausa at gmail.com> wrote:  
 
 
Log4j#yiv6915267815 #yiv6915267815 -- filtered {}#yiv6915267815 filtered {}#yiv6915267815 filtered {}#yiv6915267815 p.yiv6915267815MsoNormal, #yiv6915267815 li.yiv6915267815MsoNormal, #yiv6915267815 div.yiv6915267815MsoNormal {margin:0in;font-size:11.0pt;font-family:sans-serif;}#yiv6915267815 a:link, #yiv6915267815 span.yiv6915267815MsoHyperlink {color:blue;text-decoration:underline;}#yiv6915267815 span.yiv6915267815EmailStyle20 {font-family:sans-serif;color:windowtext;font-weight:normal;font-style:normal;}#yiv6915267815 .yiv6915267815MsoChpDefault {font-size:10.0pt;}#yiv6915267815 filtered {}#yiv6915267815 div.yiv6915267815WordSection1 {}#yiv6915267815 
Yes, I agree that there is nothing – the end user – can do to eliminate this bug, we can make sure to install patches and fixes as soon a s they are available. However, I do think that it will affect all machines with all OSes. I did a cursory – cursory since did not check the version – look at my Windows 10 computers and found it to be part of MATLAB and MS SQL Server (maybe due to Azure components). 

  

To find which apps use it, search for log4j*.jar on the root drive. That is C: drive on Windows. Jar files – Java Archives - are libraries (or DLLs in Windows) and this one was created and maintained by Apache. So if anyone is running Apache Tomcat – the web server – they would be potentially affected.

  

Log4j also affects LDAP (Light Directory Access Protocol), which is commonly used to retrieve user data and attributes, so applications using LDAP may also be affected.  

  

Here is a link to s guidance on this issue. At the bottom, is a link to list of affected products (a who is who of tech).

  

And this is still unfolding, so stay tuned.

  

Smita Desai

  

From: Robert Primak <bobprimak at yahoo.com> 
Sent: Sunday, December 26, 2021 11:40 AM
To: Smita Desai <smitausa at gmail.com>; Lex Computer Group <lctg at lists.toku.us>
Subject: Re: [Lex Computer & Tech Group/LCTG] Log4j

  

  

This is not an issue the home user can fix. It's on the servers for a number of popular web based services. It's not in Windows.

  

-- Bob Primak 

  

On Saturday, December 25, 2021, 10:48:07 AM EST, Smita Desai <smitausa at gmail.com> wrote: 

  

  

Fun at our expense…

https://log4jmemes.com/

Enjoy,

Smita Desai

  

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/private.cgi/lctg-toku.us
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to bobprimak at yahoo.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com
   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20211227/596fcf56/attachment.html>

More information about the LCTG mailing list