[Info-vax] Issues now found in log4j version 1
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Wed Feb 9 08:28:56 EST 2022
On 2022-02-08, Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 2/8/2022 1:28 PM, Simon Clubley wrote:
>> On 2022-02-08, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>>
>>> You mean Windows event log, *nix syslog, VMS various (operator log,
>>> audit log etc.)?
>>
>> Yes. Those do processing of untrusted data and could be nice targets
>> for probing, especially those that can be reached via a network port.
>>
>> If previous security events are anything to go by, there's now going
>> to be a good number of people looking at logging in general now that
>> researchers have had a high-profile success with log4j.
>
> Likely.
>
> But I suspect they will not do as much crazy stuff as log4j.
>
There are many different kinds of "crazy", Arne. :-)
Will be interesting to see what turns up.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list