Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Happiness is a hard disk.

computers / comp.sys.mac.system / Re: OT-ish: Apache Log4J attack

SubjectAuthor
* OT-ish: Apache Log4J attackAlan Browne
+- Re: OT-ish: Apache Log4J attackSteven
+- Re: OT-ish: Apache Log4J attackHHI
`- Re: OT-ish: Apache Log4J attackHHI

1
OT-ish: Apache Log4J attack

<GxPtJ.54166$KV.18108@fx14.iad>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=13419&group=comp.sys.mac.system#13419

  copy link   Newsgroups: comp.sys.mac.system
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.dns-netz.com!news.freedyn.net!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx14.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:91.0)
Gecko/20100101 Thunderbird/91.4.0
Newsgroups: comp.sys.mac.system
Content-Language: en-US
From: bitbuc...@blackhole.com (Alan Browne)
Subject: OT-ish: Apache Log4J attack
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 38
Message-ID: <GxPtJ.54166$KV.18108@fx14.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Mon, 13 Dec 2021 22:10:46 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Mon, 13 Dec 2021 17:10:45 -0500
X-Received-Bytes: 2087
 by: Alan Browne - Mon, 13 Dec 2021 22:10 UTC

Several government sites in Quebec are down - couldn't get into the
ClicSecure gate today ...

https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html

Suggested action
----------------
The Cyber Centre encourages those organizations with applications
leveraging Apache Log4j to:

Upgrade to Log4j version 2.15.0 where possible.
Apply the suggested workarounds from Apache if upgrading is not
immediately possible.
Check logs for signs of compromise.

Mitigation
----------
Apache recommends the following mitigations if patching cannot be
immediately performed: Footnote1

In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by
setting the system property “log4j2.formatMsgNoLookups” to “true”.

Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS”
can be set to “true” in order to mitigate this behavior.

For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the
JndiLookup class from the classpath by running the following command.
“zip -q -d log4j-core-*.jar
org/apache/logging/log4j/core/lookup/JndiLookup.class”

--
"...there are many humorous things in this world; among them the white
man's notion that he is less savage than the other savages."
-Samuel Clemens

Re: OT-ish: Apache Log4J attack

<01c68321-d80a-415d-8185-4c08c6166225n@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=13427&group=comp.sys.mac.system#13427

  copy link   Newsgroups: comp.sys.mac.system
X-Received: by 2002:a37:a697:: with SMTP id p145mr2829225qke.690.1639470720143;
Tue, 14 Dec 2021 00:32:00 -0800 (PST)
X-Received: by 2002:a25:f603:: with SMTP id t3mr4409732ybd.453.1639470719973;
Tue, 14 Dec 2021 00:31:59 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.mac.system
Date: Tue, 14 Dec 2021 00:31:59 -0800 (PST)
In-Reply-To: <GxPtJ.54166$KV.18108@fx14.iad>
Injection-Info: google-groups.googlegroups.com; posting-host=77.111.246.8; posting-account=Vm0uAgoAAABvTYeieyl4GElbOkHDqJYr
NNTP-Posting-Host: 77.111.246.8
References: <GxPtJ.54166$KV.18108@fx14.iad>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <01c68321-d80a-415d-8185-4c08c6166225n@googlegroups.com>
Subject: Re: OT-ish: Apache Log4J attack
From: frelwiz...@gmail.com (Steven)
Injection-Date: Tue, 14 Dec 2021 08:32:00 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 59
 by: Steven - Tue, 14 Dec 2021 08:31 UTC

On Monday, December 13, 2021 at 3:10:50 PM UTC-7, Alan Browne wrote:
> Several government sites in Quebec are down - couldn't get into the
> ClicSecure gate today ...
>
> https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html
>
> Suggested action
> ----------------
> The Cyber Centre encourages those organizations with applications
> leveraging Apache Log4j to:
>
> Upgrade to Log4j version 2.15.0 where possible.
> Apply the suggested workarounds from Apache if upgrading is not
> immediately possible.
> Check logs for signs of compromise.
>
>
> Mitigation
> ----------
> Apache recommends the following mitigations if patching cannot be
> immediately performed: Footnote1
>
> In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by
> setting the system property “log4j2.formatMsgNoLookups” to “true”.
>
> Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS”
> can be set to “true” in order to mitigate this behavior.
>
> For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the
> JndiLookup class from the classpath by running the following command.
> “zip -q -d log4j-core-*.jar
> org/apache/logging/log4j/core/lookup/JndiLookup.class”
>
>
> --
> "...there are many humorous things in this world; among them the white
> man's notion that he is less savage than the other savages."
> -Samuel Clemens

Time to blame the herd! Can you get a little less dense?

Ha, ha!

Apd can only speculate from the viewpoint of a sociopath.

--
Do not click this link!!
https://ftp.cdc.gov/pub/health_Statistics/nchs/Software/mmds/2009/spell/mmds_spell.txt
https://search.givewater.com/serp?q=%22functional%20illiterate%20fraud%22
<https://www.whitepages.com/phone/1-423-491-1448>
Dustin Cook is a functionally illiterate fraud

Re: OT-ish: Apache Log4J attack

<f22fa0cb-7416-4bea-a0e0-bd115fc6c66en@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=13429&group=comp.sys.mac.system#13429

  copy link   Newsgroups: comp.sys.mac.system
X-Received: by 2002:ac8:5ad1:: with SMTP id d17mr4557697qtd.23.1639473556945;
Tue, 14 Dec 2021 01:19:16 -0800 (PST)
X-Received: by 2002:a25:ae62:: with SMTP id g34mr4587514ybe.388.1639473556761;
Tue, 14 Dec 2021 01:19:16 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.mac.system
Date: Tue, 14 Dec 2021 01:19:16 -0800 (PST)
In-Reply-To: <GxPtJ.54166$KV.18108@fx14.iad>
Injection-Info: google-groups.googlegroups.com; posting-host=2001:67c:2628:647:f:0:0:254;
posting-account=Vm0uAgoAAABvTYeieyl4GElbOkHDqJYr
NNTP-Posting-Host: 2001:67c:2628:647:f:0:0:254
References: <GxPtJ.54166$KV.18108@fx14.iad>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f22fa0cb-7416-4bea-a0e0-bd115fc6c66en@googlegroups.com>
Subject: Re: OT-ish: Apache Log4J attack
From: frelwiz...@gmail.com (HHI)
Injection-Date: Tue, 14 Dec 2021 09:19:16 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 71
 by: HHI - Tue, 14 Dec 2021 09:19 UTC

On Monday, December 13, 2021 at 3:10:50 PM UTC-7, Alan Browne wrote:
> Several government sites in Quebec are down - couldn't get into the
> ClicSecure gate today ...
>
> https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html
>
> Suggested action
> ----------------
> The Cyber Centre encourages those organizations with applications
> leveraging Apache Log4j to:
>
> Upgrade to Log4j version 2.15.0 where possible.
> Apply the suggested workarounds from Apache if upgrading is not
> immediately possible.
> Check logs for signs of compromise.
>
>
> Mitigation
> ----------
> Apache recommends the following mitigations if patching cannot be
> immediately performed: Footnote1
>
> In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by
> setting the system property “log4j2.formatMsgNoLookups” to “true”.
>
> Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS”
> can be set to “true” in order to mitigate this behavior.
>
> For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the
> JndiLookup class from the classpath by running the following command.
> “zip -q -d log4j-core-*.jar
> org/apache/logging/log4j/core/lookup/JndiLookup.class”
>
>
> --
> "...there are many humorous things in this world; among them the white
> man's notion that he is less savage than the other savages."
> -Samuel Clemens

Which do you think is the better troll? Shadow or Michael Glasser Snit?
I vote for Michael Glasser Snit; only because he occasionally does figure
out what he is told, even if, sadly, he forgets it sometimes moments later.

Are people still debating this?

Plenty of people persist in talking to Michael Glasser Snit. I do not blame
Shadow for his hissy fit but, frankly, I don't figure out why he writes
here now that he gets what this place is. Shadow is focused on dialog as
done in a moderated forum and trolling environments bother him too much.
Both Einstein and Michael Glasser Snit had their successes and their pickles.
One played it well and didn't do anything too shocking that could not be
obfuscated with a larger scandal.

--
Get Rich Slow
https://www.google.com/search?q=dustin+cook%3A+functionally+illiterate+fraud
https://www.zillow.com/homedetails/108-Warrior-Dr-Kingsport-TN-37663/42459578_zpid/
Dustin Cook the Fraud

Re: OT-ish: Apache Log4J attack

<6fb076ab-bd25-42a3-a352-02c9d73078aan@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=13430&group=comp.sys.mac.system#13430

  copy link   Newsgroups: comp.sys.mac.system
X-Received: by 2002:a05:620a:4495:: with SMTP id x21mr3212177qkp.633.1639481200537;
Tue, 14 Dec 2021 03:26:40 -0800 (PST)
X-Received: by 2002:a25:b682:: with SMTP id s2mr5105259ybj.736.1639481200339;
Tue, 14 Dec 2021 03:26:40 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.mac.system
Date: Tue, 14 Dec 2021 03:26:40 -0800 (PST)
In-Reply-To: <GxPtJ.54166$KV.18108@fx14.iad>
Injection-Info: google-groups.googlegroups.com; posting-host=77.111.246.31; posting-account=Vm0uAgoAAABvTYeieyl4GElbOkHDqJYr
NNTP-Posting-Host: 77.111.246.31
References: <GxPtJ.54166$KV.18108@fx14.iad>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <6fb076ab-bd25-42a3-a352-02c9d73078aan@googlegroups.com>
Subject: Re: OT-ish: Apache Log4J attack
From: frelwiz...@gmail.com (HHI)
Injection-Date: Tue, 14 Dec 2021 11:26:40 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 83
 by: HHI - Tue, 14 Dec 2021 11:26 UTC

On Monday, December 13, 2021 at 3:10:50 PM UTC-7, Alan Browne wrote:
> Several government sites in Quebec are down - couldn't get into the
> ClicSecure gate today ...
>
> https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html
>
> Suggested action
> ----------------
> The Cyber Centre encourages those organizations with applications
> leveraging Apache Log4j to:
>
> Upgrade to Log4j version 2.15.0 where possible.
> Apply the suggested workarounds from Apache if upgrading is not
> immediately possible.
> Check logs for signs of compromise.
>
>
> Mitigation
> ----------
> Apache recommends the following mitigations if patching cannot be
> immediately performed: Footnote1
>
> In Log4j versions >= 2.10, the vulnerable behavior can be mitigated by
> setting the system property “log4j2.formatMsgNoLookups” to “true”.
>
> Alternatively, the environment variable “LOG4J_FORMAT_MSG_NO_LOOKUPS”
> can be set to “true” in order to mitigate this behavior.
>
> For Log4j versions 2.0-beta9 to 2.10.0, the mitigation is to remove the
> JndiLookup class from the classpath by running the following command.
> “zip -q -d log4j-core-*.jar
> org/apache/logging/log4j/core/lookup/JndiLookup.class”
>
>
> --
> "...there are many humorous things in this world; among them the white
> man's notion that he is less savage than the other savages."
> -Samuel Clemens

For most I'd just say it is dubious. Of course, given that it's Snit sock
Snit Michael Glasser I would forget that step and go straight to 'lie'
because that's most of what Snit sock Snit Michael Glasser does. Just call
it a lie and watch him beg you to prove it. If Snit sock Snit Michael Glasser
calls getting his ass *kicked hard* every single day by everyone successful
'trolling', then no doubt... he is a fine troll. I do not go along with
that definition, I use another term. I call Snit sock Snit Michael Glasser
a perfect dork. Snit sock Snit Michael Glasser's posts are nothing but
a senseless prattle. And given how repeatedly it is clear that Snit sock
Snit Michael Glasser's signature is some distortion of an observation
Just Wondering wrote which had been a thrashing on Snit sock Snit Michael
Glasser for something he did which was brainless/false/etc... its undoubtedly
a daily gesture of Snit sock Snit Michael Glasser's lingering butthurt
for having been so routinely defeated: Snit sock Snit Michael Glasser is
undeniably unable of dealing with this group.

You installed and read multiple reviews and your "diagnostic abilities"
lead you to that conclusion, and... In Snit sock Snit Michael Glasser's
case, I, and many "trolls", had pointed to things Snit sock Snit Michael
Glasser said and did, he denied them. What Snit sock Snit Michael Glasser
could not deny was people sharing such stories, which is how he ended up
with his list, of course. No no hell no. He never agreed to stop trolling.
He lied about his trolling which surprised nobody.

--
E-commerce Simplified!
https://www.bing.com/search?q=Steve%20Petruzzellis%20narcissistic%20bigot
https://www.google.com/search?q=Steve+Petruzzellis+the+narcissistic+bigot
Dustin Cook: Functionally Illiterate Fraud

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor