Follow

security, java 

If you run, uh, anything in Java that logs things (Java Minecraft? A random webapp? Whatever.) and it's exposed to the internet, you might want to take it down and/or get it patched real fast. The log4j vulnerability can pretty much be sprayed everywhere much like "shellshock", and gives up code execution to an attacker, so widespread scanning / attacks are likely imminent.

Decent writeup at lunasec.io/docs/blog/log4j-zer .

Sign in to participate in the conversation
ostatus.lardbucket.org

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!