lol.
On Thu, 16 Dec 2021 at 18:13, Dr Greg Low <g...@sqldownunder.com> wrote: > I chuckled when I saw this again the other day: > > > > > > If only it wasn't true. > > > > Regards, > > > > Greg > > > > Dr Greg Low > > > > 1300SQLSQL (1300 775 775) office | +61 419201410 mobile > > SQL Down Under | Web: https://sqldownunder.com |About me: > https://greglow.me > > > > *From:* ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com> *On > Behalf Of *Greg Keogh > *Sent:* Thursday, 16 December 2021 6:00 PM > *To:* ozDotNet <ozdotnet@ozdotnet.com> > *Subject:* [OT] log4j Internet Doom > > > > It's almost Friday ... > > > > Many of you might have read the blazing headlines everywhere that the > whole Internet is about to crash because of a security vulnerability in > log4j. I haven't written Java since early 2001, so I went looking for tech > details. > > > > It turns out someone wrote an appender (in our log4net terms) that parsed > a Uri out of a special bit of syntax, then blindly loaded and ran what was > at the Uri. I mean, what could possibly go wrong? I think that this guilty > JNDI appender is available by default, that is, it's in the JAR or > something like that (I can't get further fine details on that). > > > > So it's a bit like *Aircrash Investigations* where it takes multiple > things to go wrong and make a bigger wrong. > > > > Who could have imagined that a logging library would bring the Internet > down?! > > > > *Greg* > -- Dan Cash -m. 0411 468 779 -e. dan.c...@gmail.com F.A.B. Information Systems Pty Ltd ABN 16 084 146 261
