Re: How do I determine which hardware device and software has log4j zero-day security vulnerability?
I realised there is an Apache Log4j mailing list. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 19 Dec 2021 Sunday On Fri, 17 Dec 2021 at 00:29, Arvid Heise wrote: > > I think this is meant for the Apache log4j mailing list [1]. > > [1] https://logging.apache.org/log4j/2.x/mail-lists.html > > On Thu, Dec 16, 2021 at 4:07 PM David Morávek wrote: >> >> Hi Turritopsis, >> >> I fail to see any relation to Apache Flink. Can you please elaborate on how >> Flink fits into it? >> >> Best, >> D. >> >> On Thu, Dec 16, 2021 at 3:52 PM Turritopsis Dohrnii Teo En Ming >> wrote: >>> >>> Subject: How do I determine which hardware device and software has >>> log4j zero-day security vulnerability? >>> >>> Good day from Singapore, >>> >>> I am working for a Systems Integrator (SI) in Singapore. We have >>> several clients writing in, requesting us to identify log4j zero-day >>> security vulnerability in their corporate infrastructure. >>> >>> It seems to be pretty difficult to determine which hardware device and >>> which software has the vulnerability. There seems to be no lists of >>> hardware devices and software affected by the flaw any where on the >>> internet. >>> >>> Could you refer me to definitive documentation/guides on how to >>> identify log4j security flaw in hardware devices and software? >>> >>> Thank you very much for your kind assistance. >>> >>> Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021, >>> is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant >>> with a Systems Integrator (SI)/computer firm in Singapore. He is an IT >>> enthusiast. >>> >>> >>> >>> >>> >>> -BEGIN EMAIL SIGNATURE- >>> >>> The Gospel for all Targeted Individuals (TIs): >>> >>> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of >>> U.S. Embassy Workers >>> >>> Link: >>> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html >>> >>> >>> >>> Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's >>> Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts >>> at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan >>> (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): >>> >>> [1] https://tdtemcerts.wordpress.com/ >>> >>> [2] https://tdtemcerts.blogspot.sg/ >>> >>> [3] https://www.scribd.com/user/270125049/Teo-En-Ming >>> >>> -END EMAIL SIGNATURE-
Re: How do I determine which hardware device and software has log4j zero-day security vulnerability?
Hi, Please refer to this link. Article: Log4j zero-day flaw: What you need to know and how to protect yourself Link: https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/ The article says: [QUOTE] WHAT DEVICES AND APPLICATIONS ARE AT RISK? Basically any device that's exposed to the internet is at risk if it's running Apache Log4J, versions 2.0 to 2.14.1. NCSC notes that Log4j version 2 (Log4j2), the affected version, is included in Apache Struts2, Solr, Druid, Flink, and Swift frameworks. Where is Log4j used? The Log4j 2 library is used in enterprise Java software and according to the UK's NCSC is included in Apache frameworks such as Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and Apache Swift. [/QUOTE] Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 19 Dec 2021 Sunday On Thu, 16 Dec 2021 at 23:07, David Morávek wrote: > > Hi Turritopsis, > > I fail to see any relation to Apache Flink. Can you please elaborate on how > Flink fits into it? > > Best, > D. > > On Thu, Dec 16, 2021 at 3:52 PM Turritopsis Dohrnii Teo En Ming > wrote: >> >> Subject: How do I determine which hardware device and software has >> log4j zero-day security vulnerability? >> >> Good day from Singapore, >> >> I am working for a Systems Integrator (SI) in Singapore. We have >> several clients writing in, requesting us to identify log4j zero-day >> security vulnerability in their corporate infrastructure. >> >> It seems to be pretty difficult to determine which hardware device and >> which software has the vulnerability. There seems to be no lists of >> hardware devices and software affected by the flaw any where on the >> internet. >> >> Could you refer me to definitive documentation/guides on how to >> identify log4j security flaw in hardware devices and software? >> >> Thank you very much for your kind assistance. >> >> Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021, >> is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant >> with a Systems Integrator (SI)/computer firm in Singapore. He is an IT >> enthusiast. >> >> >> >> >> >> -BEGIN EMAIL SIGNATURE- >> >> The Gospel for all Targeted Individuals (TIs): >> >> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of >> U.S. Embassy Workers >> >> Link: >> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html >> >> >> >> Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's >> Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts >> at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan >> (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): >> >> [1] https://tdtemcerts.wordpress.com/ >> >> [2] https://tdtemcerts.blogspot.sg/ >> >> [3] https://www.scribd.com/user/270125049/Teo-En-Ming >> >> -END EMAIL SIGNATURE-
Re: How do I determine which hardware device and software has log4j zero-day security vulnerability?
I think this is meant for the Apache log4j mailing list [1]. [1] https://logging.apache.org/log4j/2.x/mail-lists.html On Thu, Dec 16, 2021 at 4:07 PM David Morávek wrote: > Hi Turritopsis, > > I fail to see any relation to Apache Flink. Can you please elaborate on > how Flink fits into it? > > Best, > D. > > On Thu, Dec 16, 2021 at 3:52 PM Turritopsis Dohrnii Teo En Ming < > ceo.teo.en.m...@gmail.com> wrote: > >> Subject: How do I determine which hardware device and software has >> log4j zero-day security vulnerability? >> >> Good day from Singapore, >> >> I am working for a Systems Integrator (SI) in Singapore. We have >> several clients writing in, requesting us to identify log4j zero-day >> security vulnerability in their corporate infrastructure. >> >> It seems to be pretty difficult to determine which hardware device and >> which software has the vulnerability. There seems to be no lists of >> hardware devices and software affected by the flaw any where on the >> internet. >> >> Could you refer me to definitive documentation/guides on how to >> identify log4j security flaw in hardware devices and software? >> >> Thank you very much for your kind assistance. >> >> Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021, >> is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant >> with a Systems Integrator (SI)/computer firm in Singapore. He is an IT >> enthusiast. >> >> >> >> >> >> -BEGIN EMAIL SIGNATURE- >> >> The Gospel for all Targeted Individuals (TIs): >> >> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of >> U.S. Embassy Workers >> >> Link: >> >> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html >> >> >> >> >> Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's >> Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts >> at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan >> (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): >> >> [1] https://tdtemcerts.wordpress.com/ >> >> [2] https://tdtemcerts.blogspot.sg/ >> >> [3] https://www.scribd.com/user/270125049/Teo-En-Ming >> >> -END EMAIL SIGNATURE- >> >
Re: How do I determine which hardware device and software has log4j zero-day security vulnerability?
Hi Turritopsis, I fail to see any relation to Apache Flink. Can you please elaborate on how Flink fits into it? Best, D. On Thu, Dec 16, 2021 at 3:52 PM Turritopsis Dohrnii Teo En Ming < ceo.teo.en.m...@gmail.com> wrote: > Subject: How do I determine which hardware device and software has > log4j zero-day security vulnerability? > > Good day from Singapore, > > I am working for a Systems Integrator (SI) in Singapore. We have > several clients writing in, requesting us to identify log4j zero-day > security vulnerability in their corporate infrastructure. > > It seems to be pretty difficult to determine which hardware device and > which software has the vulnerability. There seems to be no lists of > hardware devices and software affected by the flaw any where on the > internet. > > Could you refer me to definitive documentation/guides on how to > identify log4j security flaw in hardware devices and software? > > Thank you very much for your kind assistance. > > Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021, > is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant > with a Systems Integrator (SI)/computer firm in Singapore. He is an IT > enthusiast. > > > > > > -BEGIN EMAIL SIGNATURE- > > The Gospel for all Targeted Individuals (TIs): > > [The New York Times] Microwave Weapons Are Prime Suspect in Ills of > U.S. Embassy Workers > > Link: > https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html > > > > > Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's > Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts > at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan > (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): > > [1] https://tdtemcerts.wordpress.com/ > > [2] https://tdtemcerts.blogspot.sg/ > > [3] https://www.scribd.com/user/270125049/Teo-En-Ming > > -END EMAIL SIGNATURE- >
How do I determine which hardware device and software has log4j zero-day security vulnerability?
Subject: How do I determine which hardware device and software has log4j zero-day security vulnerability? Good day from Singapore, I am working for a Systems Integrator (SI) in Singapore. We have several clients writing in, requesting us to identify log4j zero-day security vulnerability in their corporate infrastructure. It seems to be pretty difficult to determine which hardware device and which software has the vulnerability. There seems to be no lists of hardware devices and software affected by the flaw any where on the internet. Could you refer me to definitive documentation/guides on how to identify log4j security flaw in hardware devices and software? Thank you very much for your kind assistance. Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a Systems Integrator (SI)/computer firm in Singapore. He is an IT enthusiast. -BEGIN EMAIL SIGNATURE- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -END EMAIL SIGNATURE-
