#
"*": "https://raw.githubusercontent.com/wefindx/schema/master/intent/oo-item.yaml"
#
"base:title": "0oo - what is log4j"
"og:title": "what is log4j"
"og:description": "A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week. The list of potential victims encompasses nearly a third of all web servers in the world, according to cybersecurity firm Cybereason. Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, and one of the world's most popular video games, Minecraft count themselves among the slew of tech and industry giants running the popular software code that U.S. officials estimate have left hundreds of millions of devices exposed. By Friday, more than 3,700,000 hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm …"
"og:image": "https://avatars0.githubusercontent.com/u/28134655"
"og:url": "/intent/107001/"
"base:css": "/static/css/bootstrap.min.9c25540d6272.css"
"base:extra-css": "/static/css/base.57997aeac1df.css"
"base:favicon": "/static/favicon.acaa334f0136.ico"
"base:body_class": ""
"layout:logo": "/static/0oo.8d2a8bbef612.svg"
"layout:index": "/"
"layout:menu": "/menu/"
"layout:categories": "/intents/"
"layout:ideas": "/methods/"
"layout:projects": "/projects/"
"layout:users": "/users/"
"layout:about": "/about/"
"layout:help": "/help/"
"layout:bug_report": "https://github.com/wefindx/0oo"
"layout:login": "/accounts/login/"
"layout:light-off": "/darken/?darken=true"
"layout:set-multilingual": "/mulang/?mulang=true"
"layout:lang": "Kalba"
"layout:set-language-post-action": "/i18n/setlang/"
"layout:csrf-token": "Lu2ppFMc2b5Gphfl5ws3ZsIBWRLfmfyCQjClZZfvnx2bOpSckMr6vqUPdj9nrovB"
"layout:input-next": "/intent/107001/"
"layout:languages": [{"code": "ja", "is-active": "false", "name": "日本語"}, {"code": "lt", "is-active": "true", "name": "Lietuviškai"}, {"code": "zh-hans", "is-active": "false", "name": "简体中文"}, {"code": "en", "is-active": "false", "name": "English"}, {"code": "ru", "is-active": "false", "name": "Русский"}, {"code": "oo", "is-active": "false", "name": "O;o,"}]
#
"item:parent:intents": [{"title": "Kompiuterių sauga", "url": "/intent/108001/"}, {"title": "Nulinės dienos pažeidžiamumas", "url": "/intent/109001/"}]
"item:title": "what is log4j"
"item:votes": 0
"item:add-vote": "#addnote"
"item:intent": "/intent/107001/?l=lt"
"item:base-administration": false
"item:body": |
.:en
A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week.
The list of potential victims encompasses nearly a third of all web servers in the world, according to cybersecurity firm Cybereason. Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, and one of the world's most popular video games, Minecraft count themselves among the slew of tech and industry giants running the popular software code that U.S. officials estimate have left hundreds of millions of devices exposed.
By Friday, more than 3,700,000 hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm Checkpoint, with more than 46% conducted by known malicious groups.
"item:permalink": "/intent/107001/?l=lt"
"item:source-date": ""
"item:owner": "Bassxn2"
"item:ownerlink": "/user/33001/Bassxn2"
"item:created": "2021-12-23T19:11:28.018275"
"item:intent:child:add": "/admin/hlog/intent/add/?parent=107001"
#
"item:method:items":
"item:method:add": "/admin/hlog/method/add/?parent=107001"
"item:comment:add": "/intents/addnote?parent=107001"
"item:comment:add:csrf_token": "Lu2ppFMc2b5Gphfl5ws3ZsIBWRLfmfyCQjClZZfvnx2bOpSckMr6vqUPdj9nrovB"
"item:comment:form": |
Pažymėkite, jei komentaras kelia naujų klausimų.
Pažymėkite, jei komentaras siųlo galimus sprendimus.
Pažymėkite, jei komentaras pateikia potencialiai naudingų faktų.
Prašome prisijungti.
#
"item:comment:items":
- "id": "r-220001"
"mtrans": |
Sveiki atvykę į Infinity, [Bassxn2]! :) Log4j yra [kompiuterio saugos](https://0oo.li/intent/108001/computer-security) problema ir [0-day](https://0oo.li/intent/109001/0- dienos) problema, ir ji labai paplitusi, nes Log4j yra labai populiari biblioteka, naudojama visų rūšių programinėje įrangoje.
Gerai, kad tai lengva pataisyti:
– „Java 8“ Log4j į „>=2.17.0“.
– „Java 7“ Log4j į „>=2.12.3“.
– „Java 6“ Log4j į „>=2.3.1“.
- ARBA pašalinkite `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class`
Ieškokite įsibrovimo pėdsakų:
- Peržiūrėkite Log4j žurnalus, ieškokite JNDI įrašų
– Pavyzdžiai: [https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b](https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d1560b6e)
– Analizės scenarijus („Python“): [https://github.com/Neo23x0/log4shell-detector](https://github.com/Neo23x0/log4shell-detector)
(Šis analizės scenarijus gali būti geras projektas, skirtas čia susieti.)
Atkreipkite dėmesį, kad šis klausimas labai priklausomas nuo laiko, tai nėra ilgalaikis pasaulinis iššūkis. [pažymėtas iki galiojimo pabaigos]
"text": |
Welcome to Infinity, [Bassxn2]! :) The log4j is a [computer security](https://0oo.li/intent/108001/computer-security) issue, and [0-day](https://0oo.li/intent/109001/0-day)-ish issue, and it's super-widespread, because Log4j is very popular library used in all kind of software.
It's good it's easy to fix:
- Java 8's Log4j to `>=2.17.0`
- Java 7's Log4j to `>=2.12.3`
- Java 6's Log4j to `>=2.3.1`
- OR remove `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class`
Lookup for traces of intrusion:
- Review logs of Log4j, search for JNDI records
- Examples: [https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b](https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b)
- Analysis script (Python): [https://github.com/Neo23x0/log4shell-detector](https://github.com/Neo23x0/log4shell-detector)
(This analysis script may be a good project to link here.)
Take a note, that this issue is very circumstantial time-sensitive, it is not a long-term global challenge. [marked-for-expiry]
"owner": "Mindey"
"ownerlink": "/user/147/Mindey"
"permalink": "/intent/107001/?l=lt#r-220001"
"created": "2021-12-23T23:34:33.093107"
"vote": ""
- "id": "r-221001"
"mtrans": |
Ačiū! Ir ačiū už išsamumą ir paaiškinimą, dėkingas. Pažymėjo.
"text": |
Thank you! And thanks for elaboration and explanation, appreciated. Noted.
"owner": "Bassxn2"
"ownerlink": "/user/33001/Bassxn2"
"permalink": "/intent/107001/?l=lt#r-221001"
"created": "2021-12-24T10:30:16.782767"
"vote": ""
"base:js": "/static/js/base.c7357c06cc89.js"