[Solved] eBlocker not affected by log4j security issue

2 Posts
2 Users
4 Reactions
236 Views
(@benne)
Famed Member Admin
Joined: 5 Jahren ago
Posts: 1084
Topic starter  

The log4j security issue that is discussed heavily in the media is not affecting eBlocker.

Actually, we were aware of this attack vector two days before the official authority‘s warning. We recorded and analyzed the attack pattern in a forensic log last Friday already:

Screenshot 2021 12 10 150720

Even eBlockerOS uses log4j, our particular implementation is not affected. Nevertheless, we will update the log4j component with the next maintenance release to stay up-to-date with current enhancements.

The eBlocker web servers as well as other centrally provided infrastructure (update servers, DynDNS, team collaboration etc.) is also not affected as we analyzed log4j is not used by these services.

[Off topic] I had the pleasure to talk about the log4j attack vector in the German TV "ZDF heute" news on Monday: https://www.zdf.de/nachrichten/heute-19-uhr/software-sicherheitsluecke-cybersicherheit-video-100.html [/Off topic]


   
hellb, AndreasHamburg, Random and 1 people reacted
ReplyQuote
(@taipan)
Estimable Member
Joined: 5 Jahren ago
Posts: 72
 

Great news


   
ReplyQuote

Nach oben scrollen