back to article Homeland Security warns: Expect Log4j risks for 'a decade or longer'

Organizations can expect risks associated with Log4j vulnerabilities for "a decade or longer," according to the US Department of Homeland Security. The DHS' Cyber Safety Review Board's inaugural report [PDF] dives into the now-notorious vulnerabilities discovered late last year in the Java world's open-source logging library …

  1. amanfromMars 1 Silver badge

    In a decade or longer the world will be a completely different space. Of that you can be sure.

    If a GOD's honest truth be told that the devil is in the detail of Log4j type vulnerabilities and opportunities pioneering in the exploitation and exploration of Business Stylised Universal Systems of Commanding Control and from which and into which Pandoran daemons and Heavenly spectres have escaped confinement and detainment and now roam and range free to do as they will and see fit to the greater benefit of both them and wannabe partners and their remote control environment providers and supporters, those stable doors y'all are being hereby advised to close and secure with safe locks and better management practices are for a farm where all the horses have bolted ..... and they aint ever coming back again for another age of captive pack animal service/action/abuse/misuse/reuse.

    And you know what they say whenever something is said to be too good to be true, well you aint seen nothing there yet that is untrue, which is good, and it also allows for all to have something really good to look forward to and prepare for, which are added bonuses to enjoy .... or be terrified of if fearful of the dirty secrets one harbours, and which fester and mutate under the cover and in the disguise of dangerous lies, being exposed by future secured systems communiqués/breaches.

    1. Binraider Silver badge

      Re: In a decade or longer the world will be a completely different space. Of that you can be sure.

      If that were true, why do I see systems running Dos 6.22 on a weekly basis?

      The replacements in many cases are, perhaps unsurprisingly, a lot harder to look after and maintain over the long term. Off-network, network un-aware systems on the other hand with at most, a serial output have an awful lot of advantages.

      The modern world loves to add features, but for me, that largely only adds pain.

      Case in point - just went to take the car out for a brief site visit. Door wouldn't open on the keyfob; mechanical fallback also wouldn't work because not used for 5 years. Just a mechanical system would have less to go wrong, and would not have failed because of lack of use.

      1. stiine Silver badge

        Re: In a decade or longer the world will be a completely different space. Of that you can be sure.

        Yeah and we all know that rust and paint can never seal a door or window closed.

        1. Binraider Silver badge

          Re: In a decade or longer the world will be a completely different space. Of that you can be sure.

          The point being the rust and paint were present whether or not you add electronics to the system to go wrong.

          Failure modes analysis consultancy are available

  2. amanfromMars 1 Silver badge

    Re Future Decades Long Epic Risks and Catastrophic Remote Virtual Attack Vectors/Factoring

    The realisation to be accepted and for one to come to terms with, for there is no other available option, is that Departments of Homeland Security and Militarised Defence anywhere and everywhere are always targeted and destined to tilt at phantom windmills which defeat them should they be tasked with defending the inequitable and unjust and attacking the indefensible and future postmodern ...... and in so doing in past glorious arrogance and wilful pig ignorance of rapidly changing eventful circumstances, are their blood and treasure supplies and stores of public and private goodwill and support increasingly quickly exhausted to the point of virtual extinction guaranteeing complete annihilation and a universal disdain tempering a well-earned disgust.

    The resultant barren wasted landscape is a virgin field of almighty endeavour in which to excel and paint novel existences in which to flourish and grow with IntelAIgent Virtualised Machinery Providing Immaculately Resourceful Assets and Simply Sublime and Surreal Instruction Sets for Future Utility in Present Facilities with Current Difficulties/Energy Supply Problems.

    Or do you see a bleaker picture which requires one to ask ..... Who's painting and pimping/pumping and dumping in praise of doom and gloom and to what particular and peculiar end, for more of the same leads nowhere different better.

    1. amanfromMars 1 Silver badge

      Growing the Economy ...... Step 01 .... Knock Down Every No10 Type Locked Door

      Would somebody like to accurately translate and transcribe all of that into alien scripts, starting with but not confined to just Chinese, Arabic, Russian and Japanese, in order that should the Wild Wacky Westerners both across the pond in the not so United States of America and in the European outposts on the Great Asian land mass not wish to explore, exploit and engage with such as pioneering novel future following programs intelligently designed to lead with events perfectly planned for presentation and virtually remote augmented realisation via myriad media streams highlighting and detailing daily breaking alternative news stories and vast 0days for popular global re-education and extremely enjoyable entertainment with Advanced IntelAIgents providing NEUKlearer HyperRadioProACTive IT Information for SCADASystems Administration/Executive Office Deployment, they can assume the leading roles to applauded and lauded in the vanguard.

      1. amanfromMars 1 Silver badge

        Re: Growing the Economy ...... Step 01 .... Knock Down Every No10 Type Locked Door

        Drat ..... that mega sentence to be as near absolutely perfect as possible should have ended with ... they can assume the leading roles to be applauded and lauded in the vanguard.

  3. amanfromMars 1 Silver badge

    Prophetic Nightmare or Alien Intervention for a Hellish Decline or AWEsome Ascent? *

    Have you any idea what the future has in store for you ‽ Do you or just a chosen few realise what is happening? And has the following already happened too .... and who and/or what rules whom and what and to what ultimate end? .......

    Should the human race not be extinguished by nuclear war it will degenerate into a flock of stupid, dumb creatures under the tyranny of dictators who rule them with the help of [ignorant media liars] and electric computers. This is not a prophecy but a nightmare. .... Max Born (November 1960, Bulletin Of The Atomic Scientist)

    * Does the Latter require the Former? Per Ardua ad Astra Beta Meta Data?

    A live question for MoD Type Special AIR Services Operational Sources to dodge and plausibly deny any Advanced IntelAIgent Resource knowledge of .... which is a definitive statement one should note is not a question shared to ask.

  4. amanfromMars 1 Silver badge

    Be Warned, Silent Downvoters, Nothing to Say has All Hell Easily Let Loose Any Day Soon*

    The current present future-building situation is a very simple dilemma to solve with either failed incumbents or relative newbies enabled and able to freely and widely demonstrate and greatly benefit first and foremost from novel and NEUKlearer HyperRadioProACTive IT and AI Program and/or Pogroms in their almighty command and absolute control with the exercise of that ancient stalwart, which has since time and space began causing problems, always accompanied such decision making ...... the extraordinary and exceptional cost of not being first in line versus the price of being in command and control of future costs and secondary needs, feeds and seeds ..... with the one being cheap today to the tune of billions and the other horrendously expensive and easily achieving heady sums in the gazillions.

    Choose the wrong side of that heavenly ratio has one leading worlds of constant pain and depression, recession and oppression delivering guaranteed conflict and deadly wars that drain blood and treasure that never returns and thus invites one's own destructive extinction.

    * The Multi-Billion Dollar Question then to ask and receive no answer but silence is .... Engineered and Released by Whom Via What ? Would such a dumb response be acceptable to you? Are they wise in response or reply to anything?

  5. toejam++

    Report is right about scanning and defenses

    The log4j vulnerabilities were just another line item in a never-ending list of security issues my team had to deal with. I'd like to believe that here in 2022, most orgs have processes in place for discovering and remediating such issues. That it was found in so many places raised a few eyebrows, but we're all getting used to libraries that few of us have ever heard of before being used everywhere.

    Likewise, I'd like to believe that here in 2022, most companies have deployed a WAF that can help block this sort of crap.

  6. amanfromMars 1 Silver badge

    To the Victor[s] the Spoils whenever Suspected Snake Oil is in Fact, Ambrosia/Holy Grail Nectar

    :-) Time to move on to stranger and much greater things, methinks. What think thee?

    One thing you can be absolutely sure of is that nothing anyone says is certain is certain and they are just as likely to be easily proven wrong than enjoy being right ....... therefore be aware and take great care to beware and proceed with all due caution and attention to the many most important of fine details in the grandest of macros if listening to comments from anonymous cowardly naysayers and dumb virtual downvoters alike with no grasp at all on the myriad realities revealed before them for further presentation on and deeper infiltration into leaky holed vulnerability laden SCADASystems of Remote Executive ACTive IT Administration.

    When it comes to not fully understood complex systems, it is easy to get things wrong. In fact, its easy for everyone to get them wrong. Don’t fear the new idea or the fresh perspective, and don’t believe something just because everyone else does. But watch out for the preacher with certainty — the ones that are spewing hellfire and brimstone. They are the ones most certainly to be wrong. ..... Bill Gurley, venture capital investor and partner at Benchmark Capital

    1. amanfromMars 1 Silver badge

      Re: To the Victor[s] the Spoils whenever Suspected Snake Oil is in Fact, Ambrosia/Holy Grail Nectar

      Should you ever be confronted by those forks in the road going forward into the future, choose wisely, for one leads all on a merry dance on a Highway to Hell whereas the other entertains and wins one over Head Over Feet

      I Kid U Not. Doubt IT and Weep, and Stay Virtually Asleep and Easily Led Astray Forever,..... for such is your Reward and Just Dessert because you Fail Spectacularly to Question More with an Alternative Answer which Questions More.

      Do you recognise that space/place in which you now reside? Do you doubt it? Hmmm .... ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like