PolyWolf on Security

LOG4SHELL

Posted on 2021-12-10: https://www.lunasec.io/docs/blog/log4j-zero-day/

Unless you were living under a rock late December 2021, I’m sure you’ve heard of this vulnerability. Rumored to be discovered by Minecraft script kiddies looking for ways to crash their friend’s servers (later proved false), and found to be exploitable nearly everywhere Java ran (thanks to the popularity of Log4J), this was probably the biggest vulnerability of the year. And it needed to get patched during holiday season.

From https://twitter.com/gossithedog/status/1469257750395985924:

Vulnerability explained in patch and meme form.

Git diff showing an added check for invalid JDNI URIs
All modern digital infrastructure rests on a project some random person in nebraska has been thanklessly maintaining since 2003
There's always{" "} A relevant XKCD