log4j: The Aftermath
Summary of the log4j vulnerability that shook the Internet
This is one of my posts on Network Security and Data Breaches.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
So many people have written about the log4j incident that I wasn’t going to add to the commentary. However, a few people have asked me about it so here’s a quick summary of what happened and my thoughts.
Do you know what’s connected to the Internet?
In order for attackers to exploit the log4J vulnerability, they have to insert data into a log. That insertion point presumably comes from the Internet (though it could be an employee on your internal network or via malware that has accessed your network.)
I was on vacation when this all went down. You might think I was worried about all those Internet-connected things I have running while I was away, but guess what? I shut down all my cloud servers when I went on vacation and turned off my home network. The only things that I had exposed to the Internet were:
- My cell phone where I don’t store sensitive data. I have a separate phone for auth apps and use hardware keys for MFA. There are probably ways people might be able to leverage my phone in some way for an attack, but I avoid storing…
