View Poll Results: How promptly do you respond to severe zero-day security vulnerabilities?

Voters
4. You may not vote on this poll
  • Immediately as a very high priority, doing whatever research is necessary.

    2 50.00%
  • Quickly, and possibly before packaged fixes are provided by my software product vendors.

    0 0%
  • Quickly, but only after packaged fixes are provided by my software product vendors.

    1 25.00%
  • Fairly quickly, but not necessarily right away after packaged fixes are provided.

    0 0%
  • Eventually, but with no sense of urgency.

    0 0%
  • I'm not responsible for software upgrades so don't pay attention to such issues.

    1 25.00%
  • Other (please explain in a post).

    0 0%
Results 1 to 3 of 3
  1. #1
    MichaelCorfman's Avatar
    MichaelCorfman is offline GPWA Executive Director
    Join Date
    June 2004
    Location
    Newton, MA
    Posts
    4,557
    Thanks
    1,059
    Thanked 6,109 Times in 1,955 Posts

    Question How promptly do you respond to severe zero-day security vulnerabilities?

    Less than a week ago, on December 9th, security researchers discovered a flaw in the software library Log4j, a widely used software library estimated to have over 100 million instances globally. The flaw has been ranked 10 out of 10 on the Common Vulnerability Scoring System (CVSS) due to the potential impact it might have when exploited by hackers.

    Details are provided in the National Vulnerability Database (NVD) under the CVE dictionary entry CVE-2021-44228 initially published on 10 December 2021. According to an article published on Wired, The Log4J Vulnerability Will Haunt the Internet for Years.

    Already system administrators and security professionals are scrambling to protect their systems. The servers we operate, including those used for the GPWA, underwent emergency updates and reboots to address this new zero-day vulnerability this morning.

    For today's poll I ask about your response to vulnerabilities such as this. How quickly do you assess and respond to serious threats like Log4J? Do you research and respond right away? Do you wait for updates to be provided by your software providers and install them right away? Or do you wait and apply updates for issues like this well after they are available by your software providers? Or do you view that handling vulnerabilities like this is outside the scope of what you do?

    Michael
    Last edited by MichaelCorfman; 15 December 2021 at 5:57 pm.
    GPWA Executive Director, Casino City CEO, Friend to the Village Idiot
    Resources for Affiliates: iGamingDirectory.com, iGamingAffiliatePrograms.com, GamingMeets.com

  2. #2
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    32,618
    Thanks
    3,987
    Thanked 8,838 Times in 5,648 Posts

    Default

    Here are a few more resources for those that might be looking for more information on determining if there servers are vulnerable.

    Tech Republic has a pretty straight forward explanation:
    How to test if your Linux server is vulnerable to Log4j

    Here is zdnet's article with a bit of background also
    https://www.zdnet.com/article/log4j-...tect-yourself/

    Since Debian is my preferred choice of Linux, I checked the update date and their fix was issued on the 11th. I assume RedHat likely had their ready by then and guessing Ubuntu was most likely by then or shortly after Debian's. I did not look to see the others.

    Main take away I think for most to consider are for checking installs that use Apache and checking if the Log4j is in use and the version. The vulnerability exists in Log4j prior to version 2.15.0 .

    Rick
    Universal4

  3. #3
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    32,618
    Thanks
    3,987
    Thanked 8,838 Times in 5,648 Posts

    Default

    I have been thinking about this poll a bit.

    Although this particular threat for me personally was something I felt should get some immediate attention, and I can understand how others could take a more relaxed approach since they rely on their web hosts or server tech's to safeguard against it, the poll itself asks a very important question.

    For me any time I see an announcement of a zero day attack or vulnerability, I usually try and at least look to see what kind of issue it is or can cause.

    I am actually a little less worried about issues that affect desktops and workstations, however one must always stay vigilant and aware of risks and to take care to stay protected.

    For desktop type of warnings I usually immediately run an antivirus update just in case a new patch or fix is out and I monitor for windows updates as well in case an update is released to address the concern.

    Although this particular zero day security warning may not have affected you, be sure to not become complacent, the next one might.

    Rick
    Universal4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •