SN 854: Anatomy of a Log4j Exploit

Leo · January 19, 2022, 4:03am

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

big_D · January 20, 2022, 7:21am

Just tested my routers, all stealthed, which I expected.

I am using my AVM Fritz!Box in passthru mode anyway and I have a Ubiquti Unifi Secure Gateway behind it…

jbattman · January 20, 2022, 3:17pm

Also ran the test, but on my Asus router. All good… So far till the next issue crops up.

Started the final season of the expanse.

big_D · January 20, 2022, 3:27pm

Ubiquiti updated everything last month. I think their controller/Cloud Key used Log4j.

jbattman · January 20, 2022, 4:22pm

Ahh, no log4j on my baby Asus router. Latest release for my router lists the following:

Firmware version 3.0.0.4.386_45987

Bug Fixes and Enhancements:

Topic		Replies	Views
SN 849: Log4j & Log4Shell Security Now episode	1	289	December 16, 2021
SN 850: It's a Log4j Christmas Security Now episode	5	359	December 30, 2021
Log4J fixing for LAMP servers? Internet	6	535	December 15, 2021
SN 855: Inside the NetUSB Hack Security Now episode	4	345	January 27, 2022
Please post update on the Ubiquiti breach - insider job! Security Now	2	264	December 17, 2021