This is really a concern for businesses and enterprises that are hosting their own applications. So if you're a hospital for instance and keep all your patient data in a web application that has the vulnerability it needs to be fixed ASAP. From an end user perspective there's not a whole lot to do except updating Minecraft.Tell me the truth braniacs of SOSH. How bad is this? What should I stop using until a fix is confirmed?
Dude! Java? Really? I thought better of youI can tell you my entire last two days has been spent on this issue, fun stuff.
My team specifically does not use it (but won't admit what we use instead) to avoid Lambda cold start issues.Dude! Java? Really? I thought better of you
It definitely is for those companies and many like them. This is really bad for a lot of orgs.Cloudflare, Crowdstrike, and Tenable are all freaking out. This seems like a huge concern.
https://www.yahoo.com/finance/global-race-patch-critical-computer-193652362.html
I work for a cyber security start up. We've never written a line of java code. Still had to do upgrades because of some of the Amazon services we use like elasticsearch.Dude! Java? Really? I thought better of you
Don't buy into the hype out of companies selling security products and services. This is a big deal, but not because those guys say so. They stand to profit off it and want to use the sensationalization to drive increased security budgets and spending.Cloudflare, Crowdstrike, and Tenable are all freaking out. This seems like a huge concern.
https://www.yahoo.com/finance/global-race-patch-critical-computer-193652362.html
Yep. It’s everywhere. Elastic as you mentioned, monitoring your systems with Nagios? There too! So glad i got out of corporate security. Now I can just tell customers to go spend the next month patching.I work for a cyber security start up. We've never written a line of java code. Still had to do upgrades because of some of the Amazon services we use like elasticsearch.
This shit is everywhere.
This is an awful take in this case. This is easily exploited and has a major impact. You also don’t need to pay a dime to fix it to these vendors. Trust me I deal with these companies all day long and some do sell fear but not in this case.Don't buy into the hype out of companies selling security products and services. This is a big deal, but not because those guys say so. They stand to profit off it and want to use the sensationalization to drive increased security budgets and spending.
It's why the pharma companies are selling the biggest gloom with each new covid variant. They may actually be bad, but those guys are a horrible litmus test.
That is literally what I said. I said it's a big deal, but that Ale shouldn't be gauging that by those vendors coming out and making statements. Statements from corporate CISOs would carry more weight. I know that is more of Joe's background, but Cloudflare is growing they're security portfolio hard as evidenced by their CEO putting offers out for customers vs Palo just this week.This is an awful take in this case. This is easily exploited and has a major impact. You also don’t need to pay a dime to fix it to these vendors. Trust me I deal with these companies all day long and some do sell fear but not in this case.
Sorry for my poor grammar. My second sentence wasn’t a function of the first.That is literally what I said. I said it's a big deal, but that Ale shouldn't be gauging that by those vendors coming out and making statements. Statements from corporate CISOs would carry more weight. I know that is more of Joe's background, but Cloudflare is growing they're security portfolio hard as evidenced by their CEO putting offers out for customers vs Palo just this week.
They are probably licking their chops more than they're freaking out.Sorry for my poor grammar. My second sentence wasn’t a function of the first.
My assumption is this is in more than just Minecraft. Are there other things the general public should be cautious of, or are we not there yet because the focus is on exploiting big companies right now?This is really a concern for businesses and enterprises that are hosting their own applications. So if you're a hospital for instance and keep all your patient data in a web application that has the vulnerability it needs to be fixed ASAP. From an end user perspective there's not a whole lot to do except updating Minecraft.
The general public, no, as an end user, you shouldn't really worry about this at all.My assumption is this is in more than just Minecraft. Are there other things the general public should be cautious of, or are we not there yet because the focus is on exploiting big companies right now?
And, out of curiosity more than personal concern, is there risk to high profile individuals, activists, political opponents and organizations, or others who might be a worthwhile target?
Here's a starting point of affected software:The general public, no, as an end user, you shouldn't really worry about this at all.
If you work in IT infrastructure or security you should be extremely worried about it and you're probably already working on it.
This is more of a server side thing that would be used to target corporate networks. It's unlikely to get to the level of impacting any individual even if high profile, unless it came out of a data dump from some company that got hacked by way of this vulnerability.