Hi Sue, Thanks for the offer! NUGA is no longer accepting equipment donations because of the pandemic and also because our service project coordinator has moved out of state. If anyone else

I know at one time this group used to take in donated PC parts to build Linux machines for Northstar Elementary (my kids went there at one time a long time ago!). I have a pile of parts with at least

Thank you, reported to phishing@.... Tom

I haven't seen many that target local Alaskan companies, but I thought I would share this with you all. ---------- Forwarded message --------- From: JP <jp@...> Date: Thu, Mar 24, 2022 at 5:28

That's compatible with the theory that they did keep quiet about it - until they were caught. Okta's blog post has been

My first thought was that if they had obtained sufficient access to compromise clients they would have kept quiet about it.

Thanks again Royce. I have been watching this on some MSP forums as well, a security vendor posted this yesterday afternoon, I was also kind of waiting to see what this really is once the dust

Developing story - take with a grain of salt. If you use Okta, it might be useful for IR resources to start tentative evaluation of applicability to your

INTERFACE Alaska 2022 will take place online on April 21st. Here is the registration link for NUGA members to attend at no cost:

Hi. Running windows 11 pro 64 bit. Now is there a way to get the auto lab iso files and then set them up in vmware player. Auto lab is a free project able to then able to use windows terminal which

Important update: All previous mitigations - based on anything other than upgrading to log4j 2.16 or entirely removing JndiLookup classes - are no longer effective mitigation. If your vendors have not

So far been pretty lucky, but turns out there’s a log4j vulnerability in CrashPlan – there was an update to it posted just yesterday, in case anyone’s using it. Peter Barclay

https://www.youtube.com/watch?v=oC2PZB5D3Ys [youtube.com] Thank you, Dave David Monroe Consulting Engineer, Diversified Industrials o: +1 907 261 4700 m: +1 907 360

Hi, Mike - Good question. log4j 1.x is not vulnerable to the "Log4Shell" vulnerability itself, per its author. However, it is vulnerable to a number of other issues, and is no longer supported by the

Royce, From what I've been seeing, only version 2.x seems to be vulnerable, and 1.x is not, however nothing seems to be certain about that. Have you seen any hard confirmation yet whether 1.x is

JP - Excellent - my hope was to make it forward-ready. And no need for lunch - just please ask any of those folks send me any items that are missing or wrong. :D -- Royce

Thank you so much for the post Royce. Knowing how ubiquitous this logging package was, it really blew up big and is moving fast. I shared your notification with The Tech Tribe not long after your

This one is developing quickly, so I'll push updates here as I discover them: https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/ -- Royce Williams Tech Solvency

Summary (Dan Goodin): Log4j takes a log message, interprets it as a URL and goes out and fetches it. It will even execute JavaScript in URLs with full privileges of the main program. Exploits are

I think you're spot on. If you already have it, no need to replace it, it does the job. --Arthur Corliss Live Free or Die