<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 2 6 3 5 4 5 2 3 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:12.0pt'>T.Weeks,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'>Our incident response team has been pretty busy over the last few weeks helping customers with Log4j. Maybe a perspective on what they have been seeing across our customer base and how they dealt with it would be helpful?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'>Just throwing it out there.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellpadding=0 style='background:white'><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'>Tom Casey,</span></b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'> </span><span style='font-size:12.0pt;font-family:Helvetica;color:dimgray'>Account Executive</span><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'><br><b>O</b> 804-767-2412<o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'>M</span></b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'> 703-989-0833<br><b>e</b> <a href="mailto:tom.casey@guidepointsecurity.com" target="_blank"><span style='color:#1155CC'>tom.casey@guidepointsecurity.com</span></a><o:p></o:p></span></p></td></tr></table><p class=MsoNormal><span style='display:none'><o:p> </o:p></span></p><table class=MsoNormalTable border=0 cellpadding=0 width="100%" style='width:100.0%;background:white'><tr><td style='padding:.75pt .75pt .75pt .75pt'></td></tr><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray;background:white'>Confidentiality Notice: This communication constitutes an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. Section 2510, and its disclosure is strictly limited to the recipient intended by the sender of this message. This transmission, and any attachments, may contain confidential information and work product(s). If you are not the intended recipient, any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. Please contact us immediately by return e-mail or call <a href="tel:(877)%2520889-0132" target="_blank"><span style='color:#1155CC'>(877) 889-0132</span></a> </span><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:#2E75B5;background:white'>option 5</span><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray;background:white'>, and destroy the original transmission and its attachments without reading or saving in any manner.</span><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'><o:p></o:p></span></p></td></tr></table></div><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Security-Discuss <security-discuss-bounces@lists.rbtc.tech> on behalf of "Weeks, Thomas" <t.weeks@vt.edu><br><b>Date: </b>Thursday, January 13, 2022 at 4:28 PM<br><b>To: </b>"security-discuss@lists.rbtc.tech" <security-discuss@lists.rbtc.tech><br><b>Subject: </b>[Security-Discuss] RBTC Q1 Security Talk Topics?<o:p></o:p></span></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='background:white'><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><div id=divRplyFwdMsg><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal style='background:white'><span style='font-size:12.0pt;color:black'>Hey all..<o:p></o:p></span></p></div><div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>Hope you had a great Holiday break. Most of us are back now.. and getting settled back into things.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>As such, I had been thinking about our RBTC security topic for Q1.. and the only thing on my mind right now is Log4J.. especially with its estimated impact on "hundreds of millions of devices"[1]Beyond patching your kid's Minecraft clients and servers.. on the Enterprise, business, or campus sides of things.. How to find all your systems running java/log4j (especially for hidden or embedded systems), and various patching strategies (or stories).. especially for those relying on third parties to provide patches (e.g. network devices, etc).<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>Thoughts?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>Do any of you manage affected systems?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>Did you have any big audit/scanning for affected systems?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>What was your patching strategy?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>Do you think there are any better or more timely topics?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>[1] - <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wired.com_story_lo4j-2Dftc-2Dvulnerability_&d=DwMFAw&c=cehHn3YFTvbeqmBOizlVwndgdnPducYBouAyYX7fXYg&r=Kf5RBswNMWU0qgnhv-jum_IwioCzbHpyt-zOC4z_r4yBHb_cYw_XdWTbgZTnSI1i&m=4ijxacH7Jr4D3t7njvHSErnTrIvSTAMFv4aus3XJ-wEdaI9ZM9TW5LU2A-NmrlBd&s=2rU-LwycNGaTDqkdEaQNPp8alg6Epj0IczMA75EVGPI&e=">https://www.wired.com/story/lo4j-ftc-vulnerability/ [wired.com]</a><o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><div id="x_Signature"><div><div name="x_divtagdefaultwrapper"><p class=MsoNormal><span style='font-family:Consolas'>-- </span><o:p></o:p></p></div><div name="x_divtagdefaultwrapper"><p class=MsoNormal><b><span style='font-family:Consolas'>T.Weeks</span></b><o:p></o:p></p></div></div></div></div></div></div><p class=MsoNormal>_______________________________________________ Security-Discuss mailing list Security-Discuss@lists.rbtc.tech https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.rbtc.tech_mailman_listinfo_security-2Ddiscuss&d=DwIGaQ&c=cehHn3YFTvbeqmBOizlVwndgdnPducYBouAyYX7fXYg&r=Kf5RBswNMWU0qgnhv-jum_IwioCzbHpyt-zOC4z_r4yBHb_cYw_XdWTbgZTnSI1i&m=4ijxacH7Jr4D3t7njvHSErnTrIvSTAMFv4aus3XJ-wEdaI9ZM9TW5LU2A-NmrlBd&s=B2msiASIoh0gHv-QOSTnsq41h5DcP4xsoQean9PUxvg&e= <o:p></o:p></p></div></body></html>