<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Logj4 Breach in Security and Permissions</title>
    <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/569586#M2861</link>
    <description>Hi all - thanks for your nudges.&lt;BR /&gt;
&lt;BR /&gt;
I just wanted to re-iterate that since the incident was originally reported, we have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch and/or taking other appropriate actions.&lt;BR /&gt;
&lt;BR /&gt;
Just like other service providers, we continue to work with our vendors to assess impact and remediation efforts.&lt;BR /&gt;
&lt;BR /&gt;
Our systems are functioning normally at the moment and we are not aware of any active threat.&lt;BR /&gt;
&lt;BR /&gt;
I hope this helps!</description>
    <pubDate>Mon, 10 Jan 2022 19:47:49 GMT</pubDate>
    <dc:creator>Walter</dc:creator>
    <dc:date>2022-01-10T19:47:49Z</dc:date>
    <item>
      <title>Log4j Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/563998#M2854</link>
      <description>&lt;P&gt;After the discovery of the security breach caused by Log4j on the weekend of December 10-12, 2021. We need to know if your software is vulnerable to this security breach.&lt;/P&gt;</description>
      <pubDate>Tue, 14 Dec 2021 20:27:49 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/563998#M2854</guid>
      <dc:creator>Bigjoe910</dc:creator>
      <dc:date>2021-12-14T20:27:49Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564163#M2855</link>
      <description>&lt;P&gt;My company is also asking for a status on this - is Dropbox and HelloSign affected?&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 14 Dec 2021 17:08:02 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564163#M2855</guid>
      <dc:creator>leksikon</dc:creator>
      <dc:date>2021-12-14T17:08:02Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564201#M2856</link>
      <description>&lt;P&gt;Hey &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1501295"&gt;@Bigjoe910&lt;/a&gt; &amp;amp; &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1501555"&gt;@leksikon&lt;/a&gt; - thanks for your patience while we conducted a thorough review of services and components across all Dropbox products.&lt;BR /&gt;&lt;BR /&gt;We have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch or taking other appropriate action. Like many other service providers, we continue to work with our vendors to assess impact and remediation efforts. Our systems are functioning normally and we are not aware of any active threat.&lt;BR /&gt;&lt;BR /&gt;I hope this information helps!&lt;BR /&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 14 Dec 2021 20:26:46 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564201#M2856</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2021-12-14T20:26:46Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564424#M2857</link>
      <description>&lt;P&gt;Is there any update on if both CVE's related to Log4j are remediated or mitigated on the Dropbox platform?&amp;nbsp; The latest CVE was just added late 12/14/2021.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;CVE-2021-45046&lt;BR /&gt;CVE-2021-44228&lt;/P&gt;</description>
      <pubDate>Wed, 15 Dec 2021 19:31:46 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564424#M2857</guid>
      <dc:creator>peteheinlein</dc:creator>
      <dc:date>2021-12-15T19:31:46Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564454#M2858</link>
      <description>&lt;P&gt;Is there any update on if both CVE's related to Log4j are remediated or mitigated on the Dropbox platform?&amp;nbsp; The latest CVE was just added late 12/14/2021.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;CVE-2021-45046&lt;BR /&gt;CVE-2021-44228&lt;/P&gt;</description>
      <pubDate>Wed, 15 Dec 2021 21:50:53 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/564454#M2858</guid>
      <dc:creator>peteheinlein</dc:creator>
      <dc:date>2021-12-15T21:50:53Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach and lack of info from Dropbox</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/565478#M2859</link>
      <description>&lt;P&gt;Hello everyone&lt;/P&gt;&lt;P&gt;I wrote Dropbox support and received a generic response that they are looking into it and will work the various vendors to work with to provide a safe environment (basically that is what it said); This is disappointing that we need to push the vendor to provide an update to us. TO date (12/21/21) I have not seen a dedicated page on their website for Log4J.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;Zee&lt;/P&gt;</description>
      <pubDate>Tue, 21 Dec 2021 18:32:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/565478#M2859</guid>
      <dc:creator>Zeeman</dc:creator>
      <dc:date>2021-12-21T18:32:43Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/568852#M2860</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Do you have any update? Could you please confirm how does this affect Dropbox and/or if it has already been mitigated?&lt;/P&gt;&lt;P&gt;Thank you and I look forward to your response.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Kind Regards,&lt;/P&gt;&lt;P&gt;JCarreon&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 07 Jan 2022 03:56:19 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/568852#M2860</guid>
      <dc:creator>jcarreon</dc:creator>
      <dc:date>2022-01-07T03:56:19Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/569586#M2861</link>
      <description>Hi all - thanks for your nudges.&lt;BR /&gt;
&lt;BR /&gt;
I just wanted to re-iterate that since the incident was originally reported, we have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch and/or taking other appropriate actions.&lt;BR /&gt;
&lt;BR /&gt;
Just like other service providers, we continue to work with our vendors to assess impact and remediation efforts.&lt;BR /&gt;
&lt;BR /&gt;
Our systems are functioning normally at the moment and we are not aware of any active threat.&lt;BR /&gt;
&lt;BR /&gt;
I hope this helps!</description>
      <pubDate>Mon, 10 Jan 2022 19:47:49 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/569586#M2861</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2022-01-10T19:47:49Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/569961#M2862</link>
      <description>&lt;P&gt;Hello Dropboxer,&lt;/P&gt;&lt;P&gt;Few observations as I am still marking Dropbox as ORANGE on my tracking list:&amp;nbsp;&lt;/P&gt;&lt;P&gt;A- I can't see what date you are indicating that Dropbox is working with vendors to mitigate the risk? which date does it apply to?&lt;/P&gt;&lt;P&gt;B- Even though on the surface it seems Dropbox has hardened itself you are falling short on stating Dropbox isn't at risk. Where are we on the spectrum of risk say 1 to 5 (5 to be the highest?)&lt;/P&gt;&lt;P&gt;C- When will Dropbox have an official stance on their website and not through a community response like many other vendors? I haven't found one if there is one kindly post the link herein.&lt;/P&gt;&lt;P&gt;Thx,&lt;/P&gt;&lt;P&gt;Z&lt;/P&gt;</description>
      <pubDate>Tue, 11 Jan 2022 21:47:14 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/569961#M2862</guid>
      <dc:creator>Zeeman</dc:creator>
      <dc:date>2022-01-11T21:47:14Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/571304#M2863</link>
      <description>Happy Tuesday guys!&lt;BR /&gt;
&lt;BR /&gt;
As mentioned, we conducted a thorough review of services and components across all Dropbox products.&lt;BR /&gt;
&lt;BR /&gt;
We hardened all instances of log4j that were identified on Dropbox-owned platforms by applying a patch or taking other appropriate action. Our systems are functioning normally, and we have no evidence that this vulnerability was exploited.&lt;BR /&gt;
&lt;BR /&gt;
We will continue to work with our vendors to assess the impact and remediation efforts.&lt;BR /&gt;
&lt;BR /&gt;
So far, our vendors were either not vulnerable or had taken appropriate action. We have not seen any evidence of exploitation at our vendors. We’re still following up with a few vendors, like many other companies.&lt;BR /&gt;
&lt;BR /&gt;
I hope this clarifies!&amp;nbsp;</description>
      <pubDate>Tue, 18 Jan 2022 11:47:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/571304#M2863</guid>
      <dc:creator>Megan</dc:creator>
      <dc:date>2022-01-18T11:47:56Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/579802#M2864</link>
      <description>&lt;P&gt;Howdy, friends!&lt;BR /&gt;&lt;BR /&gt;As a follow-up to the Log4j vulnerability, our IT Security team is asking for the following specifics:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;Confirmation that Dropbox is no longer vulnerable (which is already available here in this discussion)&lt;/LI&gt;&lt;LI&gt;The vulnerable version Dropbox was using&lt;/LI&gt;&lt;LI&gt;The latest version Dropbox patched to (with dates)&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;Any insight anyone can share is greatly appreciated.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thank you!&lt;/P&gt;</description>
      <pubDate>Wed, 23 Feb 2022 15:25:30 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/579802#M2864</guid>
      <dc:creator>MasterJediVuj</dc:creator>
      <dc:date>2022-02-23T15:25:30Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/580064#M2865</link>
      <description>Hey &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1521093"&gt;@MasterJediVuj&lt;/a&gt;, thanks for joining the discussion here.
&lt;BR /&gt; 
&lt;BR /&gt; Would it be OK if we reach out via email to have a further look into your queries internally?&amp;nbsp;</description>
      <pubDate>Thu, 24 Feb 2022 17:43:35 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/580064#M2865</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2022-02-24T17:43:35Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/580093#M2866</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/364291"&gt;@Walter&lt;/a&gt;- absolutely. Please do&lt;/P&gt;</description>
      <pubDate>Thu, 24 Feb 2022 20:18:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/580093#M2866</guid>
      <dc:creator>MasterJediVuj</dc:creator>
      <dc:date>2022-02-24T20:18:56Z</dc:date>
    </item>
    <item>
      <title>Re: Logj4 Breach</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/580103#M2867</link>
      <description>Sure thing &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1521093"&gt;@MasterJediVuj&lt;/a&gt; - you've got &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@57C7D91998721DF4DFD936069281E68A/images/emoticons/2709.png" alt=":envelope:" title=":envelope:" /&gt;&amp;nbsp;</description>
      <pubDate>Thu, 24 Feb 2022 20:42:20 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Log4j-Breach/m-p/580103#M2867</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2022-02-24T20:42:20Z</dc:date>
    </item>
  </channel>
</rss>

