Categories
Adobe Blog Digital Asset Management MAM Technology

JAVA EXPLOIT – vulnerability with Log4j

Continue Following this Blog Post for Live Updates!

On Friday, December 10, 2021, CHESA received notice that there is a vulnerability with Log4j. “Log4j is a Java-based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.” CHESA Support is evaluating all environments for any vulnerabilities related to the Log4j. We have reached out to our vendors to gather information on if their software presents this vulnerability.

The following vendors have identified vulnerabilities or provided feedback. If there is a vulnerability in your environment CHESA support will open a case under your service contract to address the vulnerability.

Amazon Web ServicesAWS BlogUsing AWS security services to protect against, detect, and respond to the Log4j vulnerability | Amazon Web Services. December 20, 2021: The blog has been updated to include Amazon Route 53 Resolver DNS Firewall info.

ArchiwareP5 and Pure are not affected by the Java Log4j vulnerability. P5 and Pure do not use any Java code, that also excludes the use of the Java Log4j library. It is thus not affected be the Log4j vulnerability. Both products are based on the Naviserver that is written in the C programming language. 

AsperaAspera does not use log4jv2. The java applications use log4j-over-sl4j – which uses the same API interface as log4j but it is a different software component. There is one part of the java stack that does use log4jv1 – that is the trapd component when it is interfacing with the hdfs:// type storage. There are not many customers using HDFS. Since this is log4jv1 it is also not vulnerable.

Avid – December 20, 2021 Update: Avid is aware of the recently reported Apache Log4j RCE vulnerability.
CVE-2021-44228 – Please review the following document for more information, and follow Avid Best Practices for isolating your Avid systems from the internet.

Codemill
Accurate.Video:
None of the Docker images that we currently distribute as part of Accurateplayer or Accurate.Video includes any version of log4j. Our product, Accurate Player Vidispine Edition (APVE), did have an issue with one of its renditions but this has been fixed and rolled out.
Cantemo:
Cantemo, Vidispine, and any other components are not impacted directly by this vulnerability. In Cantemo we have the following components that use Java: Elasticsearch – no remote code execution issue. Rules Engine 3: Tomcat/Activiti – using an older log4j that is not affected Vidispine and its components like Solr – no remote code execution issue. We will still release upgrades for all Portal versions under maintenance with an upgraded Elasticsearch, and potential automatic configuration changes to other components. Vidispine’s analysis here

If you want an immediate fix you can apply configuration changes to Elasticsearch here– and Vidispine+Solr (see Vidispine support message above).

Dalet – Flex: Flex itself is not affected, however, two third-party services are. Flex Java services and apps use SLF4J with logback, not log4j2, read here -vulnerability-and-spring-boot not affected. Third-party services exposed to this vulnerability: Elasticsearch and Logstash. This documentation explains more about the log4shell vulnerability in the context of these two services. Entire Security Bulletin and Remediation Instructions here

File Catalyst – At this time, FileCatalyst products are not impacted by this vulnerability. For the latest guidance.

Iconik – We determined that we had internal components which were running the vulnerable version of log4j but with a configuration that most likely made them not vulnerable (a recent enough Java with default settings which made it not execute any malicious code). We did however proceed to patch the vulnerable software to be doubly sure. We have also investigated our logs and have not seen any indications that there have been any exploits though we do see active attempts at exploitation from various sources.

IPVPlease rest assured that the use of Solr (read more here) in Curator is not exposed publicly on Curator systems. However, we do understand that the vulnerability is concerning so we’re recommending a patch to further mitigate any risk. For more info
You will need to do the following: Edit the Solr command file found in [Curator Server InstallationPath]\Server\Solr\bin\solr.in.cmd by adding the following line: set SOLR_OPTS=%SOLR_OPTS% -Dlog4j2.formatMsgNoLookups=true
Following this, restart Curator Server. To confirm the setting has been changed successfully, check the Solr Admin page on your Curator Server machine (located at: http://localhost:8983/solr/#/ ) to find the following under the JVM Args heading: “-Dlog4j2.formatMsgNoLookups=true”

Levels Beyond On December 10, 2021 A Log4j Security Vulnerability known as CVE-2021-44228 was brought to the attention of our TechOps and SecOps engineers. After a full investigation of REACH ENGINE code, packages, systems, environments, completed shortly after notification, it was determined that all versions of Log4j libraries currently leveraged are not impacted by the reported vulnerability. We at REACH ENGINE take security very seriously and continually monitor the health of our code libraries and rapidly respond to any information of risk for our customer or their business. For now, all REACH ENGINE code packages are without impact however we will continue to be vigilant and follow the issue appropriately.

North Shore AutomationNSA Software – In addition, NSA does not use Log4j in any of our software. NSA VM deployments – A previous and unaffected version was installed as part of the base CentOS install on some older NSA VMs. It is an older version (1.2.x) and is not impacted by this vulnerability. This vulnerability was introduced in v2.x. The old version can safely be removed from the VMs without impacting any of the software running on them with the following command: sudo yum remove log4j

Open-E In order to ensure the highest levels of security for our users, both Open-E JovianDSS and Open-E DSS V7 have been checked for any possible vulnerabilities related to the Log4Shell exploit. Despite the fact that our products’ core systems don’t contain the affected Log4j Java library, we’ve conducted multiple tests to check if the 3rd party management tools (which are run in cases where the related hardware is installed on the server) have not been affected.

Prime Stream – PENDING

Quantum and CatDV – Read Bulletin here Quantum is aware of the recent Common Vulnerabilities and Exposures (CVE) database entry regarding the open-source Apache Log4j utility and is actively monitoring the issue and evaluating its impact on Quantum products.

Scale Logic – PENDING

Signiant – https://support.signiant.com/hc/en-us Please note that we have investigated the Apache Log4j security vulnerability (CVE-2021-44228) and confirmed that NONE of the Signiant products are exposed or impacted by this vulnerability.

Studio Network Solutions – At this time we have not discovered any versions of our products that are vulnerable to this exploit. Our Statement

Telestream – Telestream has determined that the following products are not affected: Vantage, ContentAgent, Aurora, Cerify, Vidchecker, CaptionMaker, MacCaption, GLIM, Switch, Wirecast, Wirecast Gear, ScreenFlow, WFM, PRISM, Signal Generators, MPEG Analyzers, DIVAView, MassStore, iVMS, iVMS ASM, InspectorLive, Cricket, Geminus, IQ Media Monitor, Surveyor TS, SurveyorABR Active, PLM, cVOC, cPAR, Sentry, Sentry Verify, Medius, Consul and our Telestream Cloud Services . For products DIVACore, DIVAConnect, Kumulate, SurveyorABR Passive and Inspect 2110, contact  for more information.

If you have any questions, please open a case at chesa.force.com or call the support line at 410-705-6286.

Respectfully,

Marina Tucker – Director of Support Services and Customer Success

 

 

   

 

 

 

 

 

 

 

Categories
Adobe Blog Digital Asset Management MAM Technology

How and Why CHESA Became an Adobe Video Solution Partner

The primary purpose of a solution architect’s work is to help clients use technology to their advantage. Given the prevalence of Premiere Pro and After Effects in our industry, I was already very familiar with Adobe’s video editing software applications and regularly sought to stay informed regarding changes and advancements in their products. CHESA has been working closely with Adobe for years, and when the opportunity arose to learn more and help CHESA become certified as an Adobe Video Solution Partner (AVSP), I jumped at the chance.

The training Adobe put together to become an AVSP was explicitly designed for systems integrators who regularly help clients smoothly transition their creative content through the many software applications and platforms they use to do good work. A few quick examples include best practices for transitioning sequences between Premiere Pro and Black Magic Design’s Davinci Resolve. Or, transitioning audio tracks between Premiere Pro and Avid’s Pro Tools.

We also explored the best ways to fuse tools like Media Asset Management (MAM) and Digital Asset Management (DAM) systems with Adobe’s software to help companies organize and share their work. Always with the goal of keeping their creative teams focused on what they do best. Adobe’s mission in providing this training was to share the best of what they have learned working with their customers. This then allows Adobe Video Solution Partners to help more end users/creatives/editors/VFX artists, etc., to fully leverage their software’s capabilities. 

Adobe started us off with baseline training. I went through modules covering a wide range of Adobe’s best practices, including setting up project templates and custom workspaces in Premiere Pro, everyday working practices and common keyboard shortcuts, hardware performance guidelines, balancing sound in projects, and standard delivery methodologies, etc. Each class essentially made sure we understood the basics of the editorial process using Adobe’s software. 

When we progressed to the more complicated modules, which covered more advanced topics, such as proxy workflows, Adobe Team Projects, or Premiere Pro Productions, that baseline curriculum served as a solid foundation to build upon. Also, Adobe made sure there were no shortcuts to certification, by the way. Tests with proofs were all built-in, so Adobe knew “yes, they did the work”. And, because I’m a nerd, I created an Adobe knowledge base for our engineers at CHESA to utilize, organizing all of our notes from the certification training. Ultimately it is now a knowledge repository that will continue to grow, where our engineers can find information to support our customers readily.

As a solutions architect, part of my motivation to dive into the training, and a key part of Adobe’s plan, is to provide customers with more access to expert resources regarding the best ways to use and integrate their tools with other platforms. Now customers can work with certified Adobe Video Solution Partners who can provide a conduit for communication with Adobe’s experts and engineers to solve problems and create even better tools. Certified partners were a missing link between the brilliant teams at Adobe and the incredible creatives in our industry. But, not any longer. Now, teams like CHESA can act as a force multiplier for Adobe and continue to hone our workflow therapy skills. 

I think the industry as a whole is going to benefit markedly from this program as it leads to greater collaboration and innovation. Creatives, media IT, and engineers now have a partner to provide constant feedback directly to Adobe’s teams on what creatives want and need and help refine and fast-track better user experiences.

Adobe’s investment in our industry, via AVSPs like CHESA, shows the level of commitment on their part. It illustrates their awareness of their shortcomings and their desire to share their valuable experience and knowledge to bridge the gaps between them and their customers. They’ve done the work to find systems integrators they can entrust their customers’ workflows to, and have prepared these new partners to dig even deeper into the hard questions that inevitably will help the platforms become better. Adobe knows that sending a client to a consultant/system integrator without knowing how strong their knowledge of Adobe’s ecosystem is, is not helpful to the industry or the success of their platforms. This process has ensured Adobe can have confidence that their valued community is in good hands with partners who can help them get the most out of their software and put unique workflows together to refine and empower their work.

More on the Adobe Video Solution Partner Program:
How can CHESA help me with my Adobe workflow?
The Workflow Show podcast with Adobe regarding the program
CHESA’s Press Release
Adobe’s blog on the Adobe Video Solution Program

 

 

 

Categories
Coffee Talk with Women of CHESA Women in Media IT Women of CHESA

The Path of One Woman in Media IT, an Interview with Jessica Mantheiy

The CHESA of today exists because of our team of incredible individuals. I cannot think of anyone from the team who has contributed to more facets of the business than Jessica Mantheiy. This is the result of a CHESA core value she exemplifies: lifelong learning. Numerous women of CHESA have stated she is their mentor. She was kind enough to carve out some time to talk with me about her career and who has mentored her.

Q: How long have you been at CHESA and what was your initial role?

In August 2012, I started at CHESA as an assistant to the Director of Professional Services (Jason Paquin at the time) and started doing service coordination. I was the first Service Coordinator for the engineers.

Q: Can you tell me from there how you arrived at your current position?

When I started, CHESA was a much smaller organization. I started doing management of incoming service requests and installs. I did that for about a year. Sales started to need more day-to-day help and I was asked to support that too. I helped get pricing from vendors and putting quotes together. This was all in tandem with my service coordination work.

In 2014, I was approached to either do sales support or service engineering full time — I chose sales. Jason Paquin offered me the position of Sales Operations Manager, a brand new role for the organization. I stayed in that role for 6 years. I handled sales quoting and worked with Solutions Architects closely and evolved into an unofficial junior solutions architect. In that role, I took the lead to develop fresh processes for sales operations and quoting to help streamline the day-to-day work. That included adding checks and balances for best accuracy that then would flow into procurement properly. 

My role continued to grow as CHESA evolved but it was just me for a long time. In January 2019, we were able to hire Sierra O’Connor as an intern. We soon realized we wanted her to stay on full-time and she did. I couldn’t be happier with Sierra — she is an amazing asset to the CHESA team.

In March 2020, I was offered to move over to the Operations and Finance team as Senior Operations Manager. I currently manage the procurement, purchasing, contracts, shipping & receiving processes, assist with finance day-to-day needs, and manage the CRM (Customer Relationship Management software) for our entire company. Concerning our CRM, I had gotten my admin certification for our CRM in 2019 and had already become the primary admin for the Sales department. With our CRM, I implement workflows and automation, having an understanding of our current business needs and processes. I also run point on any support the internal teams need with our CRM. 

Q: What has made working at CHESA a place you have not only stayed at but grown?

When I took the position at CHESA, originally, I had been the video editor, production manager, project manager, and in-house IT at a different company. I was recommended by someone who had previously worked at CHESA but had worked together at the same company before CHESA, to apply for an open position. What has made me stay? Although I have a video editing background and was an end-user, I always found IT fascinating. My dad was a satellite engineer and I was exposed early to that. To me, the complexities behind Media IT are captivating. It’s a very different way of looking at video vs being an end-user. Watching the landscape in video change over the past decade, I’m not sure I would have gotten such a front-row view of the revolution at this deep level. Being keenly engaged mentally has kept me here. 

Another factor is that over time, the company has allowed me to grow not only my career but as a person by attaining new skills I find I enjoy, and have an actual knack for. For instance, overseeing contracts: I didn’t realize I have a real skill for this. CHESA has allowed things to fail and see what works and what doesn’t so I have been allowed to try new things. Many work and some do not but without having the opportunity to fail, I would not have enjoyed the satisfaction of successes. I’ve also been exposed to what different positions have to offer and grow my interests as a result. 

CHESA’s culture is preferable to me for all these reasons over more of a corporate structure at a very large company. I can’t fathom being at a place where my voice is not heard. I get to work with a great bunch of people. I’ve made great friends. The people are a big factor for me. 

Q: Who are your mentors? 

My parents. They never said I couldn’t do something. As a woman going into video and tech, my dad, growing into a VP at a tech company, has been a great sounding board.

Also, my aunt. She is a very strong independent woman who doesn’t suffer fools as a mentor. She is the “cool” aunt who has been unstoppable in her career. I can tell her what I’m working on or want to work on and she’s always all ears and engaged. 

Working alongside Jason Paquin, our CEO, as we have both grown into our roles, seeing his successes, has given me the ability to be inspired and mentored.

Q: I’ve heard 3 separate women say you are a mentor here at CHESA. Why do you think people feel you are a mentor? 

Maybe for being very hands-on? I think in my personal career growth, I’ve had to see my errors, enabling me to understand where others are coming from better. I try to apply those experiences in my approach. This helps me advise others on being diplomatic, while also standing up for themselves. I’ve supported others on ways to prepare and also to be heard.

Q: You are a cinema history buff on a deeper level than most. What drew you to this and what do you enjoy about this unique part of history? 

I like learning about the history of cinema from the introduction in the late 1800s into the 1940s and the technical capabilities as well as the cultural impact. Also the idea of hundreds of production companies churning out anything to make a profit and how that has evolved to today. A lot of bad movies were bundled into contracts as part of the movie theater package for many decades. The technological evolution as well as having to be creative in the workarounds regarding lighting, for instance, during that time period is fascinating. In a dream job, I would love to be a film archivist.

Q: What are you currently reading?

Not for the faint of heart, but I’m reading The Butchering Art: Joseph Lister’s Quest to Transform the Grisly World of Victorian Medicine by Lindsey Fitzharris. Victorian surgery was quite, literally, theater. Brutal, dirty, no anesthesia, and the risks were, of course, great. People could come and watch your surgery at a theater in London. Joseph Lister came on this scene and presented antiseptic into medicine, as one example. It is gruesome but also a very interesting read on how the practice of medicine changed significantly in this era. 

 

About the Author: Jessica Mantheiy is Senior Operations Manager at CHESA.

Coffee Talk with the Women of CHESA: This Women of CHESA blog series is where we discuss mentorship, what inspires us, our professional journeys, and the challenges we face. Follow us for more stories on Instagram and Twitter @womenofchesa

Have a suggestion for a blog topic? Contact us at womenofchesa@chesa.com

 

Categories
Coffee Talk with Women of CHESA Women of CHESA work from home

How to Stay Motivated and Maintain Work/Life Balance: A Brunch Chat with the Women of CHESA

Here we all are, a few months into the second year of pandemic life. I’m sure many people, myself included, are struggling with how they intend to balance both work and life this summer while continuing to stay motivated. Restrictions are loosening, and again tightening in some areas, vaccination numbers continue to increase, people are beginning to feel more comfortable taking part in things, but also there are areas where we are seeing a scaling back again to less comfort. I sat down with a few of the Women of CHESA members in a casual virtual brunch to get their take on this new way of life, the struggles they’ve faced and their techniques for overcoming them.

Brunchers: 

  • Sarah Shechner – Territory Sales Manager – West & Central 
  • Marina Blandino – Director of Support Services and Customer Success
  • Sierra O’ConnorTerritory Sales Manager- East
  • Leslie Perzan – Federal Inside Sales

 

Q.) How have you had to change your mindset after 15 months of pandemic life?

A.) Sarah Shechner:

  • I haven’t really experienced the being free part yet because I just got my second vaccine. I think the biggest thing during the pandemic that changed was not being able to see the team and not being able to see clients, especially when I was transitioning them to new account managers. I mean I completely switched roles right as the pandemic was ramping up. I remember I was supposed to go out to Baltimore for training, but things were starting to lock down and I didn’t want to get stuck in Baltimore so I asked if we could do it remotely and we did so my role completely changed during the pandemic from direct account management to territory sales manager operations. 

 

Q.) How do you plan to balance work/life during the summer months?

A.) Sierra O’Connor

  • I think it’s important to have time that you unplug and completely check out, which I feel is still very hard for all of us to do. I know every time I go to bed I”m checking emails, as soon as I wake up, checking emails. Actually taking the time to unplug and even if that means at 5.15 every day I’m not going to respond to anything. I feel like I’m going to try this summer to take evenings as evenings and not as “extended on call” hours.

 

Q.) How do you self motivate when the feeling just isn’t there?

A.) Leslie Perzan

  • I prioritize what needs to be done immediately and go from there. When my list piles up, it makes me want to do things less. If I am able to make myself see a “doable” list I tend to be more motivated and then I’m able to get a groove back.

 

Q.) How do you overcome the mental fatigue often felt from prolonged working hours?

A.) Marina Blandino

  • It’s been literally the hardest thing to do because it’s not normally my personality but for my health, for setting boundaries, it’s something that you have to learn over time. For me personally, I have needs outside of work and if I put those last I’m not performing at the level I can be. If all I do is work and I have nothing else, then what am I really working for? For me, in particular it was important to set a balance and to know it’s ok if I do disconnect and that if I do the world isn’t going to be on fire. My team is aware that if it’s truly an emergency, call me, I’m not going to sit on Slack or check my email. If you really need me, if something is urgent, call me. I think it’s hard especially for women, because we’re trying to prove ourselves ten times over.

 

Q.) Would you say you work more hours now than pre-pandemic?

A.) Sierra O’Connor

  • Yes but I will say I feel like I do take more breaks during the day. I’ll go for a walk or I’ll do a quick workout in the middle of the day, whereas if I’m in the Office a lunch break it’s non-existent.

 

Q.) What are you most looking forward to doing once we have free reign of the world again?

A.) 

  • Sarah
    • Travel, definitely travel. I want to go to Alaska. I want to go to Asia. I want to go back to Italy and back to Spain
  • Sierra 
    • I’m excited for weddings. I think I have five weddings this year that are postponed and my sister is getting married. Being in group scenarios where you don’t have to worry about hugging your grandma. 
  • Marina 
    • I’m excited to see my family. I’m super close with my grandmother and I haven’t seen her in almost two years now. When I was in Maryland I saw them every three months or less. I’m to the point where I am ready to see them and my mom and my dad. This being my mom’s first grandchild, I am super stoked. 
  • Leslie
    • Traveling is definitely something I miss. I’ve gotten to do a little more recently but part of the IT industry and part of this job that I love is being able to travel and network. Being able to meet vendors, customers, etc. in person or a new destination is a human and sales interaction that you really don’t get virtually.

About the Author: Ashley Williams is a Project Manager at CHESA and co-founder of Women of CHESA.

Coffee Talk with the Women of CHESA: This Women of CHESA blog series is where we discuss mentorship, what inspires us, our professional journeys, and the challenges we face. 

Have a suggestion for a blog topic? Contact us at womenofchesa@chesa.com

Categories
Coffee Talk with Women of CHESA Women of CHESA

The Path to CHESA and My Mentors: An Interview with Sierra O’Connor

About Sierra O’Connor: Sierra is a 24-year-old, Baltimore native that found herself in the IT industry right out of college. Sierra joined the CHESA sales team in 2019 and is based in Baltimore. She is responsible for developing and maintaining seamless communication between the internal team, the outside vendors, and CHESA clients as our Territory Sales Manager – East

Q: Where did you go to college?

A: Long Island University Brooklyn

Q: What was your major?

A: Business Management

Q: First job out of college?

A: I worked at a software company, Paragon Consulting Services, which specializes in software and programming for steel companies. Fresh out of college this was a great opportunity to gain experience in both sales and marketing. I worked day to day with the Sales Director and had sole ownership and responsibility for the company’s marketing and social media presence. This was a great jumping-off point and provided me with a lot of the skills I still use today.

Q: How did you find CHESA?

A: I began at CHESA as an intern right after graduation, very new to this industry and not knowing anything about M&E. I shadowed Jessica Mantheiy, now Senior Operations Manager, for my first 3 months. At the time was the Sales Operations Manager and she taught me the ins and outs of CHESA. This industry and CHESA as a whole opened my eyes to a new world and a vast opportunity for growth.

Q: Did your career hit a turning point that brought you where you are now?

A: The more I learned about CHESA the more I realized this is where I wanted to be. The choice to join CHESA jump-started my career. I’ve grown so much since joining this team only two years ago, and have plans to grow much more alongside my peers.

Q: Who do you look to as a mentor?

A: Jessica Mantheiy is the one who taught me everything I know. She is a huge inspiration as a respected and established woman within CHESA and the industry. I admire the wealth of knowledge that Jessica has gathered in her years and her tremendous work ethic. My mother, Shawne O’Connor, is another huge inspiration to me in the world of business. She also started in a niche industry with little background knowledge and built up her resume to become a top director in her company.

Q: What would you like to see change/ improve in this industry?

A: I’d love to see more women take over this industry. Media and Entertainment technology is an industry constantly evolving and growing. I hope the next evolution of M&E includes diversity- diversity in age, gender, and ethnicity.

Coffee Talk with the Women of CHESA: This Women of CHESA blog series is where we discuss mentorship, what inspires us, our professional journeys, and the challenges we face. 

Have a suggestion for a blog topic? Contact us at womenofchesa@chesa.com