Welcome back! Ask questions, get answers, and join our large community of tax professionals.
cancel
Showing results for 
Search instead for 
Did you mean: 

Hey Intuit, NO MENTION of the LOG4J vulnerability which you guys use. What is the story??? This is SERIOUSLY BAD and VULNERABLE, and you have NO STATEMENT YET?

taxburner
Level 2
 

This discussion has been locked. No new contributions can be made. You may start a new discussion here

9 Comments 9
George4Tacks
Level 15

I think they demonstrated an answer this morning as everything seemed to turn to KAKA. 


Answers are easy. Questions are hard!
taxburner
Level 2

From what I've read they merely have to update log4j and/or change a parameter.  Perhaps they will notify us when that is fixed?  Or not.  Keeping us informed on their operations isn't exactly something they do, until too many people speak up.  And I'm sorry if I hurt anyone's feelings, but most tax preparers are in the dark on this one!  Hopefully they have IT people in their organization keeping track of these things!

IntuitBettyJo
Community Manager
Community Manager

Hi there, 

I took a look into this for you and was able to find an article on the steps Intuit is taking in regards to this. 

Addressing the potential impact of the Log4j vulnerability for the industry, and Intuit 

Hope that helps!

-Betty Jo 

taxburner
Level 2

Thanks Betty Jo.

Honestly, it doesn't really help much at all, except to let me know that Intuit now knows it's an issue.  

The Blog post you directed me to should be streaming into the Lacerte Notifications!

Intuit should have already evaluated what exposure we have and notified us.  Should we not use Lacerte while connected to the internet?  How vulnerable is our data?  Or wouldn't it just be easier for Intuit to update log4j and be done with it?  

On second thought Betty Jo, that helped more than I thought.  Intuit's actions over these many years have always indicated, while stating how much they care about their customers and their data, that their actions probe otherwise.  They only do what they have to for their bottom line, lie to their customers, and hide the truth.  "Fire your accountant.  You don't need them anymore" - QuickBooks    "Free, Free, Free"  - TurboTax

SusanBradley
Level 3

The tax planning program is the one that has log4.jar installed.

BrentB9193
Level 3

I have also been trying for weeks to get anything out of Intuit about Log4j but it appears as though they are not doing anything about it.  Tax Planner has 2.x but Lacerte Tax has 1.x.

I've called support numerous times and reached out to every account rep I have.  No one has provided anything other than the boilerplate response they gave back on 12/15 that states they "take security seriously."

Clearly they don't take security seriously as customers everywhere are running Lacerte and Tax Planner installations that are vulnerable and Intuit is doing nothing about it.

All other vendors we work with specifically addressed this weeks ago.

BrentB9193
Level 3

Betty Jo, where is Intuit on this issue?????

madams_spww
Level 1

Any updates on this?

BrentB9193
Level 3

Nothing but silence from Intuit.  If they weren't affected, you can be sure they would publicly state so.

Intuit customers should be asking their reps about this.

0 Cheers