Is this something we should worry about?

Discussion in 'other security issues & news' started by Pieter_Arntz, Nov 10, 2002.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Application programmers have all made the same mistake of ignoring how the ZIP format works, using libraries and components that accommodate filenames only up to the OS maximum length (512 bytes for Windows, for example) instead of the 64K limit in the ZIP specification.

    What's really alarming is the vulnerability to e-mail viruses. So far, every mail gateway virus scanner Rapid7 has tested lets a virus test file sneak right through if it's in a ZIP file with long filenames--the gateway scanners only catch the test files that are embedded in a "standard" ZIP file with short entry names.

    Full article: http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2894850,00.html

    Apart from common sense stepping in, when you receive a zipped attachment with a name that´s that long, I don´t think this will be a very frequently used way of sneaking viruses into your system.
    Your views?

    Regards,

    Pieter
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice story. That said: any top notch antivirus will jump right at it when trying to execute such a file.

    regards.

    paul
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    That´s right.
    What I´m worried about are the people that rely on their their ISP´s mail-scanner. They´re in for another disappointment.

    Regards,

    Pieter
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Personally, I do believe relying on such a service isn't the most reliable thing to do ;).

    regards.

    paul
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    No argument here. Nevertheless, many people with limited system resources do. They pay good money to have their mail checked for viruses and perform an occasional on-line scan when their computer acts suspicious.
    Unfortunate but true.

    Regards,

    Pieter
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Seems to me, buying a 128 MB SDRAM stick for say 25 US bucks is a far more cheaper solution.. :rolleyes:

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.