IT SECURITY WARNING!

KEEP SYSTEM OS AND BINARIES UP TO DATE!

that is why: https://www.youtube.com/watch?v=tfo3s-mwZm4

zip folder password protected:

# WARNING! WILL ENCRYPT THE DATA-CONTENT, BUT NOT THE FILENAMES!
# will interactively ask for password
zip -re password.protected.zip folder-to-zip 

https://www.rarlab.com/download.htm

rar folder password protected:

Extracting a 19 Year Old Code Execution from WinRAR

To create a password protected rar archive archive.rar with password set to password, use:

# tested with Debian 3.16.36-1+deb8u1 (2016-09-03) i686 GNU/Linux
rar a -ppassword archive.rar folder_to_be_rared/

Creating archive test.rar

Adding test.txt OK
Done

creditz: https://www.feralhosting.com/faq/view?question=36

also self extracting archives are dangerous!

ZipSlip:

https://snyk.io/research/zip-slip-vulnerability

he vulnerability has been found in multiple ecosystems, including JavaScript, Ruby, .NET and Go, but is especially prevalent in Java, where there is no central library offering high level processing of archive (e.g. zip) files. The lack of such a library led to vulnerable code snippets being hand crafted and shared among developer communities such as StackOverflow .

Links & RSS:

CheckPointSecurity rss feed https://research.checkpoint.com/rss

https://www.golem.de/news/praeparierte-archive-uralte-sicherheitsluecke-in-winrar-wird-aktiv-ausgenutzt-1902-139711.html

(how to subscribe to rss feed via thunderbird)

https://www.youtube.com/user/CPGlobal/videos

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin