Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It have to be the way it is.

Scanning them are resources intensive. The choice are (1) skip scanning them; (2) treat them as malware; (3) scan them and be DoS'ed.

(deferring the decision to human iss effectively DoS'ing your IT support team)



Option #4, detect the zip bomb in its compressed form, and skip over that section of the file. Just like the malware ignores the zip bomb.


Just the fact that it contains a zip bomb makes it malware by itself.


It does not have to be the way it is. Security vendors could do a much better job testing and red teaming their products to avoid bypasses, and have more sensible defaults.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: