lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: vdongen at hetisw.nl (I.R. van Dongen)
Subject: Z***ING EMAILS !

http-equiv@...ite.com wrote:

>Saturday, March 06, 2004
>
>The seems to be a lot of excitement at the moment regarding .zip 
>files and emails. What if the actual .zip file is the email or 
>the email is the actual .zip file:
>
>MIME-Version: 1.0 
>Content-Type: application/x-zip-compressed                
>Content-Transfer-Encoding: binary
>X-Source: 06.03.04 http://www.malware.com
>
>PK...   .   ?.?S?.?.  D   .   malware.exe??[L.f.?_
Qk. 
>.?..?#?002
?????..?, ??U.lQ
>
>
>Working example:
>
>http://www.malware.com/eml.zip
>  
>

How would this work?
afaik no emailsoftware will unpack a zip archive by default.
Even then, It has to be passwordless zip, and the zip will be unpacked 
by the virusscanner too.

Gr,

Ivo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ