| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40461FD0.2090609@onryou.com> From: lists2 at onryou.com (Cael Abal) Subject: Backdoor not recognized by Kaspersky -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > McAfee now detects the password protected zip files. (There are other > things you can look for besides trying to decrypt the contents of the > zip filel Also, zip passwords are weak and easily broken anyway.) Zip files may be /relatively/ easy to brute force, sure, but there's no way I'm turning my mail gateway into a dedicated .zip cracking box. That's insane. As I mentioned, passworded .zip handling is an arms-race I hope anti-virus folks decide not to get embroiled in. It would be trivial to generate a file_id.diz (or readme.txt, or add zip comments, etc.) in order to skirt checksum / file size checks. It would be trivial to harvest plausible file names from a victim's computer to avoid filename matching checks. The only reasonable check would be what Bart suggests, but I'm not comfortable blocking all passworded .zip files containing an executable. Who knows, I might have to change my mind. Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFARh/QR2vQ2HfQHfsRAuC4AJ9wMBdKvdlk6/T5aTW0xuBI2a8gKACfZLXQ FNFpzDxA+rzoLdUQkxkaZsc= =pEyk -----END PGP SIGNATURE-----
Powered by blists - more mailing lists