|
Re: SEEK: freeware to decrypt password-protected Winzip files
de Morten Skarstad 06/25/2006 12:42
Luc The Perverse skrev:
> My old work would recurse embedded zip files and find EXE files and delete
> them. Security through data destruction as the old adage goes - if you
> destroy all computers in the world there would be no viruses!
Personally, I swear to Fiskars range of computer security products. For
instance, check out this baby:
http://www.fiskars.com/digitalAssets/141422_422071.jpg
Unfortunately, wireless networks are getting more and more common,
forcing me to apply the above product on the power chord rather than the
network wire. Hey, anything to stay safe, right?
> We found that password encrypting the outside zip file, while leaving the
> inside zip file alone allowed the file to pass by (which made sense, they
> couldn't decrypt it)
This is also exploited by some mail-borne worms: They pack themselves in
some zip file which requires a password, and puts the password in the
body of the mail. The mail gateway does not understand the password, but
the recipient may have an IQ high enough to figure it out and yet low
enough to actually enter it and run whatever file is contained within
the zip. *sigh* If Darwin was anywhere near right, electronic worms and
viruses will be the dominant species on this planet in less than 20 years.
The best countermeasure is of course to block encrypted zip files.
Obviously your workplace did not, but I know for a fact that some do.