Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] The Most Clever 'Zip Bomb' Ever Made Explodes a 46MB File to 4.5 Petabytes (vice.com)
39 points by kiyanwang 6 days ago | hide | past | web | favorite | 5 comments





Are there documented examples of these things out in the wild, in viruses etc? Just wondering what the actual threat profile is.

I used to work on commercially available proxies for scanning email and web traffic. A large amount of time was spent unpacking compressed content so that someone couldn't smuggle in naughty pictures by hiding them in a zip file, for example.

Zip bombs were designed to DOS companies using such products by wasting disk space (or just CPU time) while they were unpacking and scanning the contents.

The mitigation is easy though. We kept track of the compression ratio as we were unpacking the archives and tossed out anything where it got too large. No legitimate content compresses 1000:1.


> Zip bombs were designed to DOS companies...

Maybe today - but back in the day, Zip bombs were done as pranks on users of BBSs; upload one named something intriguing, and the hapless user would download it and unzip it to their tiny (then) hard drive, and a file that was supposed to 4 MB blows up into several hundred MB to gigs, filling their drive if they weren't paying attention.

> The mitigation is easy though. We kept track of the compression ratio as we were unpacking the archives and tossed out anything where it got too large. No legitimate content compresses 1000:1

Interesting and neat solution!


Taking out mail servers or other inflight systems that unzip and scan on the fly. Most services have some kind of protection against that kind of attack these days but new version of the exploit could cause problems.

Ouch.

Though this begs the question: Would you rather: 4.5 Petabytes or 9 Petanibbles?




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: