Talk:Zip bomb

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 
WikiProject Computer Security / Computing  (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

Merge with Zip of death[edit]

These two articles seem to be describing the same thing. This article is older, and the talk page of the other article suggests that the "zip bomb" usage is older. It would therefore probably make sense for the articles to be unified under the Zip bomb name. —phh (t/c) 00:00, 2 August 2007 (UTC)

Don't think there will be any objections to that, it does make sense to merge them to zip bomb and create a redirect at Zip of death page. --Gimlei (talk to me) 10:33, 29 August 2007 (UTC)
I decided to be bold, and performed the merge. Yay. --Gimlei (talk to me) 10:52, 29 August 2007 (UTC)


42.zip[edit]

The current text relating to 42.zip is inaccurate. 42.zip describes *several thousand copies of* a 4 gigabyte file, by way of nested zip files, each of which contains a copy of said 4 gig file. Were 42.zip fully decompressed, it would consume over 4 petabytes of disk space. —Preceding unsigned comment added by 64.81.57.203 (talk) 00:24, 3 November 2007 (UTC)

DOS??[edit]

I Disagree with the articles fist line that a zip of death is a DOS attack. The current Wiki for DOS also does not seem to reference anything like the Zip of death.

Zip of Death does one of two operations. It either cripples the antiviral software, similar to most worms. Or Destroys the entire system. If the system no longer turns on, or The antiviral software stop doing its job, these could be seen as a DOS, but under that Brod of a definition, every attack conceivably be as a DOS attack, rendering DOS attack meaningless term.

To put it another way, the 911 attacks are not DOS attack to the use of the elevators of the twin towers, it was just utter devastation.

DOS attack is meant to Deny, not Destroy (system corruption), or to Allow (New vunlabilties do to lack of antiviral) Larek (talk) 14:40, 6 June 2008 (UTC)

I agree with you and changed the text. Leotohill (talk) 01:24, 27 December 2008 (UTC)

The Oracle Java security team list a zip bomb as a DOS attack. Filling the disk space of a computer does not destroy it it makes it hard to boot or run until and admin comes along and cleans it up.

www.oracle.com/webfolder/technetwork/tutorials/obe/java/SecureJavaCodingGuidelines/player.html — Preceding unsigned comment added by Biofuel (talkcontribs) 04:46, 21 June 2013 (UTC)

Carefully crafted[edit]

An explanation about the "carefully crafted" description would be interesting. What kind of files are compressed, why the use of multiple levels, etc. --LKRaider (talk) 23:41, 21 July 2009 (UTC)

revert replace of 42.zip with 45.1.zip[edit]

I think someone should revert that the text about the historcally meaningfull 42.zip was changed to a text about 45.1.zip. It is always possible, to increase the resulting size, but those files are nearly the same as 42.zip, but have less beckground. (Sorry for my broken english.) -- 78.55.26.106 (talk) 23:46, 11 October 2009 (UTC)

Totally agree with you. --HamburgerRadio (talk) 00:34, 12 October 2009 (UTC)

Gzip bomb and Browsers[edit]

A variation of this used to trash browsers and web spiders. The concept was to force gzip http, then send a gzipped file of a few gigs of zeros, which would hang the browser or spider. At the university I worked at we had one to fight a particularly pernicious spam spider on an academic wiki. Hidden display:none to the gzip bomb, and when the spider attacked again it would get swiftly felled by the gzip bomb. Example is here: http://www.aerasec.de/security/advisories/html-bomb/ (Warning dangerous links!!!) 202.89.176.227 (talk) 07:29, 26 May 2016 (UTC)

Next logical question…[edit]

If they bail out on decompressing at a certain level of recursion, what prevents a virus from hiding in the N+1th level of recursion?

So if it's possible to zip bomb at, say, 4 recursions, the antivirus software decides to be safe and only decompress for 3. The real unzip software will go for all 4, so why not put your virus in a .zip that requires 4 recursions? — Preceding unsigned comment added by PvtKing (talkcontribs) 13:17, 5 October 2012 (UTC)