GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools

Trace: zipwarn
archive:programming:zipwarn

1968/1973 15 May 89 07:09:22 From: Tom Hendricks To: All Subj: WARNING on PKZIP/UNZIP!!!!!! Attr:

This message was sent thru the SDS Coordinator's Echo, with a pretty stern warning on the use of Zip.

The SDS has been asked by several of its members to BAN the use of Zipped Files because of the ability to embed practically anything in its comments field, which are shown anytime anything is done with the packet.

I debabted whether or not to relate this here, as the information is particularly sensitive to SYSOP's and if this gets out to people - the full scale assaults might begin.

Suffice it to say, it can be used in any setting, uploads or even net-mail.

-Tom-

_+_+_+_+_+_+_+_+_+_+_+_

What follows, is an article I received for MetroLink, the Net 107 newsletter. Just thought it may be of interest to you all!

/
< ELLER'S
\ 
      By:
  Pete Keller
Fido 1:107/322
Fido 1:107/522
                      SYSOP'S  BEWARE!

FILES UPLOADED TO YOUR SYSTEM THAT HAVE BEEN COMPRESSED UTILIZING PHIL KATZ'S PKZIP/PKUNZIP UTILITY COULD CRASH YOUR SYSTEM WHEN 

                          UNZIPPED!
 The  following  notice was recently retrieved  while  scanning

through the file areas on a California BBS and is onpassed for your information and/or action:

—– Quote —– 

                        TURBOCITY BBS
                         P O Box 512
                       Ripon CA  95366
                       (209) 599-7435
               Member of International FidoNet
                  NetMail Address: 1:161/11
                  Gary & Pam Lagier: Sysops
             Closed for Mail Activity every Day
                      4:30am to 5:15am
                       Home Of BeeLine
                System News as of May 3 1989
                ALERT!     ALERT!     ALERT! 
   As  most  of  you  know it is  possible  to  reprogram  your

keyboard (and other things) using ANSI Escape sequences. What may not be so readily apparent, however, is that Phil Katz' ZIP programs will allow the use of ANSI in the comments section. This means that everytime you do anything to that ZIP file which causes the comment to be displayed you run the risk of having your keyboard redefined. I have received several such "innocent looking" files in the last two weeks. One caused my F1 key to display a wide DOS Directory, the other attempted to delete all files on my hard drive! (It would have worked but I had turned off the hard drive before testing that file - whew!) 

TurboCity BBS is handling this newest nonsense in three ways:
   1. We will not display any uploaded files until the  nightly 
      clean-up routine strips all comments from ZIPped files.
   2. We  suggest strongly that  you download a file  from  our 
      selection,  called STRIPZ11.ZIP. (It has been checked  by 
      me  for  any damaging comments). Then  run  every  single 
      ZIPped  file  you  have or get thru  that  program!  This 
      should be the very first thing you do when you get a  new 
      ZIPped  file.  If you follow this then you will not  have 
      any trouble (with this particular nonsense, anyway).
   3. TurboCity will post a series of files designed to educate 
      one on how to use ANSI Escape Sequences in various tasks.

———–snip———

Thats the jest of the article. Take care & beware! Don

— msged 1.9972S ZTC * Origin: BBS'ing since '81 - is it any wonder I'm crazy??? (1:261/662)  H¢DRAWPLOT.PREPK %† ñÓ¯!{,  8¶EXTRUDE.PASPK ²"‡ -hkÜ€  ‚ÇFEM2SURF.BASPK Ão\Ôuh  ˆÏFILLSURF.PASPK I –úÔÊu;€  1ÖFUNC2SUR.BASPK a$& (í<wp

/home/gen.uk/domains/wiki.gen.uk/public_html/data/pages/archive/programming/zipwarn.txt · Last modified: 2001/11/08 10:27 by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki