Packing files into archives like zips, tars, jars, wars, cpios, apks, rars and 7zs is a common way to keep important files and filesystem structures together when sharing them; it's also a source of potentially dangerous malware attacks.
In a new paper the security research organization Snyk details an attack they call Zip Slip, which exploits a bug in thousands of archiving and de-archiving utilities, including ones from HP, Amazon, Apache and Pivotal.
Zip Slip is a "directory traversal" attack, which exploits lax checking during unpacking, allowing the attacker to craft an archive that drops files in arbitrary directories anywhere on your hard drive, even overwriting key components.
Zip Slip Vulnerability [Snyk]
At this week's B-Sides Manchester security conference, James Williams gave a talk called "Next-gen AV vs my shitty code," in which he systematically revealed the dramatic shortcomings of anti-virus products that people pay good money for and trust to keep them safe -- making a strong case that these companies were selling defective goods.
When you die, your relatives will be sad and (depending on the circumstances of your death) possibly left scrambling to make arrangements for your remains, effects, and estate.
James Coutts writes, "Indiana University Victorian Studies PhD candidate Mary Borgo Ton assembled an international group of artists/makers, a media archaeologist, laser cutters and 3D printers to create magic lantern slides that have not been made in 100 years for a show running in the Edinburgh Festival Fringe called Erewhon: "An antique magic lantern projector, […]
Whether you’re set to give the toast at your best friend’s wedding or a presentation at work, you’ll be relying on those public speaking lessons you slept through during high school. Scary thought, right? Thankfully, the Public Speaking Bundle is loaded with hacks, tips, and techniques that will get you speaking more naturally and with confidence, […]
The Adobe Creative Cloud suite is the foundation on which many creatives build their careers, but some of its programs, like Photoshop and InDesign, are notoriously complex, making it difficult for aspiring designers, photographers, and the like to break into their field. But, don’t get discouraged. The Pay What You Want: Adobe CC A-Z Lifetime Bundle […]
From self-driving cars to Siri, we’ve already gotten a taste of what AI can do, and now this groundbreaking technology is making its way to education and revolutionizing the way we learn new languages. Mondly uses state-of-the-art speech recognition to help you speak foreign languages like a true local. Lifetime subscriptions are on sale for […]