Packing files into archives like zips, tars, jars, wars, cpios, apks, rars and 7zs is a common way to keep important files and filesystem structures together when sharing them; it's also a source of potentially dangerous malware attacks.
In a new paper the security research organization Snyk details an attack they call Zip Slip, which exploits a bug in thousands of archiving and de-archiving utilities, including ones from HP, Amazon, Apache and Pivotal.
Zip Slip is a "directory traversal" attack, which exploits lax checking during unpacking, allowing the attacker to craft an archive that drops files in arbitrary directories anywhere on your hard drive, even overwriting key components.
Zip Slip Vulnerability [Snyk]
After Brexit, Tory leaders are hoping to strike a bilateral trade agreement with the USA that will begin the dismantling of the NHS, starting with a ban on price-controls for pharma and open doors for America's wasteful, cruel, useless health-care insurance mega-corporations. In this video, national treasure Stephen Fry explains how the UK and US […]
This video from Bohemian Browser Ballett on Germany's public broadcaster Funk is absolutely genius: a comic dialogue between a literal uniformed Nazi officer outraged that someone had the temerity to call him a Nazi: "Just because someone doesn't share mainstream opinion it doesn't mean he's a Nazi. Maybe I'm a concerned citizen who is afraid […]
Billy Green writes, "This is video I shot at the Boing Boing Picnic in 2010. Music by Dr. Popular recorded live at the picnic." Such fantastic footage!
With enough practice and commitment, anyone can be a visual artist. But without the right instruction, that time spent honing your skills could seem like an eternity. If you really want to see where your talent can take you, you need sound fundamentals – and no matter what discipline or genre you lean toward, the […]
Theoretically, there’s never been an easier time for marketers. The ubiquity of social media means a good word – or a good brand – can spread like wildfire with very little effort. But as limitless as the internet is, there’s a lot of competition and noise to contend with. And the vast graveyard of failed […]
They might be the shiny new thing, but AirPods aren’t for everybody. Maybe you’re looking for a new sound or you understandably lost those tiny buds during a brisk run. If so, here’s 10 headphones and earbuds that break out of the Apple mode with a return to quality and wearability. Klipsch R5 Bluetooth Neckband […]