XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Sun Apr 23, 2017 11:24 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sat Mar 25, 2017 7:42 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
Ran a scan and Sophos reported possible 'zip bomb' detected in TonyMac MultiBeast-4.6.1.zip' as well as other similar Multibeast.zip files. That is a file that includes tools to create a hackintosh. It is used by many people around the globe. Zip bomb sounds very bad. Is this something to be concerned about?


Top
 Profile  
 
PostPosted: Sat Mar 25, 2017 8:06 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14361
If not a false positive, that certainly is bad...

https://en.wikipedia.org/wiki/Zip_bomb

http://www.theprohack.com/2009/03/creat ... death.html

3 Ways to View Zip & Archive Contents Without Extracting in Mac OS X...

http://osxdaily.com/2013/06/17/view-zip ... -mac-os-x/


Top
 Profile  
 
PostPosted: Wed Mar 29, 2017 2:59 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
I never did get any confirmation on just what this was. I deleted the zip file and the warning disappeared. Maybe a false positive? It seems likely that the sheer number of users of this software means this would have been detected by other users by now if it was truly an issue.


Top
 Profile  
 
PostPosted: Wed Mar 29, 2017 3:46 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9168
Location: Caught between the moon and NYC
Zip bombs are basically specifically crafted zips that will fill every bit of data on your HD with files in the zip since they're zips inside zips inside zips inside zips and the eventual files that get extracted are basically just a bunch of 1s or 0s so they compress really, really, really well.

I highly doubt the multibeast installer was a zip bomb. The only way that could be true is if you got it from a third party who maliciously replaced the installer with their zip bomb file. As a general rule I like to get my files directly from the source and, after download, verify the MD5 or SHA1 hash to increase the chance that the file I downloaded was actually the file they posted.


Top
 Profile  
 
PostPosted: Wed Mar 29, 2017 6:01 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
MonkeyBoy wrote:
Zip bombs are basically specifically crafted zips that will fill every bit of data on your HD with files in the zip since they're zips inside zips inside zips inside zips and the eventual files that get extracted are basically just a bunch of 1s or 0s so they compress really, really, really well.

I highly doubt the multibeast installer was a zip bomb. The only way that could be true is if you got it from a third party who maliciously replaced the installer with their zip bomb file. As a general rule I like to get my files directly from the source and, after download, verify the MD5 or SHA1 hash to increase the chance that the file I downloaded was actually the file they posted.

Great explanation MonkeyBoy and good advice too. I did download from TonyMacx86 site so I can only guess it was a false positive. Good practice to always check MD5 or some other check sum. I've added that to my personal practice,.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group