1968/1973 15 May 89 07:09:22
From: Tom Hendricks
To: All
Subj: WARNING on PKZIP/UNZIP!!!!!!
Attr:
------------------------------------------------
This message was sent thru the SDS Coordinator's Echo, with a pretty stern
warning on the use of Zip.
The SDS has been asked by several of its members to BAN the use of Zipped
Files because of the ability to embed practically anything in its comments
field, which are shown anytime anything is done with the packet.
I debabted whether or not to relate this here, as the information is
particularly sensitive to SYSOP's and if this gets out to people - the full
scale assaults might begin.
Suffice it to say, it can be used in any setting, uploads or even net-mail.
-Tom-
_+_+_+_+_+_+_+_+_+_+_+_
What follows, is an article I received for MetroLink, the Net 107 newsletter.
Just thought it may be of interest to you all!
---------------------------------------------------------
| / | /
|< ELLER'S |< ORNER
| \ | \
By:
Pete Keller
Fido 1:107/322
Fido 1:107/522
SYSOP'S BEWARE!
FILES UPLOADED TO YOUR SYSTEM THAT HAVE BEEN COMPRESSED UTILIZING
PHIL KATZ'S PKZIP/PKUNZIP UTILITY COULD CRASH YOUR SYSTEM WHEN
UNZIPPED!
The following notice was recently retrieved while scanning
through the file areas on a California BBS and is onpassed for
your information and/or action:
----- Quote -----
TURBOCITY BBS
P O Box 512
Ripon CA 95366
(209) 599-7435
Member of International FidoNet
NetMail Address: 1:161/11
Gary & Pam Lagier: Sysops
Closed for Mail Activity every Day
4:30am to 5:15am
Home Of BeeLine
System News as of May 3 1989
ALERT! ALERT! ALERT!
As most of you know it is possible to reprogram your
keyboard (and other things) using ANSI Escape sequences. What may
not be so readily apparent, however, is that Phil Katz' ZIP
programs will allow the use of ANSI in the comments section. This
means that everytime you do anything to that ZIP file which
causes the comment to be displayed you run the risk of having
your keyboard redefined. I have received several such "innocent
looking" files in the last two weeks. One caused my F1 key to
display a wide DOS Directory, the other attempted to delete all
files on my hard drive! (It would have worked but I had turned
off the hard drive before testing that file - whew!)
TurboCity BBS is handling this newest nonsense in three ways:
1. We will not display any uploaded files until the nightly
clean-up routine strips all comments from ZIPped files.
2. We suggest strongly that you download a file from our
selection, called STRIPZ11.ZIP. (It has been checked by
me for any damaging comments). Then run every single
ZIPped file you have or get thru that program! This
should be the very first thing you do when you get a new
ZIPped file. If you follow this then you will not have
any trouble (with this particular nonsense, anyway).
3. TurboCity will post a series of files designed to educate
one on how to use ANSI Escape Sequences in various tasks.
-----------snip---------
Thats the jest of the article. Take care & beware! Don
--- msged 1.9972S ZTC
* Origin: BBS'ing since '81 - is it any wonder I'm crazy??? (1:261/662)