![]() So end user will not see the difference - whether the program does not ask for a password, because it already knows it (original file) or because the file being extracted doesn't need a password (file modified by me). If a victim unpacks a password-protected archive, extracting program will ask for the password only once, not every time per each file. Replaced file will remain unencrypted, not password-protected inside the ![]() I can hijack (intercept) someone else's file (password-protected ZIP file) and I can replace one of the files it contains, with my one (fake, virus) without knowing the password. This is completely insecure in terms of social engineering / influence etc. ![]() If I can list contents of a password-protected ZIP file, check the file types of each stored file and even replace it with another one, without actually knowing the password, then should ZIP files be still treated as secure?
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |