Talk:Zip bomb

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles ??? This article has not yet received a rating on the project's importance scale. Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

These two articles seem to be describing the same thing. This article is older, and the talk page of the other article suggests that the "zip bomb" usage is older. It would therefore probably make sense for the articles to be unified under the Zip bomb name. —phh (^t/_c) 00:00, 2 August 2007 (UTC)[reply]

Don't think there will be any objections to that, it does make sense to merge them to zip bomb and create a redirect at Zip of death page. --Gimlei ^{(talk to me)} 10:33, 29 August 2007 (UTC)[reply]

I decided to be bold, and performed the merge. Yay. --Gimlei ^{(talk to me)} 10:52, 29 August 2007 (UTC)[reply]

The current text relating to 42.zip is inaccurate. 42.zip describes *several thousand copies of* a 4 gigabyte file, by way of nested zip files, each of which contains a copy of said 4 gig file. Were 42.zip fully decompressed, it would consume over 4 petabytes of disk space. —Preceding unsigned comment added by 64.81.57.203 (talk) 00:24, 3 November 2007 (UTC)[reply]

I Disagree with the articles fist line that a zip of death is a DOS attack. The current Wiki for DOS also does not seem to reference anything like the Zip of death.

Zip of Death does one of two operations. It either cripples the antiviral software, similar to most worms. Or Destroys the entire system. If the system no longer turns on, or The antiviral software stop doing its job, these could be seen as a DOS, but under that Brod of a definition, every attack conceivably be as a DOS attack, rendering DOS attack meaningless term.

To put it another way, the 911 attacks are not DOS attack to the use of the elevators of the twin towers, it was just utter devastation.

DOS attack is meant to Deny, not Destroy (system corruption), or to Allow (New vunlabilties do to lack of antiviral) Larek (talk) 14:40, 6 June 2008 (UTC)[reply]

I agree with you and changed the text. Leotohill (talk) 01:24, 27 December 2008 (UTC)[reply]

The Oracle Java security team list a zip bomb as a DOS attack. Filling the disk space of a computer does not destroy it it makes it hard to boot or run until and admin comes along and cleans it up.

www.oracle.com/webfolder/technetwork/tutorials/obe/java/SecureJavaCodingGuidelines/player.html — Preceding unsigned comment added by Biofuel (talk • contribs) 04:46, 21 June 2013 (UTC)[reply]

An explanation about the "carefully crafted" description would be interesting. What kind of files are compressed, why the use of multiple levels, etc. --LKRaider (talk) 23:41, 21 July 2009 (UTC)[reply]

I think someone should revert that the text about the historcally meaningfull 42.zip was changed to a text about 45.1.zip. It is always possible, to increase the resulting size, but those files are nearly the same as 42.zip, but have less beckground. (Sorry for my broken english.) -- 78.55.26.106 (talk) 23:46, 11 October 2009 (UTC)[reply]

Totally agree with you. --HamburgerRadio (talk) 00:34, 12 October 2009 (UTC)[reply]

A variation of this used to trash browsers and web spiders. The concept was to force gzip http, then send a gzipped file of a few gigs of zeros, which would hang the browser or spider. At the university I worked at we had one to fight a particularly pernicious spam spider on an academic wiki. Hidden display:none to the gzip bomb, and when the spider attacked again it would get swiftly felled by the gzip bomb. Example is here: http://www.aerasec.de/security/advisories/html-bomb/ (Warning dangerous links!!!) 202.89.176.227 (talk) 07:29, 26 May 2016 (UTC)[reply]

If they bail out on decompressing at a certain level of recursion, what prevents a virus from hiding in the N+1th level of recursion?

So if it's possible to zip bomb at, say, 4 recursions, the antivirus software decides to be safe and only decompress for 3. The real unzip software will go for all 4, so why not put your virus in a .zip that requires 4 recursions? — Preceding unsigned comment added by PvtKing (talk • contribs) 13:17, 5 October 2012 (UTC)[reply]

"Zip bomb (not to be confused with tarbomb)"
Tarbomb redirects to tar (computing).
tar (computing) has a section Tarbomb#Tarbomb, with "Tarbomb redirects here. Not to be confused with decompression bomb"
Decompression bomb redirects to Zip bomb.

I salute the comedic tastes of whomever set this up. --BlueNovember ^{(talk • contribs)} 16:52, 11 October 2017 (UTC)[reply]