I use Zip Bombs to Protect my Server \ stacker news ~security

pull down to refresh

I use Zip Bombs to Protect my Server idiallo.com/blog/zipbomb-protection

676 sats \ 10 comments \ @k00b 30 Apr security

That's a cute idea, and reminds me about the design of gossip in the lightning spec where some results would be delivered in zip format. We had thought about the decompression bomb (mandating a non-vulnerable library that you can provide a buffer limit to, rather than just firing and forgetting), but we later deprecated the compressed response since few implementations could provide such a secure variant without implementing it themselves, so few Impls ever supported it.

433 sats \ 1 reply \ @Wumbo 30 Apr

0 sats \ 0 replies \ @WeAreAllSatoshi 30 Apr

God I love this show

133 sats \ 0 replies \ @kepford 30 Apr

New term to me

A zip bomb is a relatively small compressed file that can expand into a very large file that can overwhelm a machine.

115 sats \ 1 reply \ @ek 30 Apr

Endlessh is another fun way to mess with bots

34 sats \ 0 replies \ @nichro 30 Apr

Love this kind of stuff.

Gonna trap up my VPS feeling like Kevin McCallister

50 sats \ 0 replies \ @SimpleStacker 30 Apr

I only came across this term recently because I was using pytesseract to do OCR on some PDF files, and I'd sometimes get warnings and even errors about decompression bombs. The only thing is, I didn't run into any actual bombs, some PDFs just had really huge images attached.