this post was submitted on 07 Apr 2025

28 points (100.0% liked)

Cybersecurity

9827 readers

229 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

WinRAR security flaw ignores Windows Mark of the Web security warnings (www.tomshardware.com)

submitted 1 year ago by Alphane_Moon@lemmy.world to c/cybersecurity@sh.itjust.works

15 comments fedilink hide all child comments

all 20 comments

sorted by: hot top controversial new old

[–] thisbenzingring@lemmy.sdf.org 16 points 1 year ago (2 children)

7z is far superior. It's does rar

STOP USING WINRAR PEOPLE

[–] Alphane_Moon@lemmy.world 4 points 1 year ago (1 children)

I like the interface of WinRAR more (just a matter of habit).

I even have a license for WinRAR that I bought 15 years ago.

[–] thisbenzingring@lemmy.sdf.org 3 points 1 year ago

good on you, for buying a copy.

[–] capuccino@lemmy.world 1 points 1 year ago (1 children)

People is stuck on winrar by nostalgia

[–] sik0fewl@lemmy.ca 1 points 1 year ago

I would miss having decide whether to buy it every time I open it.

[–] p03locke@lemmy.dbzer0.com 8 points 1 year ago (2 children)

What the hell is a "Mark of the Web"?

[–] Alphane_Moon@lemmy.world 4 points 1 year ago (1 children)

Notification/warning that an executable was downloaded from the internet.

[–] p03locke@lemmy.dbzer0.com -3 points 1 year ago (1 children)

Protip: All things are downloaded from the Internet.

[+] easily3667@lemmus.org 0 points 1 year ago* (last edited 11 months ago) (1 children)

[deleted]

[–] p03locke@lemmy.dbzer0.com 1 points 1 year ago* (last edited 1 year ago) (1 children)

It's not.

Go ahead and look through your filesystem. Just random parts of it. Count the number of things you downloaded off of the Internet. And yes, all of those files you extracted from an downloaded archive still count as downloaded from the internet.

If you're using Linux, the ISO you downloaded is from the Internet. All of the security patches and updates were downloaded from the Internet. Every single web site you visit was downloaded from the Internet. If you wanted to use a new program, you downloaded it from the Internet. If you created a new file, chances are good that you used some sort of cloud-based service and it was downloaded from the Internet.

There's a reason why Apple got rid of the CD-ROM drive. Because nobody was fucking using it and everything is installed off of the fucking internet! I was going to say that I haven't touched my CD-ROM drive in ages, but then I looked down and realized that I don't even have one installed on this PC.

Putting a "Mark of the Web" on a file is functionally useless. It's like putting a boolean on a file that says "this came from a computer".

[–] Branquinho@lemmy.eco.br 3 points 1 year ago (1 children)

It's something called ADS (Alternate Data Stream) which you can see as some kind of second hidden file content. Browsers create an ADS with name Zone.Identifier when downloading a file and attach it to the downloaded file. The content of the ADS is the information where the file was downloaded from, i.e. the Zone (3 for Internet) and usually the URL.

Programs and Windows usually use the existence of the Zone.Identifier to show you a warning that a file was downloaded and may pose a risk to your system when opening/exexuting it.

[–] p03locke@lemmy.dbzer0.com 1 points 1 year ago (1 children)

What the fuck is this arcane metadata bullshit?

I download a file on Linux, and it has data, a filename, and some permission metadata. That's it. It sounds like this metadata layer deserves all of the hacks that will come for it.

[–] Alphane_Moon@lemmy.world 4 points 1 year ago

I once got a really nasty cryptominer that shut down all attempt to remove it via a fully patched WinRar opening an archive with what seemed to mostly JPEGs (maybe some PDFs as well). Perhaps this vulnerablility the root enabler of the cryptominer.

[–] MissJinx@lemmy.world 2 points 1 year ago

oh WinRAR, the freest paid app in history