Ken's Korner Newsletter Logo
April 2016
The Perils of Zip Files

What is a Zip File?

Zip or zipped
files are multiple files combined into one file. Often much smaller than the total sum of the individual files hence the term, “compressed files”. They can be a handy way to transport many related files while keeping them together and arranged in a particular order. Then the recipient(s) can easily un-zip or decompress the file back to the original files.

"Zipped" Files
When downloading applications or device drivers the manufacture often packages them in a compressed file format for easy installation. There are several common compression formats available and they can be recognized by their extensions, .zip, .tar, .rar, .arj, .tgz and .gz.

That’s great but just about anything can be put into a zip file, good or bad. Any number of malware programs can be hidden in a zip file and your virus scan might not see them until it is decompressed. If there is some malware on the source machine, whether intentionally or not, it will most likely be in the zipped file too.

Once it is decompressed on your machine it can do tremendous damage in the blink of an eye. Dangerous viruses like CryptoLocker and Zeus Zbot can destroy you data with lightning speed and efficiency. (And, no, your fax machine didn’t send it to you).

What can you do
to protect yourself and your computer?

Number One!
Never open a Zip file attached to an email unless you already know what it is and you were expecting it.

Zip files attached to emails are a common way to infect your machine. Often they are created to look like they are from couriers like UPS, USPS or FedEx. Another common trick is to make it appear to be an invoice from Amazon or eBay.

Beware of everything you don’t clearly recognize as from someone you already know and are expecting. If you have any doubt at all delete it immediately without opening it. It is better to be safe than to be reconstructing your machine!

Go back to the top

Apple vs. The FBI

Totally divorced from reality!
DarkWebApple vs. The FBI

This one was just unbelievable to me. In case you haven’t been watching the news lately a Federal Judge ordered Apple to engineer new security flaws into the iPhone software to make it easier for the FBI to get information that is stored on the device. Apple told them no!

Number one, we proceed from a false premise. The iPhone is not impregnable, it’s not even close. It is slightly more secure than the Android devices and slightly less secure than the Windows phone but these and others including Symbian and Blackberry can be hacked!

And it is no secret either. Law enforcement, detectives and private investigators in this country and abroad do it every day. A whole industry exists to provide these services. A simple Google search for Mobile Device Forensics will provide enough research material to keep you reading for a week. The National Institute of Standards and Testing, (NIST) even has guidelines for testing and evaluating these tools.

Companies like Cellebrite, Teel Technologies, Phone Forensics, just to name a few, will provide you with the hardware, software, training to extract data and cloud based information from these devices. They will even provide the services and do it for you. Cellebrite, which has been in this business since 1999, even has a contract to provide their services to the FBI!

All it takes is money. OK so you have to buy up twenty grand worth of equipment that is only good for one thing and goes obsolete faster than teenage fashions. But on a case like this that is nothing. It wouldn’t even pay for the lawyers bar tab.

What is wrong with these people? Particularly the “Investigative Reporters” who don’t seem aware of any of this. And who is in charge at the FBI where the left hand doesn’t seem to know what the right hand is doing. The people who broke Watergate can’t seem to find a multibillion dollar industry right in their own back yard. Who, if anyone, is running these organizations?

And then at the last moment the FBI dropped the case. They finally got the information they needed and without any help from Apple. What took you guys so long?

I am solidly behind Apple on this one.
I may even go so far as to buy one of their overpriced toys just to help support them. It is Apple’s job to make the device as secure as they can. It is the job of others to crack that security.

The lesson in all of this is ...
...never put anything on your phone that you don’t want to share with ten million other people. Pictures, music, documents and personal information can be extracted if your phone gets into the wrong hands. And it seems that the people we trusted in the past are totally incompetent now. Once the data it is out there on the web there is no chance of pulling it back again!

And as always with any important data remember to make a back up!

Go back to the top

Copyright © 2016. All Rights Reserved.
Ken's Korner Home Page