rhabarba@feddit.de to Technology@beehaw.orgEnglish · 1 year agoWinRAR zero-day exploited since April to hack trading accountswww.bleepingcomputer.comexternal-linkmessage-square22fedilinkarrow-up1108cross-posted to: hackernews@derp.footechnews@radiation.party
arrow-up1108external-linkWinRAR zero-day exploited since April to hack trading accountswww.bleepingcomputer.comrhabarba@feddit.de to Technology@beehaw.orgEnglish · 1 year agomessage-square22fedilinkcross-posted to: hackernews@derp.footechnews@radiation.party
minus-squareTheMadnessKing@lemdro.idlinkfedilinkEnglisharrow-up5·1 year agoHonestly, this is like the first time I heard WinRAR has this big security vulnerability. But I am still planning to stay on WinRAR given its easy to use UI and unlimited free trial.
minus-squarerhabarba@feddit.deOPlinkfedilinkEnglisharrow-up3·1 year agoIt is. Coincidentally, security was one of the reasons to uninstall 7-Zip.
minus-squaredan@upvote.aulinkfedilinkEnglisharrow-up17·edit-21 year agoThere’s barely any CVEs on that page. It’s likely a security researcher did some fuzzing of the executable and found a few issues at once. Have you looked at how many vulnerabilities there’s been in things like Windows, MacOS, Chrome, etc?
minus-squarerhabarba@feddit.deOPlinkfedilinkEnglisharrow-up3·1 year agoI have. The point is that there is no software without vulnerabilities.
minus-squaredan@upvote.aulinkfedilinkEnglisharrow-up12·1 year ago The point is that there is no software without vulnerabilities. Definitely true, but that conflicts with this: Coincidentally, security was one of the reasons to uninstall 7-Zip. If you uninstalled software because of security, you wouldn’t have any software left :)
minus-squarerhabarba@feddit.deOPlinkfedilinkEnglisharrow-up2·1 year agoAlso true. I was probably too impatient when I bought a WinRAR license over night. But now I have it and I use it. :-)
minus-squarerhabarba@feddit.deOPlinkfedilinkEnglisharrow-up3·1 year agoI even own legitimate Total Commander and mIRC licenses!
minus-squaredan@upvote.aulinkfedilinkEnglisharrow-up8·1 year agoI’m sure they’re still celebrating someone purchasing a license :)
minus-squaremorry040@kbin.sociallinkfedilinkarrow-up9·1 year agoThe number of reported issues seems to be about the same with WinRAR: https://www.cvedetails.com/vulnerability-list/vendor_id-1914/product_id-3768/Rarlab-Winrar.html
Is security not a merit?
Honestly, this is like the first time I heard WinRAR has this big security vulnerability. But I am still planning to stay on WinRAR given its easy to use UI and unlimited free trial.
It is. Coincidentally, security was one of the reasons to uninstall 7-Zip.
There’s barely any CVEs on that page. It’s likely a security researcher did some fuzzing of the executable and found a few issues at once.
Have you looked at how many vulnerabilities there’s been in things like Windows, MacOS, Chrome, etc?
I have. The point is that there is no software without vulnerabilities.
Definitely true, but that conflicts with this:
If you uninstalled software because of security, you wouldn’t have any software left :)
Also true. I was probably too impatient when I bought a WinRAR license over night. But now I have it and I use it. :-)
Y-you paid for WinRAR?
I even own legitimate Total Commander and mIRC licenses!
Wow, a real unicorn! 🦄
I’m sure they’re still celebrating someone purchasing a license :)
The number of reported issues seems to be about the same with WinRAR: https://www.cvedetails.com/vulnerability-list/vendor_id-1914/product_id-3768/Rarlab-Winrar.html