Hacker News new | past | comments | ask | show | jobs | submit login

It's unlikely any of the parsers would apply recursive decompression, so a ZipQuine isn't going to help exhaust resources.



Indeed. ZipQuines are not targeted against servers, but against middleware. More precisely, these try to attack certain kinds of "security scanners". Those security scanners want to unpack as much as possible, by design(!), otherwise bad code could hide behind yet another round of compressed container formats.


Yes scanners and AV is what's targetted by quines.


At least none of the Java libraries seemed to fall for this when I tried.


True. I wonder what's the largest file you can decompress to given some bound on the compressed result.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: