Slashdot Mirror

mask.of.sanity quotes a report from The Register: Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-Zip compression tool to stop attackers gaining full control of customer machines. Marcin Noga, Cisco security researcher, found and reported the holes to the platform, which could allow attackers to compromise updated machines, giving attackers the same access rights as logged-in users. FireEye and MalwareBytes are two of many products that use 7-Zip. "An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format files ... [which] can be triggered by any entry that contains a malformed Long Allocation Descriptor," Colleague of The Register Jaeson Schultz said. The flaws were fixed in 7-Zip 16.00, which was released Tuesday.

Meostro asks: "I'm looking for the best format to use to distribute arbitrary datasets. Tarballs compressed with gzip seem to be the most common thing out there, with zip coming in a close second. What advanced compression packages are the most widely recognized or available on the widest array of systems? Cross-platform compatibility is my most important goal, followed by compression ratio, decompression time, compression time and extra features (solid archives, support for multiple files, etc.). I'm starting up a free data site to provide test data for anything you can imagine: images for compression and format interpretation, text and audio for language processing, programming language examples to test parsing, and more. I hope this will grow to be a significant (read: multi-gigabyte) archive, so I want to start off right with my distribution format. Right now the plan is data.tar.bz2, but i'm open to anything that will give me better compression as long as it's available for Linux, Windows and Mac."