Fuck WinRAR. It’s for normie NPCs. 7Zip is FOSS, and everybody should be using it instead.
Russia and China-backed hackers are exploiting WinRAR zero-day bug
Submitted 1 year ago by Wilshire@lemmy.world to technology@lemmy.world
https://techcrunch.com/2023/10/18/russia-sandworm-fancy-bear-china-winrar-zero-day/
Comments
ScaNtuRd@lemmy.world 1 year ago
Sandbag@lemmy.world 1 year ago
Wow, really shilling for Russian software man, that’s low, certainly the Russians have no insights to 7zip.
merthyr1831@lemmy.world 1 year ago
You can read and build the source code yourself if you’re really worried what some Russian FOSS contributors are up to, but I can assure you it’s going to be a lot less sus that whatever a proprietary application can do without any ability to audit and check the code.
vacuumflower@lemmy.sdf.org 1 year ago
7zip’s Linux port (p7zip) was lagging back in functionality last I heard, and also was abandoned then, don’t know how it is now.
lloram239@feddit.de 1 year ago
It has an official Linux port now, goes by
7zz
spudwart@spudwart.com 1 year ago
7zip exists and is free.
CmdrShepard@lemmy.one 1 year ago
7zip will unpack rar files? I’ve used it for years and never knew.
spudwart@spudwart.com 1 year ago
Yea. It just can’t pack files into RaR.
terminhell@lemmy.dbzer0.com 1 year ago
See guys, we shoulda paid for it back then. Now we’re paying for it now XD
spirinolas@lemmy.world 1 year ago
Who the hell hurts winRAR? That’s like punching Dolly Parton.
VantaBrandon@lemmy.world 1 year ago
“Group-IB said the flaw was exploited as a zero-day — since the developer had zero time to fix the bug before it was exploited — as far back as April to compromise the devices of at least 130 traders.”
We’re all to blame for not registering
autotldr@lemmings.world [bot] 1 year ago
This is the best summary I could come up with:
The WinRAR vulnerability, first discovered by cybersecurity company Group-IB earlier this year and tracked as CVE-2023-38831, allows attackers to hide malicious scripts in archive files that masquerade as seemingly innocuous images or text documents.
In research shared with TechCrunch ahead of its publication, TAG says it has observed multiple campaigns exploiting the WinRAR zero-day bug, which it has tied to state-backed hacking groups with links to Russia and China.
One of these groups includes a Russian military intelligence unit dubbed Sandworm, which is known for destructive cyberattacks, like the NotPetya ransomware attack it launched in 2017 that primarily hit computer systems in Ukraine and disrupted the country’s power grid.
Separately, TAG says it observed another notorious Russia-backed hacking group, tracked as APT28 and commonly known as Fancy Bear, using the WinRAR zero-day to target users in Ukraine under the guise of an email campaign impersonating the Razumkov Centre, a public policy think tank in the country.
Google’s findings follow an earlier discovery by threat intelligence company Cluster25, which said last week that it had also observed Russian hackers exploiting the WinRAR vulnerability as a phishing campaign designed to harvest credentials from compromised systems.
Google added that its researchers found evidence that the China-backed hacking group, known as APT40, which the U.S. government has previously linked to China’s Ministry of State Security, also abused the WinRAR zero-day flaw as part of a phishing campaign targeting users based in Papua New Guinea.
The original article contains 490 words, the summary contains 239 words. Saved 51%. I’m a bot and I’m open source!
kamenlady@lemmy.world 1 year ago
I read “dubbed Sandworm” but my brain always displays darude Sandstorm in my mind.
ELI70@lemmy.run 1 year ago
Stop Using Windows And MacOS use GNU/Linux instead -> Problem Solved
ColdWater@lemmy.ca 1 year ago
Yeah problem solved, except you have to deal with Linux problems instead
Quereller@lemmy.one 1 year ago
Sorry that is just not true theregister.com/…/linux_gnome_libcue_exploit/
Jaysyn@kbin.social 1 year ago
Blows my mind that anyone still uses WinRAR when 7zip exists.
penquin@lemm.ee 1 year ago
What should blow your mind is that it’s 2023 and you still need a separate program to extract compressed files on windows. 😂 Good thing they’re adding native support for it in windows 11. FINALLY.
wmassingham@lemmy.world 1 year ago
Windows has had native unzip support since Microsoft Plus! 98 added it to Windows 98 in 1998.
raptir@lemdro.id 1 year ago
You do on Linux as well, it’s just installed by default.
pascal@lemm.ee 1 year ago
What could possibly go wrong.
Appoxo@lemmy.dbzer0.com 1 year ago
Not like zip is supported and Windows added (finally tbf) support for other archives.
theverge.com/…/microsoft-windows-11-rar-support-n…
Lev_Astov@lemmy.world 1 year ago
Windows’ built in unzipping tool has really messed up my system before by uncompressing files wrong in subtle ways.
JohnEdwa@sopuli.xyz 1 year ago
I’m willing to bet a big part of that are all the antitrust lawsuits they got for internet explorer and windows media player back in the day and just not wanting to open that box as it comes to rarlab.
scottywh@lemmy.world 1 year ago
FUCK WINRAR!
it’s so stupid and amazing this recent celebration of people that are proud to have paid for it.
It was never a good solution really…
It just worked for what it was for a time… Because it was better than WinZip or pkzip.
7-zip has been amazing for years…
Better OS support would be cool too but it’s so unnecessary thanks to 7zip.
pascal@lemm.ee 1 year ago
People on Lemmy sometimes get really angry at the dumbest things.
You don’t like Winrar, that’s your right, chill dude.
InvaderDJ@lemmy.world 1 year ago
WinRAR was great for the time and their policies on paying for the program were extremely generous. Time just overtook it.
aksdb@feddit.de 1 year ago
7z recently also had an exploit. It’s not magically safer.
RAR has compresses significantly faster than 7z (in relation to the compression ratio of course).
RAR has recovery records, 7z doesn’t. RAR4 even had cryptographic signatures included. But RAR5 dropped that.
7z is nice, but it’s not objectively better than RAR on any account.
SCB@lemmy.world 1 year ago
Yes this is why it is loved as a piece of software history.
ARk@lemm.ee 1 year ago
Well it would blow your mind to know that many people just use whatever they know that does the job
Kyoyeou@slrpnk.net 1 year ago
There is a certain sense of old friend that you know by heart, I’ve downloaded so much things where the last step was to pass it by WinRAR, but yeah I should change when there are proofs like that
FatTony@lemmy.world 1 year ago
We hate WinRAR now?
devz0r@kbin.social 1 year ago
I just feel like that people who are still opening RAR files are technically savvy enough to have moved on from WinRAR
Appoxo@lemmy.dbzer0.com 1 year ago
Not hate but we graduate to 7zip.
Isnt the FOSS thingie all the hype around lemmy? Feel like every discussion tends to drift towards FOSS topics (ironic, I know) and if an app with propiretary modules will be hated to hell and back.
otter@lemmy.ca 1 year ago
It’s pretty old, there’s a whole meme around it
www.reddit.com/r/PaidForWinRAR/
Isthisreddit@lemmy.world 1 year ago
WinRAR had a great gui and it integrates much better (imho) into windows than 7zip, only thing 7zip has going for it is it’s free.
If we are talking command line, rar is free (inb4 Unix guys butt in)
BigDanishGuy@sh.itjust.works 1 year ago
The only thing I missed switching to 7zip was the UX. 7zip is a bit weird at first, but then you find out that it will extract lots of installers. So now you can just get the wifi driver and not the bloatware that comes along with it, and it’s all good.
mightyfoolish@lemmy.world 1 year ago
7zip integrates very nicely into Explorer (so you can right click a file or folder and compress straight from there). I admitz the main GUI of 7zip looks ancient but I never needed it.
PeterPoopshit@lemmy.world 1 year ago
WinRAR was good in ancient times when it was the only zip program available. Even in the Windows XP era there were better things to use if you knew about them.
westyvw@lemm.ee 1 year ago
Winrar in ancient times? Lol. People have been arching for a long time before that. Unix, amiga, apple, pc… that is a funny sentence.
Don’t remember PKARK, ARC, and PKWARE?
I believe Winrar became popular because it was easier to use with multi volume archives. Which conveniently worked well with parity files, which all worked great for distributing on usenet.
gothicdecadence@lemm.ee 1 year ago
If you’re on Windows (I know I know, switch to Linux) I prefer NanaZip over base 7zip
github.com/M2Team/NanaZip
JewGoblin@lemmy.world 1 year ago
doesn’t WinRAR do certain things the 7zip doesn’t?
I can’t think of what 7zip lacks, but I know it does lack some features
stillwater@lemm.ee 1 year ago
Yes, WinRAR asks for money.
Krudler@lemmy.world 1 year ago
The reason WinRAR was useful to me allllllll those years ago was for one thing and one thing only: You could split an archive into chunks. So mostly I found that it was good for getting my warez in 1.44MB chunks.
Ganbat@lemmyonline.com 1 year ago
Afaik, the only thing 7Zip lacks in comparison to WinRAR is the ability to create rar files, and that’s only because the format is proprietary.
sturmblast@lemmy.world 1 year ago
this is true I actually needed to get winrared to install a free game I acquired lately 7:00 would not open it properly for some reason
narc0tic_bird@lemm.ee 1 year ago
Why not? I prefer it over 7-Zip because it has built-in parity both in the archive itself and as separate files. You can achieve the latter with 7-Zip using PAR, but it’s just more convenient to have it built-in for both parity creation and recovery.
I also feel like it’s consuming a lot less RAM while compressing at similar speeds and achieving similar, if not sometimes better (RAR5), results.
Just because it had a zero-day bug that has already been fixed doesn’t mean it’s bad software. I wouldn’t be surprised if zero-days came to light in other archival software. 7-Zip isn’t magically immune to this.
Appoxo@lemmy.dbzer0.com 1 year ago
I don’t get why someone would prefer rar over zip and 7z.
Even tar.gz and all their flavors are more common.
vanontom@lemmy.world 1 year ago
WinRAR also has clever password and encryption features. (Set short master password, quickly encrypt/decrypt any saved very long passwords.) Integration is great. Updates are regular. I only wish the UI would be updated a bit (more than just icon packs, dark mode).
original_reader@lemm.ee 1 year ago
There’s the occasional RAR archive 7-Zip doesn’t open for me, but WinRAR does. 🤷🏻