Microsoft scans the inside of password-protected zip files on the cloud

jim584672 · May 17, 2023

Microsoft is scanning the inside of password-protected zip files for malware
If you think a password prevents scanning in the cloud, think again.
Dan Goodin - 5/15/2023, 8:15 PM

Microsoft cloud services are scanning for malware by peeking inside users’ zip files, even when they’re protected by a password, several users reported on Mastodon on Monday.

https://arstechnica.com/information...-of-password-protected-zip-files-for-malware/

--------------------------------------------------------
The cloud is a great way to back up important files off site.

If you want actual privacy use proper methods and software.

https://gnupg.org/download/

Use a proper password like: xCUQNHrRb1RKXV$rX3dl12@rNe4iAX8j for symmetric encryption.
Command line: gpg --output 'files.zip.gpg' --symmetric --cipher-algo AES256 'files.zip'
Never send a password in the clear.

Or exchange public keys with others for key exchange without a secure channel.

DrRoy · May 17, 2023

I don't store in the cloud.

statsman · May 17, 2023

A more dependable way is to use an AES-256 encryptor built into many archive programs when creating 7z files.

That's what I do. Not only does using 7z files allow for password protection of the files, but you can also select to encrypt file names so that a listing of the 7z file contents is not obtainable without the password.

DrRoy said:
I don't store in the cloud.

An even better suggestion if you are concerned about someone accessing the data.

Aerides · May 17, 2023

DrRoy said:
I don't store in the cloud.

I don't store stuff that I need protected from the world, in the cloud.

easysurfer · May 17, 2023

Why does this not surprise me?

I don't store passwords in the cloud.

OldShooter · May 17, 2023

DrRoy said:
I don't store in the cloud.

Me neither. I see no value in it. Transfers are slow, many cloud vendors are not trustworthy, and even the large vendors are "down" from time to time. And then there is the security thing. Granted, storing periodic backup compilations on a hard drive kept in my gun safe is not as secure as having them off-site, but it is good enough for me.

Sunset · May 17, 2023

If I want something safe, I encrypt it.

Simple password protection may only block an application from opening it.

As for the cloud, I enjoy the clouds passing by on a sunny day but I won't put sensitive data in them.

badatmath · May 17, 2023

DrRoy said:
I don't store in the cloud.

+1

Microsoft scans the inside of password-protected zip files on the cloud

jim584672

Thinks s/he gets paid by the post

DrRoy

Give me a museum and I'll fill it. (Picasso) Give me a forum ...

statsman

Thinks s/he gets paid by the post

Aerides

Give me a museum and I'll fill it. (Picasso) Give me a forum ...

easysurfer

Give me a museum and I'll fill it. (Picasso) Give me a forum ...

OldShooter

Give me a museum and I'll fill it. (Picasso) Give me a forum ...

Sunset

Give me a museum and I'll fill it. (Picasso) Give me a forum ...

badatmath

Thinks s/he gets paid by the post

Latest posts