Zip Bombs and the XEEE

Speaker/Bio

Nicholas Maresco:

• Undergraduate researcher
• Rising junior, computer engineering
• Research interests:
  • Compression algorithms
  • Encryption methods
  • Information theory

Abstract

Ever thought your computer has enough memory to open virtually any file? Well the subject of this talk includes two different sub-topics that serve a similar malicious purposes. Our machines have software designed to open up file, parse them, and in the case of compressed files, decompress them. In our first talk, the Zip bomb, I will go into the potential harms and surprisingly some of the benefits making a Zip bomb can come along with. The second talk will be about the XEEE or more commonly known as the Attack of a Billion Laughs, which abuses the XML language\x92s document type definition standards for structuring and executing entities which are the language\x92s equivalent of macros. These two talks will highlight the dangers of using memory exponentially, especially when that is an attacker\x92s intention.