Insecure Communication From WinZip 24 Lets Hackers Drop Malware



In the course of searching for WinZip network communications changes, the experts noticed that through the unsecured tcp, the WinZip archiver was vulnerable to many attacks. By granting a rogue “update,” any threat attacker will easily manipulate this.

Currently, WinZip is version 25, but soon after it is released, search the server for changes over an unencrypted connection, a flaw that could be abused by an agent who is ill-disposed. It also occurred that like the username and registration code, the registration data was transmitted via http.

Read more…