Advertisement

With help from NIST, Sen. Wyden wants us to be smarter about .zip files

“Many people incorrectly believe password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools,” the Oregon Democrat says in a letter to NIST.
Sen. Ron Wyden, D-Ore.
Sen. Ron Wyden, D-Ore., speaks at a New America event in April 2018.

This report first appeared on CyberScoop.


Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden says, and he’s asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet.

“Many people incorrectly believe password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools,” the Oregon Democrat writes in a letter obtained by CyberScoop. “This is because many of the software programs that create .zip files use weak encryption algorithms by default.”

Advertisement

Part of Wyden’s concerns stem from the fact that although there are two common types of encryption options available for .zip files, people may be using the weaker option without realizing it. Those files are more vulnerable to password crackers, Wyden says, such as Advanced Archive Password Recovery.

“Given the ongoing threat of cyber attacks by foreign state actors and high-profile data breaches, this is a potentially catastrophic national security problem that needs to be fixed,” Wyden writes to NIST Director Walter G. Copan. NIST cybersecurity guidance — whether issued specifically for federal networks or the public in general — is highly influential, so any action by the agency would potentially have an effect on security practices nationwide.

“The government must ensure that federal workers have the tools and training they need to safely share sensitive data,” Wyden writes.

Read more at CyberScoop.com.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts