[WARNING] The Real Risks in Google’s New .Zip and .Mov Domains

[nlinecomputers]

The Real Risks in Google’s New .Zip and .Mov Domains

While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.

www.wired.com

 

[nlinecomputers]

 

[nlinecomputers]

 

[britechguy]

Only time will tell . . .

 

[GTP]

Cant wait to hear Steve Gibsons thoughts on it.

 

[britechguy]

Cant wait to hear Steve Gibsons thoughts on it.

My suspicion is he'll be on the "the sky will be falling" side this time. Speculation is speculation.

 

[NviGate Systems]

Security aside, it's just a confusingly bad idea.

The only reason .com works and isn't confusing is that with the phasing out of DOS and the move to Windows, we don't really use .com executables much anymore.

However, what if someone made a .exe top level domain? Just as stupid.

While we are at it, why don't we make top level domains like .scam or .fake? Well, actually, those would probably be weird. Or a TLD called .cash lots of scams would go there... getyourfree.cash hahahah

 

[Sky-Knight]

.zip has already been used successfully in phishing campaigns.

I long ago blocked .zip files from passing as attachments, but there is little I can do on the URI in an email side. Yes... this is a train wreck, and Google knew better.

If anything, this move should be understood by the world that Google is complicit with organized crime in digital identity theft, has no remorse over that fact, and will continue regardless of the impact to our lives and treasure.

 

[Metanis]

From the OP's linked Wired article, >“I don't agree with the assertion that the new TLDs will increase the effectiveness of phishing in any meaningful way—primarily because people are already so easily fooled by URLs,” says security researcher Troy Hunt, who runs the breach-tracking service HaveIBeenPwned.<

I agree with him.

Everyone should be using a reputable DNS filtering provider right?

 

[Sky-Knight]

Everyone will be happy to know that the Internet has provided... and has given us one solid example of proper use of the .zip domain.

Ladies and gentlemen, I give you: https://yourmom.zip/

P.S.

For those that use the IM application Signal you'll note the IM client automatically downloads the .zip TLD links as an attachment. Like many IM clients, it auto-links .zip file attachments... and .mov attachments... both realities now broken thanks to Google with no real means of fixing it.

Because you cannot tell by parsing a single line of text (URI), the difference between a file and a directory.

 

[Philippe]

Confusing people... MS tried with Outlook (@outlook, web site, app,...) but Google did it better this time

 

[phaZed]

Ladies and gentlemen, I give you: https://yourmom.zip/

LOL!

 

[nlinecomputers]

LOL!

View attachment 14652

You wish…