New TLDs are available. .zip and .mov and it seems a bit concerning

Posted by NerdWhoLikesTrees@reddit | sysadmin | View on Reddit | 525 comments

I found a great comment by u/LudwikTR >I feel like most people in the comments are not understanding the mechanism that makes this potentially problematic. I will admit that the author of the website, focusing primarily on his disdain for a particular corporation, doesn't help clarify the point. A **significant** amount of software automatically converts parts of text that *appear* to be URLs (even without an explicit protocol) into clickable links. These include mail clients, messengers, internet forums, social media sites, CMS systems, text editors, etc. Until now, such software would convert *hello.com* into a clickable link (since .com is a valid TLD) but would leave *hello.zip* as is (since .zip wasn't one). This won't change overnight, but gradually it will, as software libraries are updated with the current list of valid TLDs. This means that soon, whenever anyone mentions a zip file by name (in a message, email or a post), it will inadvertently become a link. To the reader, it will appear as if the author intentionally linked the file to assist the reader in finding it (e.g., "Then you need to download [documents-backup.zip](https://documents-backup.zip) from our intranet portal"). So, they'll click on the link expecting to download the file. As an attacker, all I have to do is register the *documents-backup.zip* domain and upload a malicious zip file to the root of the domain. It will starts downloading as soon as someone opens http://documents-backup.zip. The individual clicking on the link expects a zip file to download - and it will, but it will be a malicious file from a third-party, not from the author of the message or a post. So as a result we get a **trusted** source inadvertently linking to a malicious file, which is very different from scenarios discussed in other comments. **EDIT:** There were questions whether a zip file can be downloaded by simply accessing the root of a domain so I registered the domain and created a simple demo here: [documents-backup.zip](https://documents-backup.zip)

Reply to Post

Reply

525 Comments

[-]

tickpig@reddit

.zip domain already in use in phishing attacks: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/

Reply

[-]

HanSolo71@reddit

I already bought 3 .zip domains. [amazons3.zip](https://amazons3.zip) [centosiso.zip](https://centosiso.zip) [ubuntuiso.zip](https://ubuntuiso.zip)

Reply

[-]

hellomistershifty@reddit

There are a lot of fun ones still for sale: - game.zip ($1,080) - cat.zip ($1,080) - fun.zip ($540) - patch.zip ($540) - 2024.zip ($66) - leet.zip ($36) - imagefiles.zip ($15) - diskimg.zip ($15) - msiinstaller.zip ($15) - sourcefiles.zip ($15) - srcfiles.zip ($15) - virusremover.zip ($15) - filecleaner.zip ($15)

Reply

[-]

Knotebrett@reddit

I assume some bloat ass company has bought win.zip

Reply

[-]

epsiblivion@reddit

Who got un.zip

Reply

[-]

GullibleDetective@reddit

Pornhub

Reply

[-]

CydeWeys@reddit

The string \`un\` is globally blocked on all new gTLDs for the exclusive use by the United Nations. So no one got it (if you check via WHOIS you can see that that domain is not registered).

Reply

[-]

silentrawr@reddit

Won't be my proudest fap...

Reply

[-]

FlatwormAltruistic@reddit

Virusremover... Pff weak... You should just go for viruses.zip because why not. And of course then put a real virus on your web page. Though, I am wondering, if it can mess up some filters where there is crappy *.zip allowed. Might let you get past some firewalls where URL filtering for .zip is set up.

Reply

[-]

GnarlyNarwhalNoms@reddit

[porn.zip](https://porn.zip)? So obvious.

Reply

[-]

HanSolo71@reddit

S3.zip is still available.

Reply

[-]

alvarkresh@reddit

Thank you for allowing me to test my uBO filter! https://news.ycombinator.com/item?id=35977923 Props to suprjami on that thread.

Reply

[-]

saysthingsbackwards@reddit

Yo dawg can I get that Ubuntu iso

Reply

[-]

HanSolo71@reddit

I fronted them all with Cloudflare, enabled DKIM, DMARC, Email fowarding, DNSSEC, HSTS, and all the security headers. I'm trying to make them look as legit as possible. I'm hoping to use Cloudflare to track all the mistyped WGET commands of people attempting to download isos and logs. Could be interesting.

Reply

[-]

reddit_user33@reddit

Thanks for providing safe redirect links for me to test the regex black list on my pi-hole. Your domains might already be on virus total... totally not me 😉

Reply

[-]

HanSolo71@reddit

Glad someone can use it

Reply

[-]

saysthingsbackwards@reddit

Whadder yew, sum kahnda... informayshun se*kure*ty injianeer er sumpn?

Reply

[-]

Dekklin@reddit

purdy much

Reply

[-]

Asleep-Measurement82@reddit

Sure, I uploaded it here for you. 📎ARCHlVE.ZIP

Reply

[-]

AfternoonFederal6502@reddit

CentOSISO.zip doesn't make any sense. Should be CentOSStreamISO.zip

Reply

[-]

CynicalTree@reddit

Thanks. I've blocked the domain outright. Wildly irresponsible behavior from Google.

Reply

[-]

alvarkresh@reddit

How do you turn off domain formatting in Firefox, incidentally? That way .zip names won't be clickable.

Reply

[-]

rootofallworlds@reddit

Strongly considering doing the same myself.

Reply

[-]

ExcitingTabletop@reddit

Implementing now. There's greed and then there's stupidity. This is stupidity.

Reply

[-]

al3arabcoreleone@reddit

Hi, how can I do this exactly ?? can I block them from router or just from my pc ?

Reply

[-]

ITaggie@reddit

Submitted a RFC but it'll likely get done

Reply

[-]

therealperchy22@reddit

I imagine admins blocking requests to .zip in DNS would be a Good Idea.

Reply

[-]

Hulkstern@reddit

Wow that page is kinda gross to force me to consent to sharing my user data to third parties just to read the article lol

Reply

[-]

Nomaddo@reddit

It has something to do with the European laws regarding website cookies. Something like you must receive explicit consent meaning a person has to click a "Yes" or "Agree" and telling you how the cookie might be used. Also note that I am neither a European citizen nor do I know European law, nor do I know anything about GDRP so don't take what I said as a statement of fact.

Reply

[-]

Hulkstern@reddit

Yeah that usually also requires a way to explicitly not allow or disagree, hence my complaint

Reply

[-]

Nomaddo@reddit

The disagree options are apparently hidden behind "Learn More".

Reply

[-]

Hulkstern@reddit

Love it when they obfuscate options they are legally required to provide lmao

Reply

[-]

Alzzary@reddit

I use Brave and wasn't asked, outright blocked.

Reply

[-]

8siYv@reddit

Installed just to try and didn't work

Reply

[-]

Alzzary@reddit

Sorry, I thought it was refering to the link in the original post :)

Reply

[-]

billyalt@reddit

Thanks for poisoning the internet, google.

Reply

[-]

AltoidStrong@reddit

"Do no Evil" LOL!

Reply

[-]

sivadbp@reddit

Yeah, it's "No, do Evil" now.

Reply

[-]

toadofsteel@reddit

I thought it was "(we) do *know* evil"

Reply

[-]

Cyhawk@reddit

execute order, *Manifest V2*. . .

Reply

[-]

Daeurth@reddit

Google got rid of "don't be evil" years ago

Reply

[-]

HotPieFactory@reddit

They did stupid, that's different.

Reply

[-]

Xzenor@reddit

Here's a fun idea. Why not create the tld ".exe" and fuck up the internet even more while you're at it

Reply

[-]

dosmage@reddit

Why worry about .exe TLD, or really .zip or whatever, Windows still has a .com execution format, so I came up with this example; https://backup-trial.com as my satirical answer to the OP's post's proof of concept backup-documents.zip. I personally don't see how this is as novel as people are making it out to be. We already have the ability to set disposition file attachment, set mime type application/exe, etc... Anyway, my proof of concept is just a renamed calc.exe but it will execute as backup-trial.com and be usable so :shrug:

Reply

[-]

KaitRaven@reddit

The main difference is a zip file is something that someone would already expect to download and open manually. Downloading a com file would be unexpected and people would be less likely to run it.

Reply

[-]

ZippyDan@reddit

The other main difference is that even relatively technologically deficient noobs recognize extensions like *zip*, *doc*, and *pdf*. *com* files being used as executables is something I haven't seen much of since DOS days, and anyone with enough knowledge to recognize it as a filename would also recognize the risks. If you tell a noob to "download this zip file", they won't think twice. If you tell them to download a *com* file, they're probably going to ask "what is that?"

Reply

[-]

dosmage@reddit

Sure, but someone just mentioned, which kind of undermined their point, the default is to hide known extension types. I suggested changing the icon of the com file to WinZip or something. Anyway, this still relies on a combinational alignment of the typo or auto crafted link to a registered domain that hasn't already been revoked, blocked etc...?

Reply

[-]

vee_lan_cleef@reddit

Exactly, not sure how people aren't getting this. And the most at risk are people that don't even know what a TLD even is, not the average user in r/sysadmin.

Reply

[-]

LogicalExtension@reddit

I think you've missed the point, though. Most people are not looking at `backup-trial.com` and expecting that it'll download an attachment. So an attachment suddenly being downloaded is at least a clue something is off. Maybe they'll miss it. Even someone who is technically adept, switched on, and sees the `your-important-documents.zip` link isn't necessarily going to realise "Wait, that's some third party domain"

Reply

[-]

dosmage@reddit

Sure but this can be done by crafting the link anyway, so if the concern is a typo or auto link, instead of a direct attack, I would think the probability in time is likely very low and all the red flag waving is a bit excessive. I'm just failing to see the truly novelty of this. There are so many other things that are far scarier and I don't hear such an uproar. Like the one that gets me is why can JavaScript override the copy function of the browser? And if the concern is a typo of a wget command, DNS poisoning exists and so does checksums Etc... Etc... I don't know 🤷‍♂️.

Reply

[-]

LogicalExtension@reddit

> this can be done by crafting the link anyway, Also, not really the point. It's about systems that go "Oh, that looks like a domain, make it a link". So, previously `your-important-documents.zip` would look like plain text. Once you add in the .zip TLD, well now it's a link. Without any user interaction or malicious attacker having access to the impacted users or systems.

Reply

[-]

Poot_McGoot@reddit

That link better be a Rickroll!

Reply

[-]

dosmage@reddit

To be honest... It was recommended that it be Celery Man, but I used a similar misdirection once to override jpeg mime types and replaced them with application/x-php. Then I'd show the image, my default was some cat pic, and a meta refresh of an iframe would then load an mpeg of Rick Roll, if that brightens your day 😊! That was like 20ish years ago and I wish I still had the code I wrote, though I'm certain I could do it better now from scratch anyway.

Reply

[-]

ElectroSpore@reddit

File extensions have been hidden by default for a decade now since the release of Windows 8. Older users and technical users are the only ones that really know about file extensions in windows.

Reply

[-]

dosmage@reddit

I mean, you bring up the fact that extensions are hidden by default anyway so extensions are usually ignored, maybe just issue the com file with an icon of WinZip and the user wouldn't see the extension or really users are already so non discerning it wouldn't matter. Plus any attack only needs to work on a one in a hundred 🤷‍♂️. For a lot of the comments talking about this or that and where and whatever, Cisco ios still telnets to any non command from the terminal and one could poison DNS. My friend brought that up at Black Hat 20 some years ago and Cisco said works as intended. E.g. someone types enabel and the router/switch/whatever opens a telnet to the host enabel and the malicious host answers with password: and the admin types the enable password into the malicious code. Another thing is that people seem to worry about auto links being created. It seems to me that with the hundreds of existing TLDs only a handful do this now, why would zip be put on a pedestal for auto completion. Lastly, at least for now, if the concern is really typing in something wrong or a link being auto generated, the collision of a typo with a registered domain, that isn't already taken down as malicious by that time, must be very coincidental. I guess I just don't find this very novel. I'm not ready to shake my first and yell at clouds, not unless someone has some really compelling argument I have yet to see, anyway. I think change in this case just worries some people 🤷‍♂️.

Reply

[-]

epsiblivion@reddit

Why stop there. There’s pdf, doc, bat, vbs, xls

Reply

[-]

ripzipzap@reddit

Ah can't wait to start my business with my new ps1 domain name

Reply

[-]

lighthawk16@reddit

We already have .com which is basically the same thing.

Reply

[-]

blazze_eternal@reddit

A lot of email filters block .exe by default, but not .zip.

Reply

[-]

toadofsteel@reddit

Found the Joker's Reddit account.

Reply

[-]

jdeath@reddit

have you ever tried to not be evil? it's apparently very difficult /s

Reply

[-]

joeshmo101@reddit

"Don't be evil" has been moved to the very bottom of their code of conduct. Any further and people might actually think they **are** evil!

Reply

[-]

aVarangian@reddit

I thought it was removed? Did I fall for propaganda again?

Reply

[-]

joeshmo101@reddit

They removed it as their motto and from the top of their Code of Conduct, but I think someone realized "Oh shit now it sounds like we are saying we're evil!" and they put it in again at the very end of the manual as lip service.

Reply

[-]

lupjo@reddit

I mean the fact they need to write it in order to remember it should be a red flag

Reply

[-]

laplongejr@reddit

The boring reason is probably that morality such as "don't be evil" is not compatible with libre licences, as they shouldn't put restrictions on their users. So they couldn't actually do anything with that clause of conduct anyway.

Reply

[-]

port53@reddit

Yes, it was never removed, just moved.

Reply

[-]

GiveEmWatts@reddit

Again

Reply

[-]

throwmamadownthewell@reddit

More

Reply

[-]

enfly@reddit

This is something that might have even snagged me. maybe ;-)

Reply

[-]

Consistent_Pick9500@reddit

Like litteraly every single domain in existence? Absolutely insane how it only takes a grossly misinformed guy screeching on his website and some random redditor typing 7 paragraphs that distill down to "some parsers might turn it into a URL without the :// beforehand) to make you all lose your shit. Suddenly everyone forgets that if you ever clicked on a [name.zip](https://go-f-in.space) link, **you were already clicking on a link** We're truly in the prelude to idiocracy.

Reply

[-]

jason_steakums@reddit

I suppose you can already do this with .com files that are just renamed .exes

Reply

[-]

Daniel15@reddit

coms are not renamed exes. They don't have the PE header and only run in 16-bit mode.

Reply

[-]

Sophira@reddit

The person you replied to was talking about the fact that you can take an .exe file, rename it to .com, and it will still run on Windows.

Reply

[-]

Creshal@reddit

Except the average user doesn't even know what .com files are, and if they get a download popup they assume the site is broken.

Reply

[-]

Appoxo@reddit

Recebtly had a customer call us because of a virus alert from Avira. We do not deploy Avira on client pcs. Checked Dashboard -> Nothing Asked client *exacrly* what it looked like. Client: "A windows notification with the text 'We have found (5) viruses on your pc. Click here to clean it' and an Avira icon with the name Mozilla at the bottom" Yep. My client somehow signed up for those malware pages that employed browser notifications for scare tactics.

Reply

[-]

DenseDifficulty8317@reddit

Seen it a few times. Never in an org, but rebuilt a few pcs cos of this. One friends wife phoned me concerned, her husband had let "Microsoft" connect to their pc. I told her to tell him to just turn it off and I'll take a look. He took some convincing. I never charge friends, as they're usually super considerate... But that time I kinda wanted to.

Reply

[-]

therealperchy22@reddit

Apparently it actually was an exploit at one point, back when win98 was a thing.

Reply

[-]

amunak@reddit

Browsers and OSes also tend to resist downloading executable files. Not so much with archives.

Reply

[-]

ollomulder@reddit

Isn't this a non-problem? Why would a link like "http://documents.zip" ever be more dangerous that "http://goggle.com/downloads/newest-release/documents.zip"? It's even way easier to spot as a potentially malicious link...

Reply

[-]

Sky_hippo@reddit

Because you don't need to put the http:// in front for browsers to recognize it technically

Reply

[-]

louis-lau@reddit

Browsers only recognize anchor tags. Just pasting a domain won't do shit. If it does, the app/site developer made it do that. Yes, that is a problem. No, that doesn't really have anything to do with this tld.

Reply

[-]

dotikk@reddit

Reddit is doing it ot my right now. typing [documents.zip](https://documents.zip) makes it clickable. That's the issue.

Reply

[-]

Consistent_Pick9500@reddit

> \[documents.zip](https://documents.zip) Uh huh Funny how you're cheating. Funny how it doesn't do it if you explicitly don't make it a link: documents.zip

Reply

[-]

alejandroiam@reddit

Reddit convers the text to a link as soon as you click post.

Reply

[-]

dotikk@reddit

I can screen cap if you want. Idk if it’s Reddit or my browser. But when I type that in Microsoft edge - it automatically changes to that

Reply

[-]

Reelix@reddit

Your client is converting your text to a full-blown markup hyperlink before posting it.

Reply

[-]

ACSquiggle@reddit

And so you see why this might be a problem?

Reply

[-]

ollomulder@reddit

And...? Who doesn't look in the bottom left corner before clicking a link has a whole lot of other problems already. For reference: [documents.zip](https://cumwizard69420.com/products/tubgirl)

Reply

[-]

CharcoaI@reddit

> Who doesn't look in the bottom left corner Do you work in IT?

Reply

[-]

dotikk@reddit

That’s exactly the point - people do click - why make it easier ?

Reply

[-]

louis-lau@reddit

So you agree it's badly developed applications that are the issue, not the browser nor the tld?

Reply

[-]

dotikk@reddit

Yes - but you can’t just assume badly coded applications are going to go away. You have assume they won’t - and stuff will stay business as usual and therefore, we should be careful about what we push forward. Who is asking for .zip TLDs? As far as I can see - the additional risk of badly coded applications is not worth the “payoff” of having a .zip tld.

Reply

[-]

louis-lau@reddit

I can see how that's what everyone is thinking, but it was going to happen sooner or later. If not with zip, with another file extension. Multiple people in the movie industry have already said they thought .mov was pretty cool. We accept the risk of badly developed applications all the time. I get this tld is not worth that risk to you personally, but it was really just a matter of time. I just don't get why everyone is so riled up at the tld, not at the applications.

Reply

[-]

charonn0@reddit

https://www.google.comⳆdocuments.zip

Reply

[-]

ollomulder@reddit

"Page not found"

Reply

[-]

charonn0@reddit

**Server** not found, actually. Because it's not pointing at `google.com`.

Reply

[-]

5erif@reddit

This could be used to spoof with subdomains like `microsoft.com.windowsupdate.zip`

Reply

[-]

alejandroiam@reddit

or even worse see the example on this image and tell me witch one is the only good one [https://financialstatement.zip/images/example1.png](https://financialstatement.zip/images/example1.png)

Reply

[-]

5erif@reddit

Damn, the @ is even worse, you're right. I've used usernames before domains a million times with different protocols, and even I wouldn't have spotted that if I hadn't been prompted to find the problems. My brain has seen things like "Python3@3.10.1" in package managers and just thought "oh okay".

Reply

[-]

RandomComputerFellow@reddit

Why does the world needs so many TLDs? I understand why countries have TLDs but why do we need more of them?

Reply

[-]

alejandroiam@reddit

in Mr. Crabs voice: ✨Money✨

Reply

[-]

abqcheeks@reddit

There was money to be made.

Reply

[-]

Equal_Coach6307@reddit

I wasn’t aware of .ZIP but I was aware of .SIP as a TLD which Google has now been selling domains on. Adding these to our DNS block list. Nothing like a user hovering over a legit .SIP or .MOV file and having it resolve to a site. Not at all confusing.

Reply

[-]

IAmWrong@reddit

> SIP please excuse my ignorance, but what is a ".sip" file?

Reply

[-]

alejandroiam@reddit

its not a file, its a protocol for voice/video communication, it stands for Session Initiation Protocol

Reply

[-]

IAmWrong@reddit

Haven't seen too many .sip files in my line of work, but then again I'm not too deep into network routing and telephony protocols. Valuable pro tip. Users should always check their file sources when implementing a VOIP system for their corporate network.

Reply

[-]

nightwatch_admin@reddit

Probably some sort of soft phone / VoIP app file

Reply

[-]

AnteaterProboscis@reddit

SESSION INITIATION PROTOCOL lol

Reply

[-]

eXtc_be@reddit

https://duckduckgo.com/?q=%22.sip%22+file&atb=v314-1&ia=web

Reply

[-]

Mehlsuppe@reddit

a phone book :\^)

Reply

[-]

crowruin@reddit

https://imgur.com/a/oda8eTc blocked using my pi-hole and here is the regex I use

Reply

[-]

R0tareneg@reddit

Is .exe available? Rushes to register explorer.exe, svchost.exe, etc... ;)

Reply

[-]

lkraider@reddit

Just have to pay google enough so they push it in.

Reply

[-]

quintus_horatius@reddit

What are you doing step-corporation?

Reply

[-]

LividLager@reddit

You caught me synergizing in brand position.

Reply

[-]

EpicCyndaquil@reddit

Or you can buy the whole TLD from ICANN, right? I can’t remember if it’s $10k or $100k to do that.

Reply

[-]

AlexanderDaychilde@reddit

I believe it's $200k give or take, but also has to be approved, and they do not approve all applications.

Reply

[-]

Asleep-Measurement82@reddit

Not quite that simple, in some cases. If multiple entities want it, it goes to an auction. .XYZ was famous because nobody else wanted it and now it’s the top new gTLD.

Reply

[-]

OverlordXenu@reddit

they approved these

Reply

[-]

spyingwind@reddit

>Fees & Timelines >5.1 When can I apply for a new gTLD? >The application window is expected to open on 12 January 2012. > >5.2 How much is the evaluation fee? >The evaluation fee is estimated at US$185,000. Applicants will be required to pay a US$5,000 deposit fee per requested application slot when registering. The US$5,000 will be credited against the evaluation fee. Other fees may apply depending on the specific application path. See the section 1.5 of the Applicant Guidebook for details about the methods of payment, additional fees and refund schedules. For the low low price of a broken down house!

Reply

[-]

therealperchy22@reddit

More like one month's rent for a studio... Mild hyperbole (well, $5k wouldn't be), but still

Reply

[-]

NuclearBiceps@reddit

There's .sh

Reply

[-]

langlo94@reddit

Now I want the ba.sh domain.

Reply

[-]

Cyhawk@reddit

If you do, redirect it to c.sh

Reply

[-]

PJBthefirst@reddit

ba.bash.sh

Reply

[-]

n3rdopolis@reddit

I want csrss.exe, and smss.exe

Reply

[-]

PJBthefirst@reddit

I'll take ntoskrnl.exe

Reply

[-]

AfternoonFederal6502@reddit

I'll take ping.exe

Reply

[-]

rehab212@reddit

Lsass.exe for the win.

Reply

[-]

Somedudesnews@reddit

I’ll raise you lsass.exe

Reply

[-]

throwawayPzaFm@reddit

Why? Who's going to click those?

Reply

[-]

n3rdopolis@reddit

Because I am more fascinated by those processes more than I should be. Lol

Reply

[-]

CobblerYm@reddit

If you haven't yet, read the book Windows Internals. All the info you want to know about that stuff and more!

Reply

[-]

n3rdopolis@reddit

What edition do you recommend? I think I remember reading that one edition pulled some info, but I could be wrong on that

Reply

[-]

framejunkie@reddit

honestly, any n00b legitimately trying to learn, or simply l33t hax0rs that don't know what they're looking for and click everything that looks h4rdc0r3 tracert hax.

Reply

[-]

RobotTreeProf@reddit

[https://youtu.be/SXmv8quf\_xM?t=62](https://youtu.be/SXmv8quf_xM?t=62)

Reply

[-]

n3rdopolis@reddit

I knew it was going to be that classic. I still don't know how he stumbles across the `tracert` command, and get it totally wrong. Was he trying to run every exe out of System32, with trial and error? Did his bigger brother troll him? Is he trolling us?

Reply

[-]

GBU_28@reddit

Every single member of the sales department

Reply

[-]

CarefulAstronomer255@reddit

'setup.exe' would arguably be the most successful attack.

Reply

[-]

Ams197624@reddit

lsass.exe is much more fun.

Reply

[-]

mavrc@reddit

dibs on not_a_virus.exe

Reply

[-]

4kVHS@reddit

AdobeUpdate.exe

Reply

[-]

TumsFestivalEveryDay@reddit

command.com was always a fun one.

Reply

[-]

jshackles@reddit

This is indeed a terrible decision. Thankfully us as Sysadmins can fight back. Most firewalls / url filtering devices can block entire TLDs - and I'd suggest everyone reading this comment with the power to do so immediately does just that. This will of course, over time, fall into a fine line between "I need to access this website that's blocked" with the security of your endpoint devices. But since this seems to have been made just to be malicious and abused, I doubt very much it would even come to that.

Reply

[-]

Real_Lemon8789@reddit

So, how do you block this? What about all the remote users that are almost always using their company laptops on remote networks?

Reply

[-]

alvarkresh@reddit

I found a ublock origin filter that works: https://news.ycombinator.com/item?id=35977923 (scroll down to near the bottom)

Reply

[-]

Pelatov@reddit

Yup! I’m even going to block these at my house. No way in hell I’m gonna get infected because my wife went to open “newsoftware.zip” and it’s a site at https://newsoftware.zip

Reply

[-]

QuitLookingAtMe@reddit

Dibs on https://update.zip

Reply

[-]

gramathy@reddit

If anyone's curious: It *currently* redirects to a stackexchange article relevant to update.zip for android

Reply

[-]

forte_bass@reddit

Risky click of the day!

Reply

[-]

Gamefan211@reddit

Holy shit I haven't seen this in years

Reply

[-]

forte_bass@reddit

Hah! Wait til i start throwing homestar virus email jokes at you! Alright Edgar, now drop a train on them! (Last scan was NEVER ago)

Reply

[-]

gramathy@reddit

Computer Over?!? Virus equals Very Yes?

Reply

[-]

forte_bass@reddit

That's not a good prize!

Reply

[-]

Borgoff@reddit

Add this site to your bookmarks: https://wheregoes.com/ I'm sure there's some command line wizardry I'm unfamiliar with that serves the same purpose.

Reply

[-]

International-Big-97@reddit

Gramathy, the real hero!

Reply

[-]

Extreme-Yam7693@reddit

>curl https://update.zip

Reply

[-]

hasthisusernamegone@reddit

> curl https://update.zip | bash

Reply

[-]

ueberbelichtetesfoto@reddit

Working as rot so you don't need sudo, eh?

Reply

[-]

hasthisusernamegone@reddit

Shh... Don't give all my secrets away...

Reply

[-]

Prod_Is_For_Testing@reddit

When was the last time you got a virus just from opening a website? A decade ago?

Reply

[-]

thatguyonthevicinity@reddit

yolo for me, but thanks for explaining for everyone else lol

Reply

[-]

MagnificoReattore@reddit

I'll go with final_LAST_finalforreal.zip

Reply

[-]

zuckerballs@reddit

You might be too late -_-

Reply

[-]

PoopyMouthwash84@reddit

How do you block this at home? And is .zip the only one that's going to break things or are there others?

Reply

[-]

Daniel15@reddit

Easiest way on a home network is probably to use something like AdGuard Home or PiHole and add it to the blocklist. PiHole is more well-known, but AdGuard Home is more powerful and supports DNS-over-HTTPS out of the box.

Reply

[-]

PoopyMouthwash84@reddit

I might go the pihole route. I hear that can filter out ad traffic

Reply

[-]

Daniel15@reddit

AdGuard Home can do that too, hence the name. IMO there's no reason to use PiHole since AdGuard Home is similar but has more features.

Reply

[-]

Pelatov@reddit

I block it at home because I run a Palo Alto with a lab license for my home network

Reply

[-]

PoopyMouthwash84@reddit

Palo Alto? iphone dev?

Reply

[-]

Pelatov@reddit

https://docs.paloaltonetworks.com/hardware/pa-220-hardware-reference/pa-220-firewall-overview

Reply

[-]

PMental@reddit

> Thankfully us as Sysadmins can fight back. Most firewalls / url filtering devices can block entire TLDs - and I'd suggest everyone reading this comment with the power to do so immediately does just that. Hats off to our security guys, got a mail this morning, several hours before this was posted, saying they were blocking the TLD in our webfilter.

Reply

[-]

CloudHostedGarbage@reddit

Just discovered it's blocked on ours too. Woohoo!

Reply

[-]

al3arabcoreleone@reddit

Hi sir, non Sysadmin here, How can I block these TLDs from my router ?

Reply

[-]

Kael_Alduin@reddit

Easier to whitelist what you need than deransom your whole setup

Reply

[-]

themeatbridge@reddit

Why would you whitelist a domain run by morons? If they are dumb enough to choose a .zip domain, who knows what other poor decisions they have made?

Reply

[-]

Geminii27@reddit

Because it's your boss's nephew's domain and he has some *really good deals!*

Reply

[-]

sagewah@reddit

Probably to accompany the .biz domain they registered.

Reply

[-]

Matir@reddit

Marketing's gonna pick whatever they want...

Reply

[-]

Kael_Alduin@reddit

I wouldn't. You should not either

Reply

[-]

TheHouseofOne@reddit

I would still download a car if I could.

Reply

[-]

TouristNo4039@reddit

car.zip though?

Reply

[-]

kizzle69@reddit

Car.exe... 32KB.... Using Limewire....

Reply

[-]

Calexander3103@reddit

How else are you gonna download it? Gotta compress the car to fit it in the internet tube!

Reply

[-]

CannonPinion@reddit

Zipcar has entered the chat

Reply

[-]

HildartheDorf@reddit

YOU WOULDN'T DOWNLOAD A CAR.

Reply

[-]

framejunkie@reddit

too good

Reply

[-]

ApricotPenguin@reddit

Nah. As for ~~car.rawr~~ car.rar .... Maybe

Reply

[-]

farva_06@reddit

I would download car.zip, but I would not visit car.zip.

Reply

[-]

TDR-Java@reddit

I might get the „do you really want to open this external source“ system up for it

Reply

[-]

Pseudoboss11@reddit

Sandvik Coromant apparently owns the .sandvik and .sandvikcoromant TLDs. But they also provide their website at https://www.sandvik.coromant.com Any website with a weird TLD will hopefully also be accessible via a traditional TLD as well.

Reply

[-]

firefish5000@reddit

Just to hijack the top comment here. You guys do all know that basically no software ever that you have actually heard of actually auto converts all potential urls to links blindly. They all ONLY convert a small subset of domains that are common enough to warrant auto link creation being marketed as a feature rather than a nuisance. Com, org, gov, net, and some relevant country specific domains and a handful of others. You won't find any programs people actually use that converts abc.cpa for instance. We use dots for other things and while urls are one of them, they aren't strong enough of one that any team would cast a blanket to convert all of them. It's almost always a hand selected subset of popular ones or a library that hand selected some for them. Only libs that do will not be made for communication, but rather url verification and even those tend to use a very narrow subset of urls rather than Iccan. A lazy dev will use a subset bc it's easy. An overthinking dev will because it's all they need and it be annoying if things like let.me.in turned into a link. And a normal declv will either be lazy or use a library that has been well over thought out

Reply

[-]

neoplastic_pleonasm@reddit

> You guys do all know that basically no software ever that you have actually heard of actually auto converts all potential urls to links blindly. Instagram does. I just tried it with notarealdomain.zip

Reply

[-]

FractalParadigm@reddit

Won't be long until it's a thing system-wide on Android if Google wants to push it. Messages already converts potential URLs (just not .zip or .exe *yet*) to links, so if someone was to get a message like "Hey $employee, it's $boss, we need you to send [invoices.zip](https://www.youtube.com/watch?v=dQw4w9WgXcQ) to $customer." and hasn't been properly briefed about the problem, or is one of those types of people with difficulties remembering/understanding these kinds of things, it's a story that writes itself. But the more I've thought about it the worse it gets, there's good chance $employee is either going to follow the link and send its (downloaded) contents to $customer, or simply copy/paste the link and send that, effectively laundering an otherwise malicious file/link to look completely legitimate and causing even greater damage.

Reply

[-]

jpc0za@reddit

I am greatly disappointed that you didn't buy [invoices.zip](https://youtu.be/cvh0nX08nRw) and do exactly that

Reply

[-]

FractalParadigm@reddit

I actually looked into it before posting the comment, someone else got to it last week else I would have. My only hope is that enough 'good' people register the most commonly used domains and can do fun, non-malicious things (like maybe a redirect on [invoices.zip](https://www.youtube.com/watch?v=dQw4w9WgXcQ) for example).

Reply

[-]

jpc0za@reddit

Maybe something like [pricelist.zip](https://youtu.be/Uf3ouaeB6UQ)

Reply

[-]

puhtahtoe@reddit

> no software ever that you have actually heard of actually auto converts all potential urls to links blindly. Twitch chat and/or twitch moderation bots do. I can't count the number of times I've seen someone auto timed out because they accidentally forgot to put a space after a period between sentences and the resulting word.secondword combo was highlighted as a link.

Reply

[-]

puhtahtoe@reddit

> no software ever that you have actually heard of actually auto converts all potential urls to links blindly. Twitch chat and/or twitch moderation bots do. I can't count the number of times I've seen someone auto timed out because they accidentally forgot to put a space after a period between sentences and the resulting word.secondword combo was highlighted as a link.

Reply

[-]

jadkik94@reddit

I've been using very different apps then. There's countless apps that see 3 consecutive numbers and just assume it's a number and makes it clickable. I just tried dot zip on Telegram and it converted it to a link. It doesn't do that for all random 3 characters, so zip must already be in its whitelist somehow.

Reply

[-]

Katana__@reddit

I could have sworn I've seen Teams do it too?

Reply

[-]

Mooshberry_@reddit

You'd be surprised how many don't even check for a TLD. I've seen many a \`word.word\` sequence become blindly hyperlinked.

Reply

[-]

firefish5000@reddit

Obviously I'm wrong. What apps/programs are this badly written anyways?

Reply

[-]

StaffOfDoom@reddit

Anything owned by Facebook…

Reply

[-]

iceph03nix@reddit

I would love to see some major blacklist tracker just list them as "Potentially Harmful TLDs" and be done with it

Reply

[-]

mini4x@reddit

Already done.

Reply

[-]

postfu@reddit

How is it possible that no one registered sysadmin.zip before me just now? Now the only question is, where should I point it?

Reply

[-]

trainmaster247@reddit

[data-report.zip](https://data-report.zip) I've got mine set to download a rick roll zip

Reply

[-]

postfu@reddit

Haha, that's great. Mine's acting all wonky for some reason. I'll have to investigate, it's not behaving like it should.

Reply

[-]

trainmaster247@reddit

Mine took a bit of finagling, I ended up moving to cloudflare for the dns management and that for the https working

Reply

[-]

Reelix@reddit

Since my browser auto-sets https, it doesn't load the page ;D

Reply

[-]

Rude_Strawberry@reddit

Make a porno site

Reply

[-]

officeboy@reddit

This is a PITA issue. I've blocked the TLD at my firewall, but for somereason your zip file downloads fine. I can't resolve u/HanSolo71's pages but your damn zip keeps downloading. /shakes fist at PaloAlto

Reply

[-]

ruralconnection@reddit

I created a URL category for Blocked TLDs and then added *.zip/ Then added this Security Rule: https://imgur.com/vT8bCec

Reply

[-]

HanSolo71@reddit

Mine have no zips on them just redirect to my personal page. I don't want to be malicious lol

Reply

[-]

officeboy@reddit

It's great that you did this so I have a few domains and some "malicious" behavior to check against.

Reply

[-]

HanSolo71@reddit

I had free time and hate money, why not buy some random domains?

Reply

[-]

_aaronallblacks@reddit

Oh file extensions as TLDs now wtf lol Do literally anything else, ICANN allowed this?

Reply

[-]

sys_sadmin00@reddit

I thought IANA were the ones who say yay or nay to these. Am I way off?

Reply

[-]

jamesaepp@reddit

IANA is a department of ICANN so it's almost a tomato/tomato thing here. One is responsible, one is accountable.

Reply

[-]

sys_sadmin00@reddit

I didn't realize that. Thanks!

Reply

[-]

Matir@reddit

ICANN runs the gTLD program.

Reply

[-]

_aaronallblacks@reddit

I could be off myself or they both might be responsible

Reply

[-]

FalconX88@reddit

*.com exists since 1985

Reply

[-]

flunky_the_majestic@reddit

And when is the last time you downloaded a com file? I don't know if I have seen one used outside of a lab situation since 32 bit OS became common.

Reply

[-]

FalconX88@reddit

>And when is the last time you downloaded a com file? Well, I use scientific software which has *.com as their their file extension for control files so yeah I have a couple thousand of those... The point is that TLDs that are the same as file extensions exist for almost 40 years, even if it's a rarely used file extension today.

Reply

[-]

silviustitus@reddit

If anyone wants windows11.zip, I'm taking offers 😘

Reply

[-]

Reelix@reddit

17.000 dollars - Best I can do

Reply

[-]

Fugalism@reddit

If the offer is genuine I have a similar infosec domain for sale like this.

Reply

[-]

Reelix@reddit

Note that the offer is in US Currency Format.

Reply

[-]

Fugalism@reddit

Ah so you're an internet funny man

Reply

[-]

Slasher1738@reddit

Can't believe they allowed this

Reply

[-]

Creshal@reddit

It'll make them shitloads of money. And people desperately googling for "how to remove zip virus" will make them even more money by clicking on malicious ads Google shows them before the search results.

Reply

[-]

stucjei@reddit

Perhaps this is the inevitable end result of Google removing their "don't be evil" clause.

Reply

[-]

Terminal_Monk@reddit

wait till we drop the .exe domain.

Reply

[-]

ElectroNeutrino@reddit

Oh, it can always get worse.

Reply

[-]

augugusto@reddit

"Announcing googles latest TLD 'google'. Does your app use google services? Just make a like and wear it like a badge of honor. Myapp.google.io is just a click away" *Instantly registers com.google*

Reply

[-]

CloudHostedGarbage@reddit

they already have .google - they just don't use it much. https://blog.google/

Reply

[-]

kayjaykay87@reddit

God help us all ... This is not the .onion Fuck I am actually sad about this..

Reply

[-]

MajStealth@reddit

i just looked into some firewall logs, there seems to be a dns.google:53 so i assume google is its own TLD now?

Reply

[-]

HipsterSlug@reddit

Didn't they just remove "don't"?

Reply

[-]

peichma75@reddit

exe available? Rushes to register explorer.exe, svchost

Reply

[-]

fakehalo@reddit

It's funny because .zip is worse than .exe in practical terms, people aren't tossing .exes in emails/conversation... but they sure do pass .zip files around. .txt, .csv, .xls... those should be the next ones heh.

Reply

[-]

uffefl@reddit

Malicious .zip attacks exist. I don't think I've ever heard of malicious .txt or .csv (come on both are plaintext, what could go wrong... doh). Malicious .xls I could easily imagine though.

Reply

[-]

fakehalo@reddit

The extension and type of media is a bonus. In most cases once the user clicks the link the attacker can control the mime/content-type header to control what application tries to open it. .zip and .xls get the perk of an extra attack vector though, and .csv will be opening by excel as well so It's up there too. Guess I shoulda said .doc instead of .txt.

Reply

[-]

SATIRICthrowaway@reddit

I think the previous comment meant those file extensions are already commonly emailed especially with share file or OneDrive links etc. so people won’t even think twice when clicking them. Where exe is not commonly emailed so some users will see it and maybe think twice.

Reply

[-]

uffefl@reddit

Yeah but to make it work as seamlessly as the .zip attack it would have to actually serve the proper filetype. Of course a https://quarterly.xls link could serve a `quarterly.xls.exe` file for a variation on the classic Windows-hides-file-extensions-by-default attack, but browsers usually do warn about .exe downloads to some extent.

Reply

[-]

jarfil@reddit

command.com is already taken.

Reply

[-]

Edexote@reddit

Some people react to money like a shark to blood in the water.

Reply

[-]

hugglesthemerciless@reddit

it's a disease imagine if a monkey was found to be hoarding all the bananas in the jungle while others starved. Scientists would study it to find out wtf is wrong with it

Reply

[-]

Deae_Hekate@reddit

Monkeys, having less qualms about dumb shit like "taking the high road", would have disemboweled the capitalist/oligarch-wannabe monkey long ago as an example to others.

Reply

[-]

NeoQwerty2002@reddit

You overestimate the monkeys' altruism, they'd instead help enforce the bananaligarch's monopoly in exchange for a steady supply of bananas. You think I'm joking but monkeys are primed to use "money" (tokens that can be exchanged for food) and hoard it, and the first thing a female monkey figured out was that she could get the males to give her extra tokens for woohoo. Yes, it was a scientific study and yes, the scientists witnessed hoarding attempts and a monkey prostitution job forming immediately after.

Reply

[-]

calcium@reddit

Can't wait to register win32.exe

Reply

[-]

Sharpymarkr@reddit

Zip it up and buy yourself a domain!

Reply

[-]

calcium@reddit

So win32.exe.zip?

Reply

[-]

Ekgladiator@reddit

Make sure it is a program that automatically deletes system 32, just for good measure! /S Ol googel, how ye hath fallen so far...

Reply

[-]

YetAnotherSysadmin58@reddit

tbf now that I realize the amount of file extensions and tlds I'm actually surprised it didn't happen earlier and I'm worried of how frequent it will become in the future.

Reply

[-]

illhaveubent@reddit

do you remember command.com

Reply

[-]

YetAnotherSysadmin58@reddit

No I'm pretty new to sysadmin and only deal with win10 or more recent. Pretty scary reading on it tho x)

Reply

[-]

Syndic_Thrass@reddit

How about com.com. Actually ran across that one in an investigation

Reply

[-]

jr_sys@reddit

Wasn't that related to downloads.com ?

Reply

[-]

Syndic_Thrass@reddit

Not sure honestly. I remember it was benign but I saw it in logs and was like "wtf is this" I think it was just a parked domain iirc

Reply

[-]

jr_sys@reddit

My memory is foggy, but I remember that if you had an account with them and uploaded something it went to download.com.com, or something weird. Man, that was a long time ago :(

Reply

[-]

Shendare@reddit

I don't remember that, but you might be thinking about when it was first founded by [CNET](https://en.wikipedia.org/wiki/CNET). While Download.com was the brand name and popular landing domain, on the backend the CDN was served through downloads.cnet.com. Clicking through to a download would often send you to a downloads.cnet.com (or downloads.cnet.net) page for a few years during the height of its popularity. Lots of old memories there. I hadn't thought about cnet in so long.

Reply

[-]

OverlordXenu@reddit

>On May 15, 2008, it was announced that CBS Corporation would buy CNET Networks for US$ 1.8 billion.[4][5][43][44] On June 30, 2008, the acquisition was completed.[45] Former CNET Networks properties were managed under CBS Interactive at the time. CBS Interactive acquired many domain names originally created by CNET Networks, including download.com, downloads.com, upload.com, news.com, search.com, TV.com, mp3.com, chat.com, computers.com, shopper.com, com.com, and cnet.com. It also held radio.com until CBS Radio was sold to Entercom in 2017.[46] https://en.wikipedia.org/wiki/CNET i vaguely remember the com.com thing, too

Reply

[-]

Incrarulez@reddit

Yeah, cnet owned them both.

Reply

[-]

Speeddymon@reddit

Yeah just don't type `/com1/com1` followed by the Enter key on Windows 2000 before SP3, or any earlier version of Windows due to a bug that would cause a bsod.

Reply

[-]

amunak@reddit

It's not that big of a deal unless ,out pick some of the worst file extensions for it... Like .zip. Basically anything that people regularly email or send in chat apps is a bad idea.

Reply

[-]

BronzeAgeTea@reddit

Can't wait for .pdf

Reply

[-]

DJOMaul@reddit

I can't imagine Adobe would let that happen. It maybe an open standard but they (Adobe) still hold the licensing and patents.

Reply

[-]

BaconEatingChamp@reddit

> still hold the licensing and patents. Why would that cover a TLD? A TLD isn't a file extension

Reply

[-]

DJOMaul@reddit

I'm not a lawyer, and I'm going to go out on a limb and say you aren't either. But it certainly feels like something Adobe would potentially find in thier interest to discourage, even fight. The biggest difference between the two is that the .zip file extension has been on the public domain since 1989 while the pdf file format is still covered under patents. Adobe still makes money off the pdf format and imagine they would have concerns about the potential diluting of that "brand recognition".

Reply

[-]

calcium@reddit

Looks like they've been at this shit for a while now. Just found out that you can buy a TLD with .台灣 (Taiwan in traditional Chinese characters). https://blog.twnic.tw/en/2019/09/16/13176/

Reply

[-]

nephelokokkygia@reddit

I don't have a problem with that. Not everything in tech has to be anglocentric.

Reply

[-]

AlexanderDaychilde@reddit

Is there something special about that TLD? I ask because there's several hundred TLDs out there already and that's not the first non-English or even non-latin character one.

Reply

[-]

atred@reddit

Wait till you hear about .com...

Reply

[-]

all_of_the_lightss@reddit

custom TLD was a huge mistake from the beginning. Never should have been let out of the bag

Reply

[-]

n-of-one@reddit

Or at least with a lot more restraint.

Reply

[-]

azdood85@reddit

"Work for Google, watch the world burn when not employed by a defense contractor."

Reply

[-]

m0nk37@reddit

Google is supplying them, they are rich enough they dont need permission.

Reply

[-]

jimbobjames@reddit

Gonna buy zip.zip then setup a load of subdomains of zip

Reply

[-]

gex80@reddit

That’s called a zip bomb

Reply

[-]

GrapeAyp@reddit

lol good luck

Reply

[-]

warezeater@reddit

[unzip.zip](https://unzip.zip) anyone?

Reply

[-]

MageFood@reddit

7.zip or win.zip

Reply

[-]

CaseyChaos1212@reddit

I've been tying to block via umbrella and it's just not working [https://docs.umbrella.com/deployment-umbrella/docs/add-top-level-domains-to-destination-lists](https://docs.umbrella.com/deployment-umbrella/docs/add-top-level-domains-to-destination-lists)

Reply

[-]

314ish@reddit

We heard about this one fairly early and are trying to do our part- just finished putting up [this page](https://reddit.exe.zip) as the backend to all the domains I was able to grab. Anyone have better ideas for links?

Reply

[-]

DenseDifficulty8317@reddit

I wanted to see whatd happen if I opened the link on my android phone. It just opened the zip in the sleep as android app. Could so easily be packaged to inject something into apps. This is a security disaster.

Reply

[-]

Bioman312@reddit

IMO the referenced comment isn't the most likely avenue for real-world abuse. [This writeup](https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5) does a great job illustrating the potential for URL confusion outside of the context of auto-linking: > Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe? > https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip > https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip

Reply

[-]

Hale-at-Sea@reddit

MS Teams (at least the android app) already converts file_name.zip to an http url. I wasn't going to worry about it, but now those can be real sites... Any idea on if that can be disabled with a teams policy or on the OS side?

Reply

[-]

TDR-Java@reddit

Network side blocking is currently the way to go (blocks much further then only Teams)

Reply

[-]

DenseDifficulty8317@reddit

Home users tho. Be good if it could be blocked system wide

Reply

[-]

SoftShakes@reddit

If anyone wants to be a hero these are available for $15 year in google domains appleinvoice.zip Microsoftagreement.zip 365update.zip Biosupdate.zip

Reply

[-]

EarlyEditor@reddit

The only downside is this literally feeds them money and encourages the tld doesn't it?

Reply

[-]

FudgeeO98@reddit

why these in particular? just curious

Reply

[-]

SoftShakes@reddit

I just see someone malicious sending an email to end users saying “you need to install this patch for outlook or your computer” etc

Reply

[-]

Elethor@reddit

> 365update.zip > > Biosupdate.zip These two are registered already

Reply

[-]

micalm@reddit

Even the application is bullshit. > 18.a. Mission⁄Purpose of the Proposed gTLD > (...) > The proposed gTLD will provide the marketplace with direct association to the term, ʺzip,ʺ which is often colloquially used to refer to a zip drive, a device used for digital storage. The mission of the proposed gTLD, .zip, is to provide a dedicated domain space in which registrants can enact second-level domains that relate to digital storage offerings and information or provide storage or other services. I don't think anyone associates "zip" primarily with "zip drives" now - or ever.

Reply

[-]

therealperchy22@reddit

Zip was either referring to clothing or the file type once it became common. There weren't enough of people who knew what a zip drive was for that to be a primary association.

Reply

[-]

0x1f606@reddit

The only thing even *slightly* technology-adjacent I can think of would nowadays be Zip pay, but that's a stretch.

Reply

[-]

EarlyEditor@reddit

Yeah a huge stretch but still less of a stretch than zip drive imo. This is a joke. Shouldn't have been allowed.

Reply

[-]

SpicyHotPlantFart@reddit

Yeah, zip drives are nothing more than a stain from a wet fart in the world of storage.

Reply

[-]

EvanH123@reddit

Now we just need .jaz .clik and .ditto

Reply

[-]

yParticle@reddit

Actually counterproductive because they undercut superior technologies like rewritable magneto-optical (RMO) with cheap hardware even though the media cost was far greater.

Reply

[-]

datenwolf@reddit

Let this old man yelling at clouds, who lived through that era, owning Zip and Fujitsu MO drives let you tell this: Zip drives and media you could actually buy in quantity at most every regular electronics store. To buy MO you'd have to go dedicated computer stores, and often they were out of stock. Or you'd order the MO media in bulk. You see, Zip was actively marketed at the consumers, whereas the people in charge of MO were focused on the business and professional sector. Which is tiny compared to the consumer market. For comparison just look how well MiniDisc fared, which is also an MO format, but aimed at the consumer market. This was a self inflicted wound.

Reply

[-]

holly_hoots@reddit

I don't think I've seen a zip drive in over 20 years.

Reply

[-]

GoogleDrummer@reddit

I know I have one in my basement, but yeah, I haven't actually looked at it in a couple years.

Reply

[-]

yajCee@reddit

I had never heard of a zip drive before reading that application, and neither had the people in the room with me. For context, I was at a tech conference when I read it.

Reply

[-]

GoogleDrummer@reddit

I'm in my mid 30's and this made me feel old. Thanks.

Reply

[-]

CarryTheRemainder@reddit

I used to work there (and left because of stuff like this), and marketing/branding people are in charge of custom TLDs. They don’t really think things through and only focus on quarterly launches, which is the be-all end-all for them. I wouldn’t be surprised if someone got a promotion for this.

Reply

[-]

jherazob@reddit

This was decided by a clueless manager over the objections of their tech team

Reply

[-]

opuses@reddit

Wow can you imagine the problems that they’d cause if they made an executable file type a TLD like .com?

Reply

[-]

Fugalism@reddit

At least read the post before making dumb comments

Reply

[-]

opuses@reddit

The edit made after I posted? Didn’t have a time machine at the time of writing, unfortunately. Dumbass.

Reply

[-]

Fugalism@reddit

That edit was made 15 hours ago, you posted 1h ago. Stop lying lmao

Reply

[-]

opuses@reddit

Learn to read, nerd.

Reply

[-]

NerdWhoLikesTrees@reddit (OP)

Lmao you're correct and the other person is wrong

Reply

[-]

rigsta@reddit

Maybe I'm just jaded, but I started to wonder if google has some reason to try and kill the .zip file extension.

Reply

[-]

jarfil@reddit

Did they buy WinRAR or something?

Reply

[-]

droans@reddit

Not even Google's dumb enough to pay for WinRAR. Although on a serious note, they would have to pay if they wanted to use it. WimRAR doesn't care about home users; they just go after companies that are using it without paying.

Reply

[-]

doggxyo@reddit

these people are! /r/PaidForWinRAR/

Reply

[-]

flunky_the_majestic@reddit

I hope they open source it. I'm 9276 days past my free trial expiration and it takes forever to open now.

Reply

[-]

Trash-Alt-Account@reddit

use 7zip

Reply

[-]

getsmartt@reddit

[crack.zip](https://crack.zip) available for $540 per year

Reply

[-]

jacod1982@reddit

Sorry to be pedantic, but .com is a command. .exe is an executable

Reply

[-]

NerdWhoLikesTrees@reddit (OP)

Are you trolling me? Or did you not read the first line of the post lol.

Reply

[-]

jacod1982@reddit

The first line of your post said that .com is an executable, and I was merely pointing out that in DOS, while a .com file is technically executable, the file extension .com referred to a command file, while the extension for an executable was .exe.

Reply

[-]

NerdWhoLikesTrees@reddit (OP)

Thank you

Reply

[-]

marklein@reddit

I don't see why anybody expect users to be more likely to click a link to [documents-backup.zip](https://documents-backup.zip) versus [documents-backup.com](https://documents-backup.com). They'd click either just as happily. I also don't see what automagically makes the the ZIP TLD "trusted". It's still dumb for other reasons of course.

Reply

[-]

cyberentomology@reddit

Because .zip looks like an attachment, not a domain.

Reply

[-]

marklein@reddit

I don't see how the distinction matters. We've trained our users to not click on strange ANYTHING. The users that would still click on whatever.zip would also click on official-Microsft.seriously-not-a-virus.com . That's a user issues not a TLD issue.

Reply

[-]

Reelix@reddit

> We've trained our users to not click on strange ANYTHING. Until someone spoofs the sender with a valid footer and half your domain runs some malware :p

Reply

[-]

marklein@reddit

No different than with a .com domain

Reply

[-]

Reelix@reddit

"Please find the attached zip file" (Showing as file.zip being a link to a domain to bypass your attachment filters) It's far more common than someone saying "Please find the attached com file", or "Please click the following link" (Which may raise alarms)

Reply

[-]

marklein@reddit

Like I've said before, the real problem is dumb users who will click *anything* (and we all have some!). For them there's no difference between official-Microsft.seriously-not-a-virus.com and sign-this.zip *because they don't even look*. That's my point. Regardless, it's beyond trivially easy to block TLDs at the firewall and even at the endpoint if you're running the right software.

Reply

[-]

cyberentomology@reddit

You should know better than to make any assumptions like that about your users. There’s always going to be that one Dave that says “it looked like a zip attachment, and I thought those are safe!” Because they didn’t pay attention during training.

Reply

[-]

therealperchy22@reddit

Worse still, it could be **you** sending some instructions that include the name "update.zip" that gets turned into a clickable link by a client. User is in a hurry/distracted/not reading closely and just clicks what wasn't supposed to be a link, it goes to a malicious https://update.zip that serves them a malicious file that they then run. Sure, there's an argument that clients shouldn't be turning things into clickables as freely, but that requires uniformity between developers. Even with the many standards that exist, when has that ever actually happened?

Reply

[-]

cyberentomology@reddit

You should know better than to make any assumptions like that about your users. There’s always going to be that one Dave that says “it looked like a zip attachment, and I thought those are safe!” Because they didn’t pay attention during training.

Reply

[-]

marklein@reddit

You're just reinforcing my point. Dumb users will click on anything, COM versus ZIP doesn't matter.

Reply

[-]

erythro@reddit

you are pivoting between two contradictory positions: either it doesn't matter, because we train users not to click on any link, or it doesn't matter, because users will click on any link. Maybe your users are super well trained and this doesn't affect you, and maybe there are users who don't show discernment and click on anything - but you should still acknowledge that a feature existing that makes users more likely to trust web links is more dangerous than it not existing.

Reply

[-]

marklein@reddit

> you are pivoting between two contradictory positions: either it doesn't matter, because we train users not to click on any link, or it doesn't matter, because users will click on any link. Those aren't mutually exclusive positions because I don't have ONLY smart users or ONLY dumb users. Smart users have been trained and won't click. Dumb users are dumb and will click on anything. The overall point remains the same, that the ZIP part won't matter.

Reply

[-]

Mithious@reddit

You've missed the point, OP is talking about genuine emails which reference a zip file *and were never intended to be a clickable link*. Those would never have mentioned a .com domain in the first place. Now suddenly file names in emails, instant messaging and various other locations all become links to websites your organisation does not control.

Reply

[-]

marklein@reddit

You're right, I missed that example.

Reply

[-]

Appoxo@reddit

It may be .5% of users that click it more but .5% of the total internet population is still enough.

Reply

[-]

cyberentomology@reddit

Because dot zip looks like an attachment, not a domain.

Reply

[-]

uniquehr@reddit

can't wait for .jpg TDL

Reply

[-]

Sergster1@reddit

Snagged https://freediscordnitro.zip Who ever thought this was a good idea needs a good whacking.

Reply

[-]

Fugalism@reddit

ublock already blocked that for me lol

Reply

[-]

Reasonable_Ticket_84@reddit

I just added rules to the Windows DNS Server to drop the zip and mov TLDs on our network. Ez  >Add-DnsServerQueryResolutionPolicy -Name "BlockZipTLD" -Action IGNORE -FQDN "EQ,\*.zip" -PassThru > >Add-DnsServerQueryResolutionPolicy -Name "BlockMovTLD" -Action IGNORE -FQDN "EQ,\*.mov" -PassThru

Reply

[-]

ConsumeDontThink@reddit

[windows10iso.zip](https://windows10iso.zip) was somehow still available lol. I'm open to offers. Worst case I can use it myself for pentest purposes or something.

Reply

[-]

TimTam4UandU@reddit

How the hell did these TLDs get approved?! I am sure they would have an entire team at IANA/ICANN working to prevent exactly this type of thing from occurring.

Reply

[-]

TimTam4UandU@reddit

How the hell did these TLDs get approved?! I am sure they would have an entire team at IANA/ICANN working to prevent exactly this type of thing from occurring.

Reply

[-]

konaya@reddit

>Until now, such software would convert *hello.com* into a clickable link (since .com is a valid TLD) but would leave *hello.zip* as is (since .zip wasn't one). Well, this is where the actual problem is. Things that aren't URIs shouldn't be interpreted as URIs by some swanky user interface.

Reply

[-]

SDI-tech@reddit

This is a great point. I wasn't aware but knew as soon as I read the title. Really dumb idea to use existing file format extensions.

Reply

[-]

reddig33@reddit

They shouldn’t have made any new TLDs to begin with. It’s a cash grab for something that’s supposed to be non profit. There was nothing wrong with .gov, .org, .com, and .edu.

Reply

[-]

Karmaisthedevil@reddit

Country specific ones have their uses too

Reply

[-]

NerdWhoLikesTrees@reddit (OP)

But I want my .xyz!!! /s

Reply

[-]

binaryhextechdude@reddit

Of all the clickable links in all of the internet you can't possibly expect me to click that clickable link after you just explained how bad clickable links are to click.

Reply

[-]

grumpyfrench@reddit

fire pichai already google

Reply

[-]

tgp1994@reddit

Funny enough- I don't know if it's reddit or just my client, but it hyperlinked hello.zip too.

Reply

[-]

TheSpixxyQ@reddit

Just trying hello.zip hello.mov hello.exe

Reply

[-]

ZenAdm1n@reddit

Sync for Reddit behaves properly. Also unveils rickrolls, FYI.

Reply

[-]

wreckedcarzz@reddit

RedReader, too. All urls are shown below the text. Never gonna dQw4w9WgXcQ, never gonna let you down, never gonna run around and desert you.

Reply

[-]

Cakemagick@reddit

(To the tune of Hello, my Baby)

Reply

[-]

stilettoblade@reddit

What's the proper emoji for "here's an upvote because that was clever but also I hate you now for getting that stuck in my head"?

Reply

[-]

0x1f606@reddit

A combination of 😂 and 😠

Reply

[-]

DrDragonKiller@reddit

r/Angryupvote ?

Reply

[-]

epsiblivion@reddit

Hello my ransom galll

Reply

[-]

aVarangian@reddit

old.reddit doesn't

Reply

[-]

ywBBxNqW@reddit

Neither does the redesign (I just tested it) - must be a mobile client thing.

Reply

[-]

ywBBxNqW@reddit

It's just your client. I'm browsing old Reddit in Firefox on Windows 10.

Reply

[-]

TheOriginalSoni2@reddit

It's not Reddit. It's not hyperlinked for me

Reply

[-]

steveinbuffalo@reddit

I just wholesale block the sketchy ones..

Reply

[-]

Alzzary@reddit

I have a stupid question. How do you block a .zip TLD without blocking... .zip downloads ?

Reply

[-]

nullbyte420@reddit

One is dns, the other is http. Two different protocols.

Reply

[-]

Alzzary@reddit

Ok I'm stupid, I approached this with web filtering although DNS filtering is the way to go :)

Reply

[-]

nullbyte420@reddit

It's much easier since you don't have to decrypt encrypted traffic.

Reply

[-]

Alzzary@reddit

Indeed. I now blocked it.

Reply

[-]

michaelist@reddit

Good God, this is a masterclass in being useless. It's some spreadsheets, what the fuck is so hard?

Reply

[-]

Intelligent-Magician@reddit

Nathan Mc Nulty already posted on Twitter, a how to to block these domains with MDE. [https://twitter.com/NathanMcNulty/status/1657560224977530880](https://twitter.com/NathanMcNulty/status/1657560224977530880)

Reply

[-]

NightOfTheLivingHam@reddit

90% of these new tlds are just spam havens. thanks for the heads up, going to be blocking these tlds. I have yet to get any legitimate mail from any of these new tlds that have been approved in the last 2-3 years.

Reply

[-]

mikbob@reddit

It's very kind of all the spammers to file all their spam under .beauty for me

Reply

[-]

delightfulsorrow@reddit

Got any new TLD broadly used at all? I mean for anything legit? Ever?

Reply

[-]

therealperchy22@reddit

The closest is probably .xxx, which is hilarious given the uproar about it.

Reply

[-]

delightfulsorrow@reddit

> which is hilarious given the uproar about it. What? There is porn in the internet? How can that be! :)

Reply

[-]

Le_Vagabond@reddit

> EDIT: There were questions whether a zip file can be downloaded by simply accessing the root of a domain so I registered the domain and created a simple demo here: documents-backup.zip what questions? it's trivially easy to make something that serves files according to ingress domain and have it run under all the .zip you can buy, as demonstrated half a second later by the guy. this is going to be a major issue :)

Reply

[-]

sefocs@reddit

I never understood why most browsers automatically start downloads without asking the user as a default setting. Maybe it's finally time to change that default. This has been a major security risk for a long time now.

Reply

[-]

jarfil@reddit

Because browsers that used to ask before downloading, ended up with all their users clicking on "don't ask again".

Reply

[-]

Whitestrake@reddit

This is because, in the users' minds, they already initiated the download by clicking a download button. It's a hard problem to solve; how can the browser tell the difference between a user-initiated download and one that the user didn't do anything to prompt? Pages that initiate downloads automatically _might_ still have been user-initiated by navigating there from another page, such as download landing pages (e.g. "Your file should begin downloading immediately. Click here if it doesn't."). And because the problem is not solved, we ended up with lots of user-initiated downloads that got double prompted, creating friction, so users sought to remove the annoyance.

Reply

[-]

kz393@reddit

> It's a hard problem to solve; how can the browser tell the difference between a user-initiated download and one that the user didn't do anything to prompt? Well, in my case Firefox sometimes asks where I want to save a file, and sometimes it doesn't and just downloads it. I still haven't figured out the pattern, but in the case of that .zip domain it asks me to pick a location first.

Reply

[-]

Whitestrake@reddit

That's a function of the filetype, actually. In Firefox, just go to Settings and scroll down to Files and Applications. There's a box where you can specify, by content type, what Firefox should do (save it straight away, open it in Firefox or another application, or always ask). At the bottom you can tell it what to do with all non-specified types.

Reply

[-]

Ruben_NL@reddit

I don't care about it downloading, as long as it doesn't auto-open. I haven't heard of a virus that runs without opening yet.

Reply

[-]

bishop40404@reddit

I remember crashing Windows several times with incomplete .avi files. Explorer would helpfully try to parse the file for length and quality, then crash because it couldn’t find the index at the end of the file. Had to go to a command prompt to delete them. Yes, there are ways files are opened without user interaction / without user knowing.

Reply

[-]

tfpZeroDay@reddit

That would be a windows problem though, not browser. Windows should not do things that user not requested such as hiding extensions, or like your example scan for files. Even if they are scanning, in a workflow, it's expected that there would be incomplete or malicious files. Mitigations are simple enough again, don't interact with the file and implement max tries

Reply

[-]

sefocs@reddit

>I don't care about it downloading You should, seriously. The downloaded file may not be executed automatically. But it's entirely possible that another application that is executed from within the downloads folder automatically loads adjacent dll or exe files. If one of these is a malicious file that was automatically downloaded, it can be a huge security risk.

Reply

[-]

jantari@reddit

'member IE? I 'member.

Reply

[-]

uffefl@reddit

Well in this case somebody clicking a link to documents.zip in a mail would actually expect a download to start (since they'd probably think it was just a shortcut to an attachment or something) so I don't think browser defaults are to blame here. To handle something like this browsers would at least need to block downloads from happening directly on a domain (ie. no path component to the URL). That would probably catch most _unintentional_ phishy links.

Reply

[-]

Probably_a_Shitpost@reddit

thank you. this is now blocked on our networks.

Reply

[-]

ComeAndGetYourPug@reddit

We might as well do a TLD whitelist. There's currently ~1600 but it seems like only a fraction of those would ever be commonly accessed in a workplace.

Reply

[-]

AfternoonFederal6502@reddit

Such as .porn and .xyz

Reply

[-]

nullbyte420@reddit

Daddy sysadmin please open up the .porn tld again it's uh used by a client 🥺

Reply

[-]

LeaveTheMatrix@reddit

Be interesting to see how it will handle .zip on the OS side in file manager. If you currently type download.com into a file explorer window, it will open internet browser and go to https://download.cnet.com/ as expected. If you place a file called test.txt into c:\ , navigate to that location in file explorer and type in test.txt it will open the test.txt that is in c:\ as expected. So if you were to do the same with test.zip, how will it know if your trying to open test.zip or trying to go to the domain test.zip? A potential issue here is if you THINK your in the folder containing test.zip but are not then it could try to go to test.zip domain where malicious files can be downloaded instead of your expected test.zip file. It probably won't be too long before we see common .zip and .mov file names be registered as domain names as well, which will potentially lead to malware being downloaded by unsuspecting users.

Reply

[-]

rafalmio@reddit

Yes, this move will make cybersecurity firms make more money = more tax = more profit. The same way antivirus companies can create a virus and magically get rid of it by using own software.

Reply

[-]

michaelpaoli@reddit

>A **significant** amount of software automatically converts parts of text that *appear* to be URLs (even without an explicit protocol) into clickable links A significant amount of software is stupid - try not to use stupid and dangerous/hazardous software.

Reply

[-]

firefish5000@reddit

I think your panicking too much. Most software I know of does NOT blindly accept any told, only a few select popular ones. Anything besides .com, org, edu, gov, country, and a handful of others needs the protocol explicitly. abc.cpa probably won't do anything but abc.com will for instance. You will not find ANY popular or even half decently written software that does as you fear. People use dots for a lot of things and linking to sites is pretty low on a list of things we need support for. Sure, one of the most common, but for software that is explicitly made to help people communicate with each other these auto conversions are a convince feature, not something they want obnoxiously turning every apparently a domain thing into a link for. Devs are not stupid and if they are no one you know is using their product

Reply

[-]

Extreme-Yam7693@reddit

slack.

Reply

[-]

Reelix@reddit

twitter

Reply

[-]

MiataCory@reddit

Google's just trying to eliminate zip files, but in a sneaky way. Fuck zip files, all my homies hate zip files.

Reply

[-]

Reelix@reddit

What form of compression do you use then?

Reply

[-]

Virtual_Low83@reddit

Screw ICANN

Reply

[-]

Karfedix_of_Pain@reddit

> ...software would convert hello.com into a clickable link (since .com is a valid TLD)... Isn't this potentially the same issue? `.com` is an executable suffix on Windows machines, isn't it?

Reply

[-]

da_chicken@reddit

Yeah, but if you click on documents.com, you don't expect to get a file downloaded. You expect to navigate to a website, so it's immediately suspicious. If a file is downloaded. You *do* expect to get a document clicking on documents.zip. That means you can serve up a document without the recipient realizing it wasn't an email attachment.

Reply

[-]

jantari@reddit

> That means you can serve up a document without the recipient realizing it wasn't an email attachment. What exactly do you mean with that? Do you mean as a .zip link in the email body (which is very different from how an email attachment would be presented to a user)? But you could always do [invoice.pdf](https://www.youtube.com/watch?v=ETfiUYij5UE) in HTML.

Reply

[-]

ChristophCross@reddit

Yes exactly that. But this is slightly different for a couple reasons: 1. Mouse over the url would show something with the expected extension & 'file' name, so may be more easily duped 2. The user is expecting to download a file when they click the link (if the company uses a web access SharePoint, opening the browser may also be within expectations) 3.The hypothetical bad-actor could name the download file to match the name of the link, e.g., "document-backup.zip", allowing it to slip yet further under the radar 4. Most people, especially the non-technical but still security cleared individuals, aren't yet aware and on the look-out for the issue and may be a under false sense of security. Zip is especially worrying because it is used at all levels of an organization, and by (nearly) ALL levels of tech literacy in the modern office. This is a real mess.

Reply

[-]

Cormacolinde@reddit

.com files are filtered by Windows and you cannot just double-click them if they were downloaded from the internet, and their download is blocked by most AV and EDR on the market.

Reply

[-]

flunky_the_majestic@reddit

Mark of the web

Reply

[-]

simask234@reddit

Yes, `.com` goes back to the DOS days, (but an application with `.com` extension does not necessarily have to be a 16bit DOS program). `.pif` and `.scr` are also executable. (Yes, screensavers are just a `.exe` with a special header)

Reply

[-]

rustyflavor@reddit

It goes back further than the DOS days, the .COM extension in DOS was inspired by the DEC VAX machines of the late 70's.

Reply

[-]

Mothringer@reddit

The name goes back to then purely as an homage, but the actual format only goes back to CP/M. VAX com files were the OS's equivalent of batch files, not full-fledged executable files.

Reply

[-]

VulturE@reddit

If you users can execute .com files, you have bigger issues to worry about. .zip and .mov are issues simply because the extensions locally are things users should be able to run on any computer.

Reply

[-]

m0nk37@reddit

We just need to update the single regex command everyone uses because nobody has the capacity to learn regex these days. Just make it not link zip tlds without www. Or http:

Reply

[-]

jonblackgg@reddit

I just finished setting up [nuke.zip](https://nuke.zip) as a satirical "Zip bomb as a service" site.

Reply

[-]

jmbpiano@reddit

Fun fact of the day: 7.zip has a SOA record, as does 9.zip, but not 8.zip.

Reply

[-]

private_entity@reddit

andl also [seven.zip](https://seven.zip)

Reply

[-]

AfternoonFederal6502@reddit

That redirects to 7-zip.org

Reply

[-]

jrcomputing@reddit

And here I am just wanting .ing to get released.

Reply

[-]

TDSheridan05@reddit

This sounds like the definition of creating more (cybersecurity) work for yourself (and the IT industry)

Reply

[-]

dezmd@reddit

Someone posted this on another sub and it was getting brigaded by something to downvote sentiment against the ridiculous goddamn new tlds. This is going to be bad for phishing emails.

Reply

[-]

guest13@reddit

Honestly surprised pronhub hasn't lobbied for a .jizz TLD yet, I figure they might as well since TLD's are a joke anyway at this point.

Reply

[-]

corkyskog@reddit

I thought it just costs a shit load of money?

Reply

[-]

stick-insect-enema@reddit

They could get un.zip

Reply

[-]

d1smalnow@reddit

.cum

Reply

[-]

ganymede_boy@reddit

.fap

Reply

[-]

Cachar@reddit

In the case of United Nations vs. PornHub, the ICANN Domain dispute resolution finds only silliness.

Reply

[-]

jantari@reddit

there's plenty of nsfw TLDs already I don't think we really need more

Reply

[-]

janbacher@reddit

What is wrong with this entire premise that AV software cannot detect a file type or cannot detect a domain name within a URL? The extension means nothing.

Reply

[-]

ipaqmaster@reddit

Can’t wait for these two to ***immediately*** join all those other 2 and 3 letter throwaway TLDs in existing enterprise anomalous-activity-detecting AVs who already throw alerts when they see the other shit ones.

Reply

[-]

-aledo@reddit

.com is an executable file extension.

Reply

[-]

ZAFJB@reddit

Blown up by this nonsense: https://financialstatement.zip/ Discussed here: https://www.reddit.com/r/programming/comments/13fsvl5/the_zip_tld_sucks_and_it_needs_to_be_immediately/ There is no additional risk. >created a simple demo here: documents-backup.zip ... is complete nonsense. Here another demo [documents-backup.zip](documents-backup.zip)

Reply

[-]

eddyjay85@reddit

He is rickrolling you don't waste your time

Reply

[-]

louis-lau@reddit

His entire point is having a clicked link not behaving as expected is nothing new. A Rick roll is a perfect example of that.

Reply

[-]

uffefl@reddit

The OP is not talking about explicitly crafted links. Having links with misleading text and bad targets is nothing new and the `.zip` TLD does indeed not change this. The point is that text that would otherwise be innocous (eg. "check the attached example.zip for more info") can now, without explicit user action, become a link. And while this could already happen, with sufficienly bad mail clients/chat clients/social media sites, previously these links would not lead anywhere. But now phishy people can buy example.zip and serve up malicious files and in a context where people are expecting to download a zip-file so unless the user is extra way it may seem completely legit.

Reply

[-]

louis-lau@reddit

I get that. This new TLD exposes bad application behavior. I'm not sure it's fair to blame that on the TLD though, like everyone is doing.

Reply

[-]

therealperchy22@reddit

It doesn't add anything of benefit (other than for Google as a potential revenue source), while opening up an old attack vector in a sort of new way. Honestly, I genuinely wonder if people at Google thought this sort of reaction would happen, with a number of people going in to buy a variety of domains for their exportability (whether they intend to use it as an exploit or not).

Reply

[-]

elislider@reddit

Ugh why the fuck

Reply

[-]

BoredTechyGuy@reddit

Nice try! ;-) In all seriousness though, you make a very valid point. This will become a PITA to manage.

Reply

[-]

Pseudoboss11@reddit

There are so many unused TLDs. If we blacklist it now, hopefully anyone who wants a .zip website will also have a more normal one as well, like how Sandvik Coromant owns the .sandvikcoromant TLD, but doesn't use it enough for it to appear anywhere, instead their website is sandvik.coromant.com.

Reply

[-]

AlphaO4@reddit

Sometimes my jonb (a red teamer), really works itself lmao

Reply

[-]

esorciccio@reddit

(sorry I'm not a sysadmin) can I keep at least my desktop safe by adding "0.0.0.0 .zip" to the hosts file? cons?

Reply

[-]

therealperchy22@reddit

I believe the main con is that it won't work. The hosts file is for listing specific host's IP addresses, and so doesn't typically support wildcard matching. You can add: > http://**.**.zip > https://**.**.zip to your ablock scripts (assuming ublock origin or compatible). There's also ways of doing it Window's security options, but I can't recommend any method as a Linux user.

Reply

[-]

bermudi86@reddit

Do we even need so many new TLDs? It's there any similarly to the lack of ipv4 addresses? WTF???

Reply

[-]

wgc123@reddit

No relevance to IPv4 addresses. It’s a landgrab someone wants more money I don’t know if companies still do this, but quite a few years ago I worked for a company that bought every variation of their name and sone typos, for every country they did business. There were hundreds, but they decided it was worth it to help maintain trustworthiness Then new TLDs started opening up, which meant they would need to buy ever more, else risk imposters damaging their reputation. However that’s when they finally realized it was an unsustainable way to protect themselves.

Reply

[-]

port53@reddit

For ccTLDs, you have no choice. But if you have more than a local presence you're much better off setting up a dedicated site per country and localizing it to their needs. One quick way to lose business is to direct customers to a single site that doesn't localize contact info. For new TLDs, you can [register your trademark once to cover all new gTLDs](https://trademark-clearinghouse.com/content/trademark-clearinghouse-fees). No need to chase them all down. Part of the registry agreement for new gTLDs is they follow and honor this system.

Reply

[-]

boli99@reddit

> Do we even need so many new TLDs? apparently 'yes', because 'money' they're the shitcoins of the DNS industry.

Reply

[-]

Dependent_Hold8463@reddit

How long before .LAN and .LOCAL? Might as well mess up the local networks while we are doing things. And yes I did go and check to see if I could register either for my local domain. No luck (yet).

Reply

[-]

TehWhale@reddit

.dev already exists and did break a number of things

Reply

[-]

TopHatProductions115@reddit

I'm starting to get tired of these irresponsible decisions. Why can't we have a standardised list of acceptable file extensions and TLDs, that don't overlap and cause confusion?

Reply

[-]

ruttin_mudders@reddit

.zip? Are they high?

Reply

[-]

constantstranger@reddit

It's a scheme for herding ourselves into corrals per highly relevant demographics.

Reply

[-]

hotdwag@reddit

Windowsupdatenobloat.zip/ramupgrade.Msi

Reply

[-]

janhy@reddit

Isn’t this already a problem for people who don’t check the links? I can create anything.zip and link that to anything already?

Reply

[-]

a_shootin_star@reddit

you da real MVP

Reply

[-]

powercow@reddit

Id love to hear from supporters. I have to believe that detractors spoke up when this was discussed and we seem to all agree its a bad idea, so id love to hear from the supporters, their winning argument on why this might be a good thing or even needed what so ever.

Reply

[-]

NerdWhoLikesTrees@reddit (OP)

So far in the comments I haven't seen anyone comment support of it, just people saying "it's not a big deal". I'm also interested in hearing from supporters

Reply

[-]

JustZisGuy@reddit

The only people supporting this are too busy rolling around in their piles of cash to comment on Reddit.

Reply

[-]

InitializedVariable@reddit

I downloaded the liked archive and ran the recovery tool (all after disabling my antivirus, as stated), but nothing happened. What should I do now?

Reply

[-]

TrueStoriesIpromise@reddit

Now, you need to buy some itunes gift cards and send me the numbers.

Reply

[-]

PC509@reddit

Ah, you work for the IRS?! I'm not falling for this one again!

Reply

[-]

ApostropheusDeletus@reddit

Hello, I am Joel Bihdahn, president of the United S of A. Do not worry my friend, the IRS is no longer involved and I am here to help you do the needful with Jason's Deli giftcards.

Reply

[-]

jmcgit@reddit

Okay, thank you for your service sir. I redeemed the gift cards, what do I do next?

Reply

[-]

ApostropheusDeletus@reddit

WHAAAAAAAAAAAAAAT I TOLD YOU NOT TO REDEEM IT WHY DID YOU REDEEM IT YOU MOTHER BITCH WHYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY WHY DID YOU REDEEM IT I TOLD YOU NOT TO REDEEM IT

Reply

[-]

Yum-z@reddit

WHY DID YOU DO THAT. WHYY DID YOU DO THAT. WHYYYYY

Reply

[-]

100GbE@reddit

YOURE BREAKING THE CARDS SAMIR!

Reply

[-]

SoldierHawk@reddit

Oh I have a new fun thing to do next time I get one of those scams.

Reply

[-]

NotFlameRetardant@reddit

SIR, SIR. Do you have a Target or Walgreens store nearby?

Reply

[-]

speakeasyboy@reddit

Does anyone know what "the ICSS" is that is referenced in this article? https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/

Reply

[-]

Echo71Niner@reddit

Haha .Zip when is .exe coming

Reply

[-]

flunky_the_majestic@reddit

I believe ICANN has a comment period during the approval process on TLDs, but I am having trouble finding them now. The .zip application details are here: https://gtldresult.icann.org/applicationstatus/applicationdetails/535

Reply

[-]

slater126@reddit

it was approved back in 2014, google only just opened up public purchasing of domains recently IIRC

Reply

[-]

groupwhere@reddit

.com was also a problem back in the day due to its use for batch files.

Reply

[-]

Taladar@reddit

It wasn't batch files, it was small executables that could be loaded directly without all the headers necessary for .exe

Reply

[-]

TouristNo4039@reddit

Would those work on Linux?

Reply

[-]

HildartheDorf@reddit

In theory yes you could add a binfmt for .com, in practice no. And even if they ran, the interface between userspace and the OS would be completely different. Some configurations for linux would allow old formats like a.out or COFF, but most desktops only run ELF files by default.

Reply

[-]

Taladar@reddit

You can also use the binfmt_misc mechanism to run e.g. arm binaries on x86 via an emulator like qemu. So you could probably use wine or dosbox or something similar to get .com or .exe files running directly.

Reply

[-]

jarfil@reddit

No, unless in a DOS emulator. Linux expects executables in ELF format, and the Linux syscall is int 80h instead of DOS's int 21h.

Reply

[-]

groupwhere@reddit

Yeah, you're right. I misunderremembered.

Reply

[-]

RedKnightBegins@reddit

That’s how cmd extension came into existence?

Reply

[-]

ch1llboy@reddit

https://en.m.wikipedia.org/wiki/DOS

Reply

[-]

groupwhere@reddit

And other stuff.

Reply

[-]

ctrl_alt_lynx@reddit

Can't wait for .exe and .dmg

Reply

[-]

admincee@reddit

What an actual nightmare.

Reply

[-]

GreenWoodDragon@reddit

Next up... .pdf

Reply

[-]

bshea@reddit

What gives? No .HTM, .PHP, .JPG or .PNG domains? I mean if you are gonna keep trying to break things why not do right and all at once? <sigh>

Reply

[-]

Pallidum_Treponema@reddit

For a while back in the 90s, I owned the domain guestbook.pl, with predictable results. Yeah, this is a bad idea.

Reply

[-]

Skullpuck@reddit

I thought I didn't read that right... They are making TLD's out of .zip and .mov? Are they fucking nuts? They must be hoping AI will save everyone from the enormous amount of shady websites, links, and other crap that's going to come from this. This is a terrible decision. Let's do .exe next. Maybe .bat.

Reply

[-]

louis-lau@reddit

You can already make href tags say whatever you want... The only issue here is software automatically making stuff links that shouldn't be links. That's an issue that should be solved in that software anyway, even without this new tld. I just don't really see that much of an issue.

Reply

[-]

Administratr@reddit

Great work, Google.

Reply

[-]

TheLightingGuy@reddit

Did we break your test website? It's just spinning for me :)

Reply

[-]

IustinRaznic@reddit

how in the WORLD would one think this is a good decision?

Reply

[-]

whyareyouemailingme@reddit

I get the security risk and it’s incredibly scary and disappointing, but as someone working in film and TV, I’d love myname.mov (not a real link) for the novelty.

Reply

[-]

wgc123@reddit

They don’t have to be three characters long, although I suppose myname.movie is no different

Reply

[-]

whyareyouemailingme@reddit

I mean… it’s the most common wrapper in post-production and drp and bljob are probably too niche lol.

Reply

[-]

ku3i@reddit

I wonder if this could be combine with the old cute-cats.mov.exe(hidden file extensions on windows) trick to make it look like you are opening a video instead of a program somehow?

Reply

[-]

meeu@reddit

Seems like a big nothing burger

Reply

[-]

sldrfounder@reddit

Lol, I'm not clicking on your demo link after reading the whole post! :P

Reply

[-]

prestigious_delay_7@reddit

What kind of assholes make these decisions? Like I honestly feel like the people calling these shots have no fucking clue what they're doing.

Reply

[-]

aVarangian@reddit

you weren't kidding when you said clicking the link would instantly download a file guess I should enable the "save as" prompt for everything, fml > but it will be a malicious file from a third-party, not from the author of the message or a post eh, thus far 100% of my experience with this kind of thing it was in the fact the author of a post and virustotal even said it was fine

Reply

[-]

maztron@reddit

Block zip files at your perimeter.

Reply

[-]

silentdon@reddit

Next we'll have an xlsm or exe TLD

Reply

[-]

Pazuuuzu@reddit

How much was the domain?

Reply

[-]

BloomerzUK@reddit

$15 for a year!

Reply

[-]

SK4T3RG4M3R@reddit

No ones mentioned .app? If an app renders links without the https:// prefix, that should be the app’s fault, not ICANN or Google’s

Reply

[-]

DungaRD@reddit

Invoice.zip O dear, i'm longing for those days of WordPerfect 5.1. Just text only and some highlights but come on no clickable link. Too dangerous nowadays.

Reply

[-]

DungaRD@reddit

Invoice.zip O dear, i'm longing for those days of WordPerfect 5.1. Just text only and some highlights but come on no clickable link. Too dangerous nowadays.

Reply

[-]

DungaRD@reddit

Invoice.zip O dear, i'm longing for those days of WordPerfect 5.1. Just text only and some highlights but come on no clickable link. Too dangerous nowadays.

Reply

[-]

mrzaius@reddit

Well said - Echoed on /r/bestof

Reply

[-]

_aaronallblacks@reddit

Oh file extensions as TLDs now wtf lol Do literally anything else, ICANN allowed this?

Reply

[-]

Dolapevich@reddit

It is as the author does not know what content/type representation header or href tag is. If any software assumes whatever about a text is any software issue. If a user clicks a .zip domain thinking it is a file, it is a user issue.

Reply

[-]

AnApexBread@reddit

Whelp time to block this entire TLD.

Reply

[-]

Fallingdamage@reddit

Time to add more custom regex strings to my spam content filtering..

Reply

[-]

esabys@reddit

$$$$$$$

Reply

[-]

SandyTech@reddit

This isn't going to end well.

Reply

[-]

OtisB@reddit

mother fucker...

Reply

[-]

VexingRaven@reddit

Honestly I'm not sure these scenarios are that realistic as threats. If somebody was willing to download a random documents-backup.zip, and you... unknowningly redirect them to a random documents-backup.zip... Congratulations on deceiving them into doing what they were already doing I guess? This seems like anyone who falls for this was likely already in the middle of falling for a phish and the new gTLD didn't really help any.

Reply