Google’s .zip
-
Two weeks ago, Google Registry announced a set of new TLDs:
Two of these have drawn the ire of techy security people: .zip and .mov. The drama is summed up as follows: financialstatement.zip
TLD;R: software that helpfully adjusts URL-looking things into clickable URLs is now going to have reason to amend any mention of a zip into a link that opens something the mentioner of the zip probably didn’t intend. For example, an email that says “You’ll find more information in financialstatement.zip” which is actually referring to an attachment, but looks for all intents and purposes like a useful link.
I was going to upload a megascreenshot with some superfluous despairing but other real examples, because whoever put it together was apparently somehow unaware of “links,” but evidently it’s too for :
So instead, have a real zip with it inside:
Some select excerpts (i.e. screenshots of a screenshot of screenshots):
Squatting on steroids! I’m sure Google is loving the extra cash injection.
-
-
And of course, some outlets are suggesting this is fine because “after all this wasn’t a problem with .com and Windows”… uhhhhh I don’t quite know how to break it to you, sport, but that’s completely different.
Google also added .mov which is not used for media content at ALL. Nosiree, no.
-
@kazitor Also, you can do something like this:
https://legitimate.domain⁄path∕@malicious.zip
which abuses the username@domain part of a URL.
NodeBB seems to be smart about it, fortunately:
-
@Zecc And doing a mouseover in the browser shows that the link is, indeed, to malicious dot zip.
EDIT: bah. corrected "zop" to "zip"
-
@Zecc said in Google’s .zip:
NodeBB seems to be smart about it, fortunately:
-
@kazitor as if a link to innocent_lookink_file.zip wasn't already possible
-
There currently are 2,753 domains ending in .zip
2 have been identified as potentially malicious
48 are being used for Rick-Rolling
The remainder are either parked, return an error or have "unknown behavior"
-
@Gern_Blaanston said in Google’s .zip:
There currently are 2,753 domains ending in .zip
2 have been identified as potentially malicious
48 are being used for Rick-Rolling
The remainder are either parked, return an error or have "unknown behavior"Working as designed
-
@LaoC said in Google’s .zip:
Working as
designedshat out by some tech bros "You know what would be, like, fucking cool, man? Listen..." during lunch break
-
@Applied-Mediocrity said in Google’s .zip:
@LaoC said in Google’s .zip:
Working as
designedshat out by some tech bros "You know what would be, like, fucking cool, man? Listen..." during lunch break
Dunno, I think the majority of tech bros @ are well aware what a shitty idea this is. This whole proliferation of TLDs is driven by marketing.
-
@sockpuppet7 said in Google’s .zip:
@kazitor as if a link to innocent_lookink_file.zip wasn't already possible
It was. But you had to create it explicitly, and a lot of people have already learned not to trust links from people they don't know, reducing the effectiveness of the technique. But this will make things automatically turn into links unintentionally, so there is a risk of malicious links accidentally appearing a context where the users don't think they need to be careful.
-
@kazitor said in Google’s .zip:
.zip and .mov
I'm not sure I even understand the rational for having such TLDs?
I get
.phd
,.prof
or.esq
(or.dad
though that is a bit weirder), those might be used for vanity pages. "My personal page is athttp://john.smith.phd
," OK, why not. I wouldn't do it, but I can understand that some people would want to.But what legitimate use would you have for a TLA that is so strongly associated to existing file extensions and nothing else (yeah, yeah, "zip" was a word before being a file type but not used to the point of having a need of a TLD)? If there is a good reason for that, why didn't they also open
.txt
,.jpg
or.exe
TLDs? Those are far more frequently used than.zip
or.mov
so any legitimate reason that would hold for these would also hold for those.Either I'm totally missing something, or that doesn't make sense. Which, in the current state of the
techworld, sadly is not so unlikely.
-
@remi said in Google’s .zip:
@kazitor said in Google’s .zip:
.zip and .mov
I'm not sure I even understand the rational for having such TLDs?
It's yet another virtual space you can enclose, parcel up and sell. That's it.
-
@LaoC sure but then why didn't they open bazillion of others? Typically like
.jpg
, I can see more demand for that than.mov
. Or.pic
if somehow.jpg
is still a or similarly protected.
-
@remi Leave something for the next round of disruptive innovation.
-
@remi said in Google’s .zip:
@LaoC sure but then why didn't they open bazillion of others? Typically like
.jpg
, I can see more demand for that than.mov
. Or.pic
if somehow.jpg
is still a or similarly protected.Because … they did? (I didn't know that existed, I just guessed. There really is a bazillion of BS TLDs by now)
-
So they just grabbed a few TLDs that weren't yet used rather than randomly picking out of a nearly-infinite field of possibles. OK, that makes more sense now. Well, not much, but as much as can be expected, I guess.
-
@LaoC said in Google’s .zip:
Because … they did? (I didn't know that existed, I just guessed. There really is a bazillion of BS TLDs by now)
I was hoping nic.pics would show lewd photos of network cards, but I was disappointed.
I expect one of us will try grabbing nit.pics now I've mentioned it.
-
@Zecc said in Google’s .zip:
I expect one of us will try grabbing nit.pics now I've mentioned it.
"This domain is already reserved."
This is nit.funEdith:
-
@LaoC I didn't check if it was reserved, tbh. I only checked the browser couldn't find the site.
-
@LaoC Thanks for meeting my expectations, btw. Someone did try to grab it, after all.
-
Remind me when there's grib.nit available. We should register it under the name of Mike Patton.
-
.zip
is actually a very good top level domain name, because we all know about the properties of zippers:
-
If we’re going for .zip, can we also have .sit, .lha, .rar, .7z, .tgz, .tbz, .arj, .arc, and for shits and giggles, .ex_
-
@Arantor Let's invite the End Of The World and go for .html
-
@dkf I like the way you think.
-
@dkf said in Google’s .zip:
@Arantor Let's invite the End Of The World and go for .html
Beyond that also:
.htm
,.php
,.asp
,.aspx
...
that will be fun
-
@BernieTheBernie quick let’s give them all the ideas!
-
-
@topspin yes.
-
@BernieTheBernie said in Google’s .zip:
Beyond that also:
.htm
,.php
,.asp
,.aspx
...
that will be funNext thing you know someone is going to create
.pl
!
-
@bugmenot this was literally cited in the thinking as “why it isn’t a problem to make .zip”
Also who even uses Perl any more?
-
@bugmenot said in Google’s .zip:
@BernieTheBernie said in Google’s .zip:
Beyond that also:
.htm
,.php
,.asp
,.aspx
...
that will be funNext thing you know someone is going to create
.pl
!Take care of the Goose!
-
@BernieTheBernie but Serbia is quite a bit away...?
-
@remi said in Google’s .zip:
yeah, yeah, "zip" was a word before being a file type but not used to the point of having a need of a TLD)
Maybe it's for all the zip-lining companies?
-
@Arantor said in Google’s .zip:
@BernieTheBernie but Serbia is quite a bit away...?
Top level domain of Serbia is
.rs
. Somehow I fail to misunderstand ?
-
@BernieTheBernie The extension used by Rust files, which is as I recall a favourite pastime of the goose.
-
@Arantor Deep.
-
@Arantor The domain is also used for quite a few Rust-related sites and projects (https://lib.rs, https://docs.rs etc.).
-
@Applied-Mediocrity I realise that the Reader’s Digest has a page for people like me.
-
@Bulb They didn't choose
.ru
for some reason
-
To be fair with the developer goodwill around Rust, I’m almost surprised someone hasn’t stumped up for .rust at the point.
-
@Arantor
.rs
is shorter, already established and did not require the kind of coordination buying a new TLD would.
-
@Bulb hence the almost.
-
@Arantor said in Google’s .zip:
To be fair with the developer goodwill around Rust, I’m almost surprised someone hasn’t stumped up for .rust at the point.
They were a few years late to the gTLD party.
-
@LaoC said in Google’s .zip:
@Gern_Blaanston said in Google’s .zip:
There currently are 2,753 domains ending in .zip
2 have been identified as potentially malicious
48 are being used for Rick-Rolling
The remainder are either parked, return an error or have "unknown behavior"Working as designed
Less than 2% used for Rick-Rolling. I am disappoint.
-
@Arantor said in Google’s .zip:
,,, the Reader’s Digest has a page for people like me.
People old enough to know what Reader's Digest is?
-
@bugmenot pl is already a national domain for Poland :)
-
@takashipl said in Google’s .zip:
@bugmenot pl is already a national domain for Poland :)