On May 3rd, Google released 8 new top-level domains (TLDs) – these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.
Usually, this should be a cool info, move on with your life and largely ignore it moment.
Except a couple of these new domain names are common file type extensions: “.zip” and “.mov”.
ALT
This means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it’s in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.
What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.
Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.
ALT
ALT
ALT
ALT
ALT
This is what we’re seeing only 12 days into the domains being available. Only 5 days being publicly available.
What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you’re on, don’t enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.
I’m seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company’s internet, and that’s probably wise.
Be cautious out there.
I recommend every person to BLOCK .zip and .mov due to some tricks that can be exploited (google ublock origin if you don’t know how)
1) Browsers tend to hide parts of urls, meaning in a taskbar https://website.zip can certainly look like website.zip (and pretend it’s google’s inbuilt zip viewer or smthn idk I’m not creative)
2) Due to how some transfer protocols work, a connection to “https://microsoft.com/files@myfile.zip WOULD NOT CONNECT TO MICROSOFT. It would route to myfile.zip (now a valid domain)
To not fall for the second trick you not only need to be highly technical, but also be up to date with these changes. There are people in respectable positions in tech who claimed that they would’ve fallen for this trick.
It’s not even been 2 fucking weeks since these have been out. Whatever legit website uses these new domains is not worth it. Just block this shit to be safe.
Something about the drama of the Twitter blue check mark made me think of the Dr Seuss The Sneetches book, and I find the comparison hilarious
For context, the story goes having a star on your belly made you cool, but then a guy with a machine made it so you could pay him and add a star to your belly. So all the starless sneetches bought the star, but then since they weren’t exclusive anymore, all the star sneetches wanted to get rid of their star to be cool and starless, and the guy with a machine would do that for money. This happened a few times until no one knew who was original what and they all became friends and learned a lesson about the pointlessness of the stars and being scammed out of money.
Also I haven’t read the book since I was like 7 so the story could be totally off :)
A physicist had decided that there was a need and use for the physical quantity that would be the product of time and current. Being the one proposing the quantity, he would get to decide its letter. After hours of thinking he decided,
“One of my favourite Steve Jobs stories was the time the engineers working on the iPod brought their finished prototype to him in his office. He said it was too big, they needed to make it smaller. They said it was as small as they could make it, it couldn’t be made any smaller. So he took the prototype over to his aquarium and dropped it in. The iPod sank to the bottom, and as it did, tiny little bubbles came out. ‘See those bubbles,’ he asked. ‘They’re air inside the iPod. Make it smaller.’
“Another story about Steve Jobs was when they brought the prototype for the iPad 2 to his office. The engineers told him it was faster than the first iPad. He took it over to his aquarium and dropped it in. ‘Look how slowly it sank,’ he told them. ‘Make it faster.’
“One time a newly hired intern had been sent out to get Steve a sandwich. When she brought it to him, he looked at it. ‘I thought I ordered the beef on rye,’ he asked. She told him it was indeed beef on rye. He took it over to his fish tank and dropped it in. ‘Does that look like beef on rye?’
“He was always dropping things in that fish tank. We couldn’t stop him. We told him he had to stop, he wouldn’t listen. It was full of stuff that shouldn’t be in an aquarium.
“The fish had all died years ago. One had been crushed under an early generation iMac. The others were all poisoned. He didn’t care.
“It got to the point where there was no room for anything in the fish tank. When we emptied it after he died, we found a body in there. We never found out who it was.”
“is this real” Tumblr pleeeease I’m begging you to ever remember what normal everyday written comedy looks like 😞
ALT
ALT
ALT
ALT
ALT
ALT
