hagezi
commented
1 year ago Thank you, from my point of view the TLD should be blocked. What do you think @yokoffing, @iam-py-test?
Closed PauloGoncalvesBH closed 1 year ago
hagezi
commented
1 year ago Thank you, from my point of view the TLD should be blocked. What do you think @yokoffing, @iam-py-test?
yokoffing
commented
1 year ago It’s already blocked on my list and the NextDNS guide since yesterday.
yokoffing
commented
1 year ago Of course, we'll monitor for any breakage. But it's so new, I would only assume malicious domains come from it until after some time has passed.
yokoffing
commented
1 year ago From the Bleeping Computer article:
Earlier this month, Google introduced eight new top-level domains (TLD) that could be purchased for hosting websites or email addresses. ... .dad, .esq, .prof, .phd, .nexus, .foo, and ... the .zip and .mov domain TLDs.
Attackers could use the username:password syntax before the @ sign to make a .zip link appear to come from any domain. This allows scammers to create links that look 100% legitimate to the primary domain of any company, potentially tricking even cautious users. Users should be wary of any .zip links and inspect the full URL to check for the @ sign. Blocking the entire .zip top level domain through a DNS service or group policy is recommended to avoid this potential threat.
We may want to consider .mov as well, e.g.:
||mov^$denyallow=david.mov
||zip^$denyallow=url.zipUpdate: Google's Zip Domains Are WORSE Than I Thought
.zip text to links. Example: the malicious old 42.zip..zip..zip TLDs..mov domains pose similar risks as a common video file extension..zip and .mov domains and refund buyers.
iam-py-test
commented
1 year ago I'm no security expert, so my opinion clearly doesn't mean much, but I personally think software autolinking things which "look like domains" is a problem with the software not the TLD; .zip just makes it worse due to it's prevalence as a file extension. Are .zip Domain Names a Security Risk? https://www.youtube.com/watch?v=em4J5Igsgmw Also, FYI, this isn't meant as an attack on you @yokoffing or anyone else. I really respect you and your work; I only intended to offer my opinion on the subject, not to insult you.
yokoffing
commented
1 year ago @iam-py-test Also, FYI, this isn't meant as an attack on you
I didn't read your comment as negative at all. Not in the slightest. For real.
Edit: What made you think you said something insulting? You were just adding to the conversation 😆
Edit 2: Ah, I see. Peter Lowe believes the risk is overstated.
yokoffing
commented
1 year ago @iam-py-test I've been watching NSCU videos for awhile, and I just now realized that one of those dudes is Peter Lowe 🤯
iam-py-test
commented
1 year ago Off topic, but NSCU is awesome (been watching their videos for a year or something). Cool that you also enjoy them.
yokoffing
commented
1 year ago Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
According to the following text, the .zip TLD can be used to do malicious phishing: The dangers of Google's .zip TLD
A more extended discussion about: New ZIP domains spark debate among cybersecurity experts
I'm not a cybersecurity expert, and I want to understand the community's thoughts on this topic and if we need to block this TLD.