Closed PauloGoncalvesBH closed 1 year ago
Thank you, from my point of view the TLD should be blocked. What do you think @yokoffing, @iam-py-test?
It’s already blocked on my list and the NextDNS guide since yesterday.
Of course, we'll monitor for any breakage. But it's so new, I would only assume malicious domains come from it until after some time has passed.
From the Bleeping Computer article:
Earlier this month, Google introduced eight new top-level domains (TLD) that could be purchased for hosting websites or email addresses. ... .dad, .esq, .prof, .phd, .nexus, .foo, and ... the .zip and .mov domain TLDs.
Attackers could use the username:password syntax before the @ sign to make a .zip link appear to come from any domain. This allows scammers to create links that look 100% legitimate to the primary domain of any company, potentially tricking even cautious users. Users should be wary of any .zip links and inspect the full URL to check for the @ sign. Blocking the entire .zip top level domain through a DNS service or group policy is recommended to avoid this potential threat.
We may want to consider .mov
as well, e.g.:
||mov^$denyallow=david.mov
||zip^$denyallow=url.zip
Update: Google's Zip Domains Are WORSE Than I Thought
.zip
text to links. Example: the malicious old 42.zip
..zip
..zip
TLDs..mov
domains pose similar risks as a common video file extension..zip
and .mov
domains and refund buyers.I'm no security expert, so my opinion clearly doesn't mean much, but I personally think software autolinking things which "look like domains" is a problem with the software not the TLD; .zip just makes it worse due to it's prevalence as a file extension. Are .zip Domain Names a Security Risk? https://www.youtube.com/watch?v=em4J5Igsgmw Also, FYI, this isn't meant as an attack on you @yokoffing or anyone else. I really respect you and your work; I only intended to offer my opinion on the subject, not to insult you.
@iam-py-test Also, FYI, this isn't meant as an attack on you
I didn't read your comment as negative at all. Not in the slightest. For real.
Edit: What made you think you said something insulting? You were just adding to the conversation 😆
Edit 2: Ah, I see. Peter Lowe believes the risk is overstated.
@iam-py-test I've been watching NSCU videos for awhile, and I just now realized that one of those dudes is Peter Lowe 🤯
Off topic, but NSCU is awesome (been watching their videos for a year or something). Cool that you also enjoy them.
Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
According to the following text, the .zip TLD can be used to do malicious phishing: The dangers of Google's .zip TLD
A more extended discussion about: New ZIP domains spark debate among cybersecurity experts
I'm not a cybersecurity expert, and I want to understand the community's thoughts on this topic and if we need to block this TLD.