Is This Anything Else But Stupid??? - Tumblr Posts

cornchrunchie
1 year ago

New Things to Beware on the Internet

On May 3rd, Google released 8 new top-level domains (TLDs) -- these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.

Usually, this should be a cool info, move on with your life and largely ignore it moment.

Except a couple of these new domain names are common file type extensions: ".zip" and ".mov".

May is also the month of Google I/O, our annual developer conference. Whether you’re learning to code, deploying a helpful tool, building your portfolio, or starting a new community, .foo, .zip, .mov and .nexus have you covered. Here are some examples from our developer community: gamers . nexus: Use gamers . nexus to review computer hardware and plan your next gaming PC. helloworld . foo: Learn how to code “hello world” in each programming language. url . zip: Create short, powerful and trackable links with url . zip david . mov: Watch videos by David Imel in this liminal space. Starting today, you can register all of these new extensions as part of our Early Access Program for an additional one-time fee. This fee decreases according to a daily schedule through the end of May 10. On May 10 at 16:00 UTC, all of these domains will be publicly available at a base annual price through your registrar of choice. To make it super easy for anyone to get their website live, we’ve worked with Google Sites to launch new templates for graduates, professors and parents.

This means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it's in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.

What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.

Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.

Screenshot of a tweet showing several newly registered .zip domains including: chrome-installer documents-backup googledrivesetup microsoftupdates microsoftwindows totallynotavirus photshop-cracked https://twitter.com/1ZRR4H/status/1657747300339384320
Screenshot of a tweet showing several newly registered .zip domains including: microsoftedgesetup office365installer defender-update-kit https://twitter.com/1ZRR4H/status/1657982434795716611
Screenshot of a tweet showing the newly registered latestupdate DOT zip. The new .zip website is gradient purple background with large white text reading, "GOD DID NOT INTEND .ZIP TLDS" https://twitter.com/1ZRR4H/status/1657809133704192001
Screenshot of a tweet reading ".zip top level domains were a colossal mistake." The tweet's image shows the checkout cart price to register downloaded-file DOT zip at $16.99. https://twitter.com/olafurw/status/1657116583238553617
Screenshot of a tweet showing the newly register microsoft-office DOT zip. The new .zip website has a spoof of a Microsoift login page page asking for your usermname and password. https://twitter.com/1ZRR4H/status/1657807143393689601

This is what we're seeing only 12 days into the domains being available. Only 5 days being publicly available.

What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you're on, don't enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.

I'm seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company's internet, and that's probably wise.

Be cautious out there.

Tags :
shit why did they do this??? is this anything else but stupid??? domain mov zip! fuck me signal boost
72K notes View Post