Google's Zip Domains Are WORSE Than I Thought
Vložit
- čas přidán 24. 07. 2024
- There's no way they thought this through...
My Previous Video About Zip Domains: • Google Did Something R...
⇒ Become a channel member for special emojis, early videos, and more! Check it out here: czcams.com/users/ThioJoejoin
▼ Time Stamps: ▼
0:00 - What's Going On?
0:31 - Recap: The Other Problem
1:13 - Auto-Converted Links
2:36 - A Disaster Waiting to Happen
4:06 - Cause of Confusion
5:44 - Why Was This Allowed?
6:40 - A Counter Argument
7:37 - What's To Be Done?
8:10 - Not Just .Zip
8:28 - Blocking All .Zip TLDs
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ - Věda a technologie
Everybody gangsta until Google adds .pdf
Oh god no
I was thinking the exact same thing. But why stop at that? We also need .txt, .rtf and .docx 😂
I haven't seen anyone mention .html as a top level domain name.
@@Mainyehc also .rar .7z .xls .xlsx .ppt .pptx
Let me suggest .html and .php as TLDs.
They really went through proposals and meetings but apparently everyone at Google still thought this was a good idea
Must have been with a bunch of Yes men…
This is like a office building meme, where a CEO agrees with everyone except one person, that person states that they should make it secure as much as possible, otherwise it might not be a good idea, then they throw that person out of window.
Common sense goes out the window when money is to be made.
It is a known fact in psychology that meetings are, in general, not very usefull because people fear the dominant personality, usually the big boss in the room.
.secure is a better extension smh
ICANN: "No one types file names into their address bar". Since most browser address bars these days double as a search bar, I would imagine a lot of file names are typed in when people wish to find a specific file.
@the box
i do that a lot to find missing files or just to find out what a file is for 🙂
If you meant you can type a local file path into the browser address bar, that's exactly my first thought hearing that as well
Edit: Actually I think you might have been talking about something else, but either way I think we both have good points
Did they EVER see a windows 10 search bar???
It’s concerning how out of touch with modern times ICANN is
literally old internet explorer would work as a file browser, who approved this shit
Jesus, how can ICANN be that out of touch. That quote is staggering. It doesn't even address most of the most critical objections, but then also some people almost exclusively use their web browser for cloud-based file exploring. It's 100% going to happen constantly. What an absolute dunce...
Sounds to me like their opinion is bought and paid for. Or their grandparents are all dead already idk
ICANN not understand how they are that dumb.
More like ICANNOT
Because THEYCANN
ICANN and the W3C for that matter are extremely out of touch.
I remember thinking back when Windows stopped showing file extensions by default that was a bad idea.
Right? It basically trained the less tech savvy to "click around and find out!".
Also allowing shit like "invoice.txt.exe"
You have to open it to find out what's inside!
Windows always hid it by default when did windows not default hide extension. XP was default so are you talking like 95 lol
@@monsterhunter445 Some of us remember when Windows was a new idea, and it was an overlay over DOS. Actually, some of us go further than that; my first graphical operating system was GEOS on a Commodore 64. Then I upgraded to an 8088, LOL.
That forty two zip domain is beautiful.
A perfect example of Chaotic Neutral.
It archives a piece of internet history while reinforcing the old adage "don't click on weird links".
*chef's kiss*
Trolling is a art.
Forty two zip is a memetic hazard
I literally struggled to not accidentally start typing it into the search bar, _as a search word_ while curious to read more about it
Can't even Google about it or accidentally risk somehow navigating to the site
@@aogasd No joke, I'm security conscious and I was even fighting off the urge. Especially since I wasn't familiar with it before, so I wanted to see how old the malware was and what exactly it did/remediation options for an infected PC, first inclination was to just type it out in my browser search bar and it took me way too long to realize what I was about to do. Didn't start typing yet, but man was I close. This is almost more dangerous for the tech savvy as .zip is so ingrained in us as a file extension.
You would not say the same thing about someone leaving a vat of poison open in the market...
Raise your standards, because that is chaotic EVIL, you dunce.
I seriously can't believe google did this. It's even hilarious with their "won't fix" garbage. I genuinely have never hated something more than "won't fix".
That's a Chromium thing. The Chromium devs love that "won't fix" option.
I'm inclined to believe its a directed attack by google to destroy the use of those file extensions.
@@BeauZoe
I had this same thought watching this video: when are we expecting Google's new patented archive file format?
As a pen tester I love "won't fix" issues.
Gift that keeps on giving.
@@Lowraith Microsoft is about to integrate archiver in the OS. Maybe it is related
How could a company like Google not have even a speck of foresight with this… it seems so obvious to just… not do this? I genuinely don’t understand
They had a pile of foresight. They saw a bigger pile of money to be made.
obviously they want to control all the internet, so they need to start a lockdown here, like the last they did irl
One of the few times when they actually SHOULD have asked a bunch of boomers to make tech decisions.
@@williamdrum9899 they know what they are doing
Sales trumps engineering, development, and even security. They think they are going to sell these domains for money.
It’s like Google _wants_ to destroy the Internet…
More like wants everyone to be infected with malware.
This'll either drive sales of anti-virus programs up, or make most people jump ship to a Chromebook over a Windows machine.
The latter would probably profit them most.
@@CnCDune exactly. from those fake sponsored "links" that are imitating real legit links, to malicious ads on CZcams and even google wanting to make Adblocking "forbidden". they WANT to make the internet more dangerous and they probably are making tons of money from this as well as data that was stolen from innocent users.
@@CnCDune can not argue with that logic honestly
google is an ad company. they dgaf bout anything but selling ad space at this point
@@CnCDune or they could possibly making their own antivirus and bundle it with Google One, and bump up the subscription price to 3 times
It seems Google's shift is from 'Don't be evil' towards 'be evil'
Yeah it's been that way for at least a decade now
Google removed "Don't be Evil" from their company a decade ago.
someone broke in, added a comma, now their slogan is "don't, be evil" and it's all been downhill since then.
Removing "don't " was a six-byte optimization. Performance-critical change.
When you were discussing how ICANN could allow this to happen, you missed a golden opportunity to use the "Man handing over suitcase of money" stock footage.
I think ICAN forgot that you can open files in Chrome... Seriously, Chrome is the best PDF viewer on my computer because I never bothered to get a stand-alone program, I type file names into my address bar constantly.
.pdf domain coming soon I guess :P
@@Poldovico Don't give Google ideas 😂
when you do that you still have to write something like file:///C:/example.pdf and not just example.pdf in firefox at least (not sure if its different in Chrome). However it's obviously still a problem for the reasons explained in the video
Yeah what a stupid and shortsighted comment by them. When I was making websites I would often type filenames in a browser address bar. I mean how else are you going to quickly test links without going through the process of putting the link in a webpage and then clicking on it? And when you click on a link to a file you're technically entering a filename into the address bar, just not manually.
Why type it manually instead of drag-and-dropping the file from a file manager? Or directly open it with a double click? But sure, web browsers are good enough for reading PDFs. For adding comments to them (for reviews) I use the PDF/documents viewer that came with the system, being evince.
"Nobody would type a file name into an address bar."
Except that address bars almost universally double as search bars. Hell, some search bars will just skip the search and go straight to a web page if they interpret the search as an address.
The .mov domains will be a HUGE issue in the entertainment sphere since we share/link video files all the time. I agree it's not as big of an issue as .zip but it'll still make a huge splash
Any kinds of file extensions as a domain is a huge problem when it's recognized automatically as hyperlink, I dunno why those people thought this was a good idea
They're not stopping with .zip?
@@karlrovey 🤣
@@karlrovey By their own logic they shouldn't
@@karlrovey .mp4 is also one I think
I don't see why Google is allowing this. Linus also mentioned this is a terrible idea
Seeing how Google still allows a long standing CZcams channel to suddenly be renamed to something like Tesla or (something giveaway), have all their videos deleted without confirmation, and then live stream a video (scam) I'm not surprised they don't care about .zip domains.
I didn't think it could get any worse. . 😂😂😂
Allow? They're the ones doing it!
Torvalds or Sebastian?
@@m4sterred853 great question
Also, when you share zip files larger than 25 mb, the gmail will share the file as a link, which will again confuse the receiver as to whether it is a .zip file or a website link
After seeing your previous video about the _zip_ TLD, I immediately blacklisted it in my Pi-hole DNS. Now seeing this video only confirms to me that was the right decision.
Thanks and keep up the good work!
My firewall is already blocking zip and mov domains. Companies like Google shouldn't have this kind of power over the Internet. Too bad the idea of splitting up these tech giants has lost traction
That's not really the failure here. Anyone can petition for a new top level domain. If it wasn't google, it would have eventually been someone else. But like Joe said, ICANN is the regulatory committee here that should have INSTANTLY recognized this as a security vulnerability and denied it.
@@bitterrotten Don't worry as soon as a major company or government body gets compromised by this ICANN will 100% change its stance. And Google will most likely get sued over it like with COPPA.
Think of the "possibilities" if they were to create the .exe domain.
This will probably come eventually, but nobody applied for that string just yet.
You need to have your domains for your executives, come on!
@@Mysdia yes, its time to virtual lockdown now, so every place will be controlled by few persons
crossed my mind. I looked to see if that domain existed on the exclusion list.
Or .pdf
Ah yes, Google and Discord fumbling the bag with their new updates to things that never needed updated.
In hardware, we have Nvidia and AMD doing sketchy things to their GPU lineup
In software, we have Google and Discord constantly screwing its users
2023 is such a chaotic year for a tech world
What did discord do? I don't really use it
@@ayden8901 Most recently theyʼre making everyone change their usernames, which a lot of people dislike for various reasons. Many of those are Change Bad but many are actual issues which will cause problems.
Before that they added more Markdown support, including (relevant to this) the ability to make arbitrary text links; they reverted that, then added all but the links back in, and I *think* they also plan to add the links again but Iʼm not sure.
Although people don't like the discord change and the fact it has created problems. I still don't hate it. For us that constantly use discord it seems dumb but you have to remember that for new people it can be confusing. So I can see how theoretically just making it the same way that other platforms do it can decrease friction.
To be clear I am not saying I like it, I am just saying I don't dislike it. Discord I feel like has a pretty good track record compared to other companies and I am of the belief that they will figure it out. I could be wrong though.
@@danielrhouck thanks for the reply :)
I've blocked the entire .zip and .mov TLDs on my pihole... I seriously doubt that any serious businesses will be using them.
Do you simply block *.zip as a wildcard. Sounds like a good idea, will do that as well.
On your what?
@@danielm.595 pihole - google it if you're not familiar
The auto-converting links was a feature no one asked for.
For real, i never liked it
gets me banned on twitch by mistake on the regular
Especially when a lot of places that do it are very strict on posting links and sometimes just delete your post/comment if you link anything.
Extend this to "phone numbers" in some messaging apps (I'm looking at you, Telegram)
Pretty much all modern software is updates no one asked for, from operating systems to web browsers.
Have they never heard of a collision? There are ~17500 other 3 letter domains they could have chosen from and they pick one of the few combos that is already a file type.
Also even if you don't "type" something into the adress bar plenty of people copy and paste urls or file paths into the bar.
I'm pretty sure the domain was *intended* to be named after the zip file type.
ICANN already had to consider this and conducted a "study" to cover their arse. Although I do suppose they have a form for reporting name collisions if a new second-level domain names's name is causing demonstrable harm; particularly if it's a threat to human life (otherwise they might ignore it), and that's for second-level domains only Not Top-level domains like Zip.
I remember Blue Coat researchers raised concerns about the .Zip TLD calling it the shadiest of the new ones bc of the pings... findings were vigorously contested by large companies who had applied for the new TLDs.
They should have just called it "zyp" if they really liked the name that much
Same reason they made a floppy disk the same name as a compression format.
I maintain my hot take that Google _knew exactly what would happen,_ and _wanted_ it to happen, for the exact same reason AdSense allows arbitrary, unfiltered javascript in submitted ads that can auto-download and auto-run executables just by viewing a web page that just happens to pick that ad from the pool to load. They get kickbacks from the virus authors.
The moral: Get an adblocker and don't disable it for _any_ reason, not even the "zomg youtube is gonna block adblockers now" thing. Workarounds will and already have been found, and these days adblockers are basically content-specific _firewalls_ to keep weird shit off your computer.
Agreed. Google's not stupid. This was intentional.
"They get kickbacks from the virus authors"?
Could you explain that one please?
@@justinsbeaver9010 Probably something along the line of virus creators purchasing ads -> google catching them uploading malicious adds -> breach of contract aka google pockets the money without having to provide the rest of the service.
That is what my maximum cynicism is telling me could be the idea behind it.
@@justinsbeaver9010 Paid to "look the other way", in other words.
@@WackoMcGoose Could you be more specific? That's very intriguing!
Conspiracy time: google has their own competitor to the zip format ready but want to get rid of the usage of zip files, so they released this crap in hope that people would look for an alternative.
*puts on tinfoil hat* why does this sound like something that google would do
Did they buy rar or 7zip? 🤔
These are the only alternatives to zip files that I know of.
Or they have a "new AI antivirus that can protect you from just this kind of thing", basically "that's a nice xyz, shame if something happened to it, maybe you should buy our product"
@@Samu2010lolcats Definitely not 7zip, but can't speak for winrar
Too late. Windows 11 will add native RAR and 7Z support so even if ZIP dies, it will only strengthen the others instead of giving way to a newcomer.
Thought that it won't get any worse. Now only time will tell what new scams emerge & scammers using file extensions domains 💀
INB4 data breach on Google from their accountant getting pwned by .zip extension domain.
For their next idea: launching a technical help desk you can reach anywhere in the USA just by dialing 911.
As usual, there is more into it. Think in the terms of intranet and how people use links and files there. It's not really that protected, and if your Confluence or SharePoint pages mentions Something, dot, zip on the page as a reference point, it will likely lead to external destination unless the steps are taken, and/or the attachment is forced to be linked to something internally (not everyone is familiar with editing beyond WYSIWYG)
about the "typing file names into location bar" point, they seem to also forget how browsers are using the address bar as a search bar so people can and will type anything in it
The “auto download” is an opt-out option of our browser, you can make it ask for confirmation for each download, just in case
Is it not set to _"off"_ (for auto-download) by default? Last time I used Chrome it was.
If you need to say it, it’s not obvious enough
@@THE-X-ForceLast time I installed chrome, auto-download was the default. I forgot to turn it off, went to a sketchy site, and almost had a heart attack when it suddenly downloaded something. I now manually check every time.
I know my way around a computer but am far from a tech guru. Even I looked at the title of your video and thought how in the world did anyone think having a dot zip domain would be a good idea? Wow. Right away my brain started thinking of the scenarios that you end up going over.
A billion dollar company, many layers of approval, and they thought "sounds good!".
Groupthink is a hell of a drug. So is lack of age diversity. Willing to bet nobody over 50 had a say in this. Which for something like this is a bad thing.
At the end of the day it is ICANN who is to blame. They are the one's who are supposed to be the gatekeeper's for this sort of thing. Relying on multi-billion dollar corporations (like google) that are driven singularly by greed is obviously not a good idea or an acceptable solution.
this sounds like a disaster is google trying to destroy the internet???
gotcha!! since irl lockdown was a success, its time to virtual lockdown to take control over every single place of world
cOnTrOvErSy tHeOrY iNtEnSiFiEs
@@vinching926 google brazil only shows gov websites when searching by news. Its obvious that internet is not free anymore. They have too much control today
Google may currently be victims of corporate sabotage. As a public company; someone will greatly benefit from them going bankrupt. Period. Going bankrupt is the most profitable option for short sellers. They're not trying to destroy the internet, they're trying to destroy Google. No risk to the leadership if they're in on it, as they can take a golden parachute out straight from the shareholders.
Basically, Google is in it's end of life phase. They chronically have neglected new products, technologies, etc that they have paid out the ass for, are burning any good will they had rapidly, and now are actively degrading their services.
Next and soon in the playbook, we'll see massive lay offs, disruption to core google services from them becoming unmaintainable, followed by a massive exodus of users that will go to convenient alternatives that will "suddenly" pop up. This will lead to a massive rise in the stock price due to record profits from not having to pay anyone or run any services and being able to sell corporate assets.
Just as planned, the bigger they fall, the better, as all the value in the stock and more can go to you if you short and naked short it. The layoffs and user exodus will indicate to other short sellers that it's time to pile on. The more exposure to the rest of the market the better, because then everyone is in on making them fail and it becomes basically certain to happen. Huge pre-death price pump.
Right at the peak of the stock price: massive rug pull. Market makers let google die, the shorts make more than google was even worth via illegal short exposure; and all the remaining pieces of google get sold off. Followed by a giant wave of articles about how google deserved it, how hard it was failing, how outdated it is, with obvious undisclosed advertisements for those new alternatives, etc.
Finally alphabet is delisted, and shorts no longer have an obligation to buy back GOOGL shares. All the user data was stolen or sold along the way. Everyone gets robbed and nobody wins, except for corrupt market makers and their buddies. And you'll read those mostly AI generated articles and go on thinking it was meant to happen, exactly as planned, and sign up for the next service in the playbook. Maybe you'll even get to see the same CEO and management team again!
5:35 This is so funny 😅 Nice editing ThioJoe
An I.T. administrator can deal with this at the primary domain controller, but the average user at home will have no idea how to block this, or even why.
Was testing it after the last video, and was happy with how Firefox just refuses to load that URL with the spoofed domain. Also no auto downloading files like edge/chrome (why is this even a thing).
The MIME type of the default file loaded was probably set to application/octet-stream instead of text/html
@@jamesphillips2285 yes, but why do chromium browsers download files without asking first. As a Firefox User that's just wrong.
It is _VERY_ easy to get around how Firefox is picking up on it, and to circumvent any warning to users. Obviously I'm not going to spell it out .. but believe me it doesn't take a genius, because I'm an idiot and I figured it out in roughly 3 seconds. Be assured that malicious actors are _already_ doing it.
@@tr7zw It's a user setting which is off by default.
You can disable that in chrome:// settings my guy.
There are some sites with chat panels, where they already did automatically convert any text with "dot" in between and attached with words, into a clickable link. Now, this means exactly than it may redirect to actual domain, while before it would just show 404 error.
Thank you for bring & raising .zip files, sorry domains to our attention. How this got past the idea stage has me shaking my head in disbelief.
I'm really thankful that you put proper subtitles on your videos, I'm not hard of hearing or anything but it still helps a whole lot!
Browsers can open and display a lot of file types, users even drag files onto a browser window to display the content, why shouldn't they also enter oder modify a file name in the address bar?
Is it possible to sue a company for willful incompetence?
Incompetence is not the word I would use for this. 😀
Deliberate incompetence is called malice.
@@dombo813 Bingo
OH, SNAP!!! The "auto convert to link" "feature" at Webmails (and some regular desktop clients too) 😅
That TLD will definitely be completely blocked on all my systems now 😅 I don't even understand why anyone even wants other domains than those we already have.... Nice video btw 😉
Google should have already stopped selling this TLD by now with the amount of backlash, wonder whats stopping them now
$$$
Google needs forcefully broken up or dissolved.
money
This problem will get even worse as encrypted DNS becomes even more established. Right now, security officers are blocking these TLDs within their firewalls. Any company that doesn't have a local DNS set up that their network automatically uses and sets up these blocking rules in said DNS are going to get hit when secure DNS encrypts the DNS request itself. The firewall won't be able to tell that the request is for any domain, let alone the [.]zip TLD.
Wow. This is like Y2k all over again.
Yeah, there are so many browsers that bypass your local DNS and use DOH (not a typo).
@@AllAmericanGuyExpertDoh? What's doh?
@@jmrumbleplay doh
@@Kitulous I knew it! xD
Thio out there saving us from random simple small yet fatal threats
this must save many many people
What's worse is that ICANN didn't catch this security problem when they awarded the TLD to Google.
ICANN knows, but the organisation is in a rather strange situation, politically. To some extent it's all about the money, but there are a lot of other forces pressuring them.
@@vylbird8014 what forces?
Keep up the good work, Joe! Your tips are very helpful to me and my IT department.
Why do I picture the: "This is Fine!" meme every time I read/hear about this. 🤔
Wow that was great! Thanks! I've always heard people talk breafly about this. I always wanted to look into this matter further. I will spiritually reflect on this matter and allow it reshape my perception of reality.
It's almost like the people at Google never use PCs
Google definitely didnt think this through, shock
Haha, watch someone mention a zip file years ago, that will now go to malicious website and get their account suspended, for what should have been harmless conversation.
Thank you so much for these relevant and informative videos! Can't believe more people aren't throwing a fit about this, but I'm glad to be informed at least. Keep up the great work, brother!
The Funny thing is. Just today I had 3 emails that used this exact tactic used to try and trap me. I've deleted them almost as soon as I figured it out. They almost got me though because they looked very legit. But if I've taught myself not to act on a knee jerk reaction. And when I took a second look is when I figured this out. I upgrade my passwords once a month. I clear my cache files and log out all active sessions every 2 weeks. It sucks and is time consuming but I rather be annoyed than be hacked.
Just block all .zip domains and problem solved
This trainwreck has been in the pipes for a Loong time... ICANN Reviewed the applied-for "zip" string back in 2013 and Approved it for delegation after additional review in September 2014 it was delegated. Apparently they never surfaced all these issues, Or didn't care because the collission issues are outside DNS itself, and were paying enough money for the TLD. In any case, the Delegation is now a long-standing one part of the standard root zone -- It's not going to go away... The only answer I think is going to be that software needs to be updated to stop Linkifying dot Zip names. Perhaps it would also be helpful if major browsers and Operating Systems would add logic to their resolvers to block the web addresses of that TLD for the sake of the end users...
How about the non-Google DNS providers just refuse to resolve .zip URLs?
@@CaptainKremmen DNS resolvers can filter lookups technically, but it's Not within the normal scope of function for a DNS provider to intercept and deny queries based on 3rd policy criteria. The TLDs are in the root zone, and failing to resolve a whole TLD would potentially cause a whole lot of issue reports - as the DNS provider isn't giving the promised service anymore in that case but a limited/reduced view of the DNS.
6:20 What if you want to Google a random ZIP file? It's easy to accidentally go to a website instead. And someone can host a fake search results page and use it for phishing or malware. Even some tech savvy people might fall for this if they're not careful.
Thank you for the subtitles; it's really appreciated.
I love this man's videos
Thanks for the information
.zip websites are like putting a cocked loaded gun on the table and waiting for someone to pick it up. This is so new, I don't think the regular user will know about this in any capacity. Funniest thing I think happened in this whole story is that Alphabet bought Mandiant last year. You think security personnel would say "hold on"
Thank you for your videos and insight, I am blocking all. Zip extentions now that you made me aware.
Thank you
all I'll say about this is that I'm glad I'm subscribed to this lad and giving us heads up 👍
- Why did you allow this domain????
- Because ICANN
(badum tsss)
I learnt more from you than the computer lessons in school
Our company gets so much spam from novelty domains that when .zip was announced I immediately blocked all .zip domains for our email customers. Can't believe this is a thing.
Thanks for the warning, ThioJoe! Gonna check out your video on blocking zip domains so I can protect myself! Good work. ^_^
What do u think they actually talked in the Google team when they decided about this? I'm sure they are skilled people, don't they think about these stuff? I'm confused, and is there anything good about this?
When you spend all day around people who understand computers you might start to forget there are people who don't
I have a doubt on this
While browsing files with file:/// protocol in a web browser and supposedly there is a bunch of zip files. Now, what happens when I double click the file. Will it open the zip file or it will go to a website that may or may not exist, on the first click
File:// is for local files, not Internet
Ty for explaination. Added that TLD to my Portmaster firewall blocklist, to avoid confuses in future.
Thank you for the informative information.
@ThioJoe As an added bonus, Discord has been testing allowing users to use Markdown titled links outside of embeds. So it'd be possible to type [Harmless Title](Malicious Link) or worse. The worst thing about this is that this feature isn't tied to any permissions you can disable.
I worry for the internet's future...
Oh... Standard Markdown. You can probably use a Discord moderation bot to auto-purge anyone doing that if they're not an admin/operator. Or bot that can purge based on messages containing regex, something like \[[^\]]+\]\([^)]+\)
@@Mysdia True. I'd need to account for all the forward slash Unicode lookalikes too, since that's one of the issues mentioned in this and the previous video.
The only reason someone I know bought a .zip domain was for the lolz. Haven't seen an actual site yet with it, and honestly whoever bought it to spring up a legitimate thing shouldn't be upset if it gets blocked.
Company I work for blocked the .zip and .mov . Thanks for the video. Hadn't thought about the retro-active nature of things turning old text into shiny new attack vectors.
Thanks for letting everyone know about this security risk. 👍
When i was searching for Minecraft Resource Pack wich is on my coumputer, default Windows search bar redirected me to some sketchy website... (Ofc opened in Microsoft Edge)
Such a shame.
6:20 Yeah, users are famously very smart and won't ever fall for this! /s
_Famous last words_
Thanks for the news bro
Well said!! Thanks for sharing
Love you, Joe
U first
I’m sure he loves you too
Thanks for explaining WHY this was a bad idea, in both videos. I'd forgotten about the username:password @ format; I think the last time I used it was for accessing an ftp site. Although I don't think this will be an * enormous * problem, with malware that doesn't matter and it's just more bullshit we in IT will have to deal with, and we'll all likely have to deal with it at least quarterly. /sad 🐧
Amazing content👍
Is there a way to petition ICANN to see the error of their ways and remove the things?
A smart person would figure out the most popular file names and put up ads on all the sites. Nothing nefarious, just ads and a message saying that Google screwed up. 😂
All the more reasons not to use and mention ZIP anymore, to avoid confusing anyone.
Until Google somehow does to 7z or RAR, what they did to dot ZIP.
Don't give them ideas!
And if someone accidentally sends someone a link to a domain now marked as malicious it may get their email address or domain blacklisted. We're going to be dealing with the fallout from this for years.
I work with users on a daily basis. Plenty of users type URL's, short ones, into the address bar. That's what the hell typo-squatting is about.
Boy did Google screw up wow
Sounds like the disaster is zipping along nicely lol
GG google
Wow... thank you for the heads up.
Thank you for this video!
I'm a professional audio engineer and I send and receive zip files all the time. This is going to be a major hastle for me and my clients.
7z or rar may do.
…at least until Google f* with them too 🤷
@@GiovanniPerini Ya, I get rar sometimes. Good point.
I've already blocked it in my PiHole
Good job. Thanks.
Great video. Placing zip domain extensions in my pi-hole right now.
Yum yum eat 'em up!
I knew this sort of thing was going to happen when ICANN stupidly started allowing custom TLDs.
this could actually result in people stopping the use of zip files 😮
and how would anyone share a bunch of docs to their friends if they don't know how to use 7zip or winrar but know how to extract zip files? people will still use zip files but the only thing that google will cause is confusion and chaos , that's for sure
@@fr34k09 this will cause a huge problem and risk to anyone that doesn't understand any file types, especially that people with 'show extension name' turned off
@@Saji_0 that already happens with youtubers that get hacked by fake advertisers on their email inbox, but did you actually read my previous comment? I already said that google will cause chaos because of their new domain while also I asked, how will people share bulk files to each other if they stopped using zip files and for some reason don't know about rar and 7z files.
I work in an it department as Junior sysadmin and understood the risk immediately, did research on how to block it on our devices with intune and scheduled a meeting with my colleague and supervisor. My colleague who is responsible for the whole infrastructure side, basically said “what’s the deal” and “is that really necessary” when I proposed to block those TLD’s in our firewall. This guy blocks any and all advancements because he does not want to do anything related to changes or updates on configs. It is so frustrating seeing someone be in a position to make important changes, yet just don’t, because “I have other stuff to do”
Yeah this is absolutely mind boggling from Google. In my eyes in truly disqualifies them as a company that thinks about security
Pro tip for mobile users: clear out your default browser app.
This way, every time something on your phone tries to open a browser page, it will bring up the browser selection dialog.
It actually managed to block an actual virus that tried to pop web pages on my phone once. It's bound to work for this.