Voyager changed to lemmy.zip as well
Voyager changed to lemmy.zip as well
Welcome post: https://lemmy.zip/post/40323214
Voyager change: https://lemmy.dbzer0.com/post/45890744
26 comments
-
-
I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.
-
Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything
-
Targeting Lemmy specifically? probably not, but that's not really the issue. It's not that being a .zip address makes the server vulnerable, it's that the existence of the .zip TLD makes everyone vulnerable:
Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".
https://en.wikipedia.org/wiki/.zip_(top-level_domain)#Security_concerns
-
-
Can you explain why, for me? Genuinely curious, I don't understand.
-
The problem is that .zip conflicts with the very commonly used zip archive format which has caused user confusion - a user might click on what appears to be a URL to www.fakewebsite.zip and instead end up downloading a malicious .zip file. This creates an unnecessary and entirely avoidable security risk.
Google opened registration for the .zip and .mov top-level domains to the general public on May 3, 2023. Its release was immediately met with condemnation from cyber security experts as a result of its similarity with the file format of the same name. Malwarebytes warned against the use of already recognizable filenames and their confusion with top-level domains, as "plenty of users already have a clear idea that .zip means something completely different". Experts cautioned against their use, and noted that the use of .zip filetypes in cybercrime had had "an explosion" in recent years. Cisco warned against the potential for leaks for personal identifying information. Researchers also registered similar concern about Google's .mov domain.
Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".
https://en.wikipedia.org/wiki/.zip_(top-level_domain)#Security_concerns
Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.
-
-
-
lemm.ee refugee here. I was considering piefed, but photon didn't support it.
-
Now that the API is there, hopefully it will in the future
-
Im currently usong boost with .ee, but i think support for that stopped too? Im going to have to change clients and instances
-
-
Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?
-
Both list of blocked instances are in the body of this post
Lemm.ee federates HB, and lemmy.zip does too.
-
Feddit.uk is pretty good for this. I think our defed list is pretty minimal.
-
We do federate with HB at .zip. No defederations from major instances.
-
take a peek at lemmy.sdf.org
-
-
we could introduce some similarity metric to filter for similar instances in a more general sense through sites like https://lemmyverse.net/
-
You guys are making me feel left out :(
26 comments
been on .zip 2 years-- its been great, and @Demigodrick@lemmy.zip is incredible as admin
That's very kind of you ❤️
Yes, the moderation has been great.
Just sometimes the performance has been lacking. Like none of the pages loading and having to wait 15 minutes before they can be accessed again.
Maybe it is because I connect from the middle of Europe or something though.