Well put. Your explanation has me most confident I should avoid lemmy.zip communities for the time being--thx
NaibofTabr@infosec.pub 2 days ago
The “.zip” TLD isn’t itself a security risk, but it should never have been created in the first place due to the overlap with .zip files.
Understanding the context of why the .zip TLD is a bad idea, you should be questioning the general competence of a web admin that would intentionally purchase and operate a .zip website. It’s such an obvious and avoidable problem that you have to wonder what other obvious problems they are failing to avoid.
tisktisk@piefed.social 2 days ago
jaybone@lemmy.zip 2 days ago
lol there is nothing wrong with Lemmy.zip. It’s a legit Lemmy instance and the communities are safe.
The concern is that someone might try to make a website / URL appear to be a zip file you can download and open. But Lemmy.zip is not doing that.
Also you are on a different Lemmy instance, so you never interact with Lemmy.zip directly. Instead, behind the scenes, your instance exchanges data with Lemmy.zip, and all other instances it is federated with, regardless of whether you personally subscribe to any .zip communities or not.
tisktisk@piefed.social 2 days ago
If the concern is legit, wouldn't it be an ethical practice to not support services that use the problematic TLD?
Rhynoplaz@lemmy.world 2 days ago
Not everything needs an ethical practice.
BootLoop@sh.itjust.works 1 day ago
Lemmy communities are run by volunteers who are often footing the bill themselves to run. Without these people Lemmy would not exist. One/some of these people decided to save themselves a few bucks a month and get a .zip domain. There’s nothing wrong with lemmy.zip
actionjbone@sh.itjust.works 2 days ago
I do not disagree, though I’m curious on your take of .COM since that has always had the same issue.
NaibofTabr@infosec.pub 3 hours ago
Basically, .COM files are not commonly used and definitely not commonly shared on the Internet. The overlap between use cases for .COM files and .com TLDs is almost nothing.
In contrast, .ZIP files are very commonly shared on the Internet as a convenient way to transfer a group of files all at once, and there are a few different techniques for using .ZIP files maliciously. There is a lot more potential for conflicts between .ZIP files and the .zip TLD on the Internet.
Scrollone@feddit.it 2 days ago
The difference is they everybody knows about zip files, even my old mom. Not so much for com executables. That’s why it can lead to phishing, etc.