Continued thread
Recent searches
Search options
#mov
0 posts0 participants0 posts today
In 1991, QuickTime file format was created by Apple.
In 1998, the MP4 file format was created based on the QuickTime file format (MOV) from Apple.
In 2001, MPEG-4 Part 14 was officially finalized and published by the International Organization for Standardization (ISO). It became know as MP4.
Continued thread
Continued thread
Continued thread
USS MIRANDA
(Part Five)
LEFT: Captain Georgiou's Ready Room from "The Vulcan Hello" (complete with antique telescope)
RIGHT: Captain Kirk's Lounge from Star Trek V (complete with antique ship's wheel)
Please forgive the quality of the older camera phone 
#LEGO #StarTrek #AFOL #MOC
#MirandaClass #TOS #MOV
#StarTrekDiscovery #DiscoTrek
Zelená pro Rusy a Bělorusy. Příští rok můžou na olympiádu. Startovat mají pod neutrálním označením. Co to znamená? A nehrozí hrám bojkot? #olympiáda #MOV #rusko #valkanaukrajine #ukrajina #belorusko
Hostem podcastu #Vinohradska12 je šéfredaktor stanice Radiožurnál Sport Miroslav Bureš: https://www.irozhlas.cz/sport/olympijske-hry/vinohradska-12-olympijske-hry-olympiada-rusove-sponzori_2312140600_nel
iROZHLAS.cz · ‚To rozhodnutí nechápu.‘ Olympiáda s Rusy nemusí být definitivní, trumfy drží i sponzoři
Mezinárodní olympijský výbor s okamžitou platností suspendoval Rusko kvůli začlenění sportovních svazů z anektovaných ukrajinských území. Trest nemá vliv na start ruských sportovců na LOH v Paříži. #rusko #ukrajina #mov #lohpariz #loh
https://www.irozhlas.cz/sport/olympijske-hry/mezinarodni-olympijsky-vybor-rusko-suspendace-valka-na-ukrajine_2310121651_lis
iROZHLAS.cz · Mezinárodní olympijský výbor suspendoval Rusko. Trest však nemá vliv na start jeho sportovců v Paříži
Continued thread
Regardless of whether the threat of .zip (or .mov) domains are overblown, it doesn't hurt to be careful and remain vigilant when opening links (whether they have .zip or not at the end).
Continued thread
There have been some examples online of people registering .zip domains—some as a joke—to show how these can be used by malicious actors. While there are those who argue that these concerns are unwarranted and overblown, others believe that the general availability of .zip (and .mov) TLDs introduce additional risks our already precarious online environment—especially considering that not everyone might be aware of these risks.
When is a .zip not a .zip?
.zip recently became generally available as a top-level domain (TLD) and it may become problematic.
For example, filenames (e.g. name.zip) sent over messaging apps may be converted into links and instead of opening/downloading a file, you might end up redirected to a malicious page for phishing and malware.
So let me get this straight; y'all think I'm gonna get an email from somebody@file.zip, click a link to http://totallylegit.com@file.zip and then just run whatever .exe gets downloaded? When does the #phish happen? When do I enter my username and password? Y'all know we can already make urls that end with ".zip" download a .exe instead right? #phishing #security #zip #mov #Google
I just added .zip and .mov TLD to my #pihole domain management section as global blacklist.
I simply added a regex such as "zip$" , or "mov$" (without quotes)
Why? https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
Works nicely!
Continued thread
Here's how: a [dot] #zip or [dot] #mov dark pattern relate to email delivery: Right now, there's just a handful of email providers who can guarantee that your email gets through to the recipient. If you send from your own domain, there's an excellent chance your email's not making it through. That even holds for institutional domains. That can be a powerful incentive to rely on Google or Microsoft for your email.
Continued thread
This might provide some insight into Google's #ZIP & #MOV #TLD decision, & if so it's a hideously #DarkPattern.
My thinking is that they would be trying to drive people into a relationship with Google (or some other actor capable of real-time-threat-scanning* - hence, revenue & enforced relationship.
See also email delivery. ...
_
*which presumes Google does this, which I don't think they do - I think this claim basically says "we're assuming some of you get sacrificed."
![Google representatives defended the company's use of .zip and .mov TLDs in a statement that said the company would monitor the usage of the new TLDs for any new threats they may pose. The company provided a couple of reasons why its new TLDs are safe. One is that [begin highlight] any abuse will be kept in check by browser mitigations such as Google Safe Browsing, which warns users when they attempt to navigate to a malicious website or to download malicious files. [end highlight]](https://files.mastodon.social/media_attachments/files/110/396/055/259/846/393/original/faa761a2fd8cc828.png "Google representatives defended the company's use of .zip and .mov TLDs in a statement that said the company would monitor the usage of the new TLDs for any new threats they may pose. The company provided a couple of reasons why its new TLDs are safe. One is that [begin highlight] any abuse will be kept in check by browser mitigations such as Google Safe Browsing, which warns users when they attempt to navigate to a malicious website or to download malicious files. [end highlight]")
Continued thread
I found the delegation report for the .zip domain, it references the "New gTLD Application Process Completed" https://www.iana.org/reports/c.2.9.2.d/20140910-zip
I'm new to this but the report itself, doesn't have the word “security” in it at all https://www.iana.org/reports/tld-transfers/gtld-readiness-1-1678-17174.pdf.
There is a "Did the Application successfully complete the Technical and Operation Capability review? - Yes" but I need to read more what exactly are the technical parameters for a new TLD string to be acceptable.
Strangely enough, there is also a "Public Comment Period" with "Was the public provided an opportunity to submit comments on the Application? - Yes"
Has anyone in the history of anything ever heard of ICANN public comment for new TLDs?
#websec #security #zip #mov #icann
I'm new to this but the report itself, doesn't have the word “security” in it at all https://www.iana.org/reports/tld-transfers/gtld-readiness-1-1678-17174.pdf.
There is a "Did the Application successfully complete the Technical and Operation Capability review? - Yes" but I need to read more what exactly are the technical parameters for a new TLD string to be acceptable.
Strangely enough, there is also a "Public Comment Period" with "Was the public provided an opportunity to submit comments on the Application? - Yes"
Has anyone in the history of anything ever heard of ICANN public comment for new TLDs?
#websec #security #zip #mov #icann
www.iana.org
Delegation Report for .zip
Zip domains, a bad idea nobody asked forGoogle Registry actually announced eight new top-level domains (TLDs) that day: .dad, .phd, .prof, .esq, .foo, .zip, .mov, and .nexus, but it was dot zip and dot mov that had security eyeballs looking skywards, because of their obvious similarity to the extremely popular and long-lived .zip and .mov file extensions.
https://www.malwarebytes.com/blog/news/2023/05/zip-domains #zip #domain #mov #google
MalwarebytesZip domains, a bad idea nobody asked for
If you run a #Discord server, here is an AutoMod rule for #zip and #mov TLDs.
Add the following regex:
(.*)\.zip(.*)?
(.*)\.mov(.*)?
This does probably block the TLDs from being mentioned in passing at all, but I think that's for the best.
I'm sure people can make better #regex than me - if you have a better one, feel free to share!
It is possible now to register a zip TLD that will start downloading a file when accessed.
For example, it is a possible scenario that in the nearest future when a colleague sends you a message "sure, check the manifest.zip, should be on the our share" - and the communicator will convert the manifest.zip to a clickable link (because .zip is now a legal top-level domain). You would think this is your colleague doing you a favor linking the share location. But no, you would be scammed by the attacker that previously registered the manifest.zip domain and serves the malicious manifest.zip there.
What's your opinion on that? Will the community raise an alert and committees will come up with the exceptions for ZIP and MOV (yes, there is also .mov now) to not resolve automatically? Should we as developers think about the consequences?
PS. More details on the post and linked article.
redditNew TLDs are available. .zip and .mov and it seems a bit concerningEdit: OK guys I heard you, .com is an executable. We get it....
