this post was submitted on 21 Sep 2024
3 points (100.0% liked)

Home

833 readers
1 users here now

Lemmy.zip instance discussion.

For all things relating to Lemmy.zip.

Main instance rules apply, with the additional rules below:

founded 2 years ago
MODERATORS
Demigodrick@lemmy.zip
Sami@lemmy.zip
WeirdAlex03@lemmy.zip
v4ld1z@lemmy.zip
3
When lemmy.zip was announced, a few people were concerned about the .zip, as it could create security issues. Has it been the case so far? Has anyone ever been blocked by a work firewall due to .zip? (lemmy.zip)
submitted 1 year ago by Blaze@lemmy.zip to c/home@lemmy.zip
10 comments fedilink hide all child comments
 

Basically title, curious as I know this had been brought up a while ago but never really followed up on the topic

you are viewing a single comment's thread
view the rest of the comments
[–] 0x0@lemmy.dbzer0.com 0 points 1 year ago (1 children)

I don't get what's more concerning about the .zip TLD than any other one.

[–] BehindTheBarrier@programming.dev 1 points 1 year ago

They are just more likely to be scam like, particularly since they can be assumed to be a file at a glance.

Even more deviously, crafty urls like this further hides what you are actually doing, like this:

https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip

Hover it with your cursor, watch what that actually links too, no markup cheating involved. Anything before the @ is just user information. Imagine clicking that and thinking you downlodaed a tagged build, only to get a malware?

It's not the end of the world, but as a developer it makes great sense to just auto-block it to avoid an incident. The above URL is from this article, which says it's not as big of huge problem too:

https://www.theregister.com/2023/05/17/google_zip_mov_domains/

But it's kind of a death by a thousand cuts to me, because it's another thing with another set of consideration accross the internet ecosystem that one will have to deal with.