As this post is doing numbers, I just want to remind folk this is not the end of the world. It's just a new security risk that everyone should be aware of in order to not fall for it.

I did not intend to cause a panic but to make folk aware. Folk can't avoid things they don't know are a risk.

As much as some tech-savvy folk are saying it's not an issue, my concern isn't for the extremely tech savvy, my concern is for average users making an understandable mistake (the way I've had to teach new hires how to use file directories shows what some of us think of as standard knowledge is not thanks to so many folk primarily using tablets and phones now) and the not-savvy users (like elders) getting fooled. Sometimes the warning sign is not for you, and the rest of us can tell when you haven't been dealing with average user behaviors for a long time.

It's not a giant deal but it is creating scenarios that are ripe for exploitation. It's just a shame that folk at Google and ICANN approved it. Now we all have to be aware of it to deal with that result.

Since a couple of folk asked, .zip and .mov URLs will not overwrite your ability to access local files. The concern I brought up above is more about folk confusing automatically resolved hyperlinks from plain text or search bars with legitimate files or intentional links.

You don't need to boycott anyone over it, and the horse is already out of the gate so it's not likely to go away even if you protest it.

Just be aware and be cautious.

Right now, since the domains are new and very few if any legitimate registration uses have been made, it's not a bad idea to block the TLDs at least temporarily until there's known legitimate uses, the initial fervor has died down, and awareness has increased. "The ICSS recommends to disable access to .zip domains entirely until the dust settles and risks can be accessed."

If you want to block the domains, here's a couple of tutorials:

Jeffrey Appel: Block gTLD (.zip)/ FQDN domains with Windows Firewall and Defender for Endpoint

The SQL Herald: Blocking .zip and .mov Top Level Domains from Office 365 Email

I saw some folk saying adding ||zip^ and ||mov^ (including the || and ^s) to your My Filters tab in uBlock Origin will do it for the browser that has uBlock enabled, but I have not tested it.

New Things to Beware on the Internet

On May 3rd, Google released 8 new top-level domains (TLDs) -- these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.

Usually, this should be a cool info, move on with your life and largely ignore it moment.

Except a couple of these new domain names are common file type extensions: ".zip" and ".mov".

This means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it's in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.

What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.

Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.

This is what we're seeing only 12 days into the domains being available. Only 5 days being publicly available.

What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you're on, don't enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.

I'm seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company's internet, and that's probably wise.

Be cautious out there.