[Coco] Big Security Issue
gene heskett
gheskett at shentel.net
Sat May 27 10:43:47 EDT 2023
On 5/27/23 09:55, Patrick Ulland via Coco wrote:
> It seems many folks have this backwards. There is nothing wrong with a
> zip file. The problem is 'smart browsers'. The example was an existing
> site you know and trust includes the text 'never run 42.zip, yadda...'
> That is now a valid URL, some future browser update will autoconvert
> that text into a link the author never intended to be there. Google has
> also added .mov and .foo to gather in more innocent sites. Is there a
> troll in the house?
>
Yes, google. Use ddg aka duckduckgo. The only way to discourage
google's vacuum cleaner for your private data is to quit using it.
Ditto for m$'s bing. That hits them in the pocketbook. And its the only
language universally understood.
TANSTAAFL folks. Its a law you can't break even if you wanted to.
> If you are in control of your connection, David has the fix. Blackhole,
> son. The only sites on these new domains will be boutique, or scammers.
> Mostly scammers.
>
> You can always check the link - hover over, rt click, something will
> popup the actual URL. If based on a known website, all is well:
> https://computerarchive.com/Disks/Utilities/Coco.zip. If the link was
> just text before, it is now a standalone website, helpfully (and
> invisibly) autocompleted to https://CoCo.zip. Any random can register
> that domain.
>
>
>
>
> On 5/26/2023 9:54 PM, David Ladd via Coco wrote:
>> On Fri, May 26, 2023 at 8:38 PM coco--- via Coco <coco at maltedmedia.com>
>> wrote:
>>
>>> All Coco list users.
>>> <cut>
>>>
>>> f i l e . z i p ( I have added extra spaces here for safety )
>>>
>> For those who do care about DNS security, I would probably just blacklist
>> the TLDR zip in your DNS server like PiHole or other DNS service you
>> might
>> be using.
>>
>> Once I saw the TLDR show up called "zip" I knew it would be a problem and
>> just blacklisted it right off the bat.
>>
>> Personally ICAN should never have allowed "zip" to be a TLDR.
>>
>>
>>
>>> <cut>
>>>
>>> In particular
>>>
>>> --
>>> Coco mailing list
>>> Coco at maltedmedia.com
>>> https://pairlist5.pair.net/mailman/listinfo/coco
>>>
>>
>>
>>
>> Sincerely,
>> David Ladd
>> ***END OF LINE***
>>
>
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/>
More information about the Coco
mailing list