Skip to content
  • Categories
  • Recent
  • Popular
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

NodeBB-ActivityPub Bridge Test Instance

  1. Home
  2. Categories
  3. Fediverse memes
  4. Voyager changed to lemmy.zip as well

Voyager changed to lemmy.zip as well

Scheduled Pinned Locked Moved Fediverse memes
fedimemes
26 Posts 15 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

    Welcome post: https://lemmy.zip/post/40323214

    Voyager change: https://lemmy.dbzer0.com/post/45890744

    Link Preview Image
    solsangraal@lemmy.zipS This user is from outside of this forum
    solsangraal@lemmy.zipS This user is from outside of this forum
    solsangraal@lemmy.zip
    wrote last edited by
    #4

    been on .zip 2 years-- its been great, and @Demigodrick@lemmy.zip is incredible as admin

    demigodrick@lemmy.zipD H 2 Replies Last reply
    24
    • solsangraal@lemmy.zipS solsangraal@lemmy.zip

      been on .zip 2 years-- its been great, and @Demigodrick@lemmy.zip is incredible as admin

      demigodrick@lemmy.zipD This user is from outside of this forum
      demigodrick@lemmy.zipD This user is from outside of this forum
      demigodrick@lemmy.zip
      wrote last edited by
      #5

      That's very kind of you ❤️

      1 Reply Last reply
      19
      • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

        Welcome post: https://lemmy.zip/post/40323214

        Voyager change: https://lemmy.dbzer0.com/post/45890744

        Link Preview Image
        M This user is from outside of this forum
        M This user is from outside of this forum
        muzzle@lemm.ee
        wrote last edited by
        #6

        Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?

        blackn1ght@feddit.ukB blaze@lemmy.dbzer0.comB T lumun@lemmy.zipL 4 Replies Last reply
        6
        • M muzzle@lemm.ee

          Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?

          blackn1ght@feddit.ukB This user is from outside of this forum
          blackn1ght@feddit.ukB This user is from outside of this forum
          blackn1ght@feddit.uk
          wrote last edited by
          #7

          Feddit.uk is pretty good for this. I think our defed list is pretty minimal.

          1 Reply Last reply
          3
          • M muzzle@lemm.ee

            Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?

            blaze@lemmy.dbzer0.comB This user is from outside of this forum
            blaze@lemmy.dbzer0.comB This user is from outside of this forum
            blaze@lemmy.dbzer0.com
            wrote last edited by
            #8

            Both list of blocked instances are in the body of this post

            Lemm.ee federates HB, and lemmy.zip does too.

            1 Reply Last reply
            8
            • J joyjoy@lemmy.zip

              lemm.ee refugee here. I was considering piefed, but photon didn't support it.

              S This user is from outside of this forum
              S This user is from outside of this forum
              sc00ter@lemm.ee
              wrote last edited by
              #9

              Im currently usong boost with .ee, but i think support for that stopped too? Im going to have to change clients and instances

              1 Reply Last reply
              0
              • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                Welcome post: https://lemmy.zip/post/40323214

                Voyager change: https://lemmy.dbzer0.com/post/45890744

                Link Preview Image
                N This user is from outside of this forum
                N This user is from outside of this forum
                naiboftabr@infosec.pub
                wrote last edited by
                #10

                I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.

                blaze@lemmy.dbzer0.comB J 2 Replies Last reply
                12
                • N naiboftabr@infosec.pub

                  I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.

                  blaze@lemmy.dbzer0.comB This user is from outside of this forum
                  blaze@lemmy.dbzer0.comB This user is from outside of this forum
                  blaze@lemmy.dbzer0.com
                  wrote last edited by blaze@lemmy.dbzer0.com
                  #11

                  Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything

                  N 1 Reply Last reply
                  2
                  • N naiboftabr@infosec.pub

                    I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.

                    J This user is from outside of this forum
                    J This user is from outside of this forum
                    jax@sh.itjust.works
                    wrote last edited by
                    #12

                    Can you explain why, for me? Genuinely curious, I don't understand.

                    N 1 Reply Last reply
                    2
                    • J jax@sh.itjust.works

                      Can you explain why, for me? Genuinely curious, I don't understand.

                      N This user is from outside of this forum
                      N This user is from outside of this forum
                      naiboftabr@infosec.pub
                      wrote last edited by naiboftabr@infosec.pub
                      #13

                      The problem is that .zip conflicts with the very commonly used zip archive format which has caused user confusion - a user might click on what appears to be a URL to www.fakewebsite.zip and instead end up downloading a malicious .zip file. This creates an unnecessary and entirely avoidable security risk.

                      Google opened registration for the .zip and .mov top-level domains to the general public on May 3, 2023. Its release was immediately met with condemnation from cyber security experts as a result of its similarity with the file format of the same name. Malwarebytes warned against the use of already recognizable filenames and their confusion with top-level domains, as "plenty of users already have a clear idea that .zip means something completely different". Experts cautioned against their use, and noted that the use of .zip filetypes in cybercrime had had "an explosion" in recent years. Cisco warned against the potential for leaks for personal identifying information. Researchers also registered similar concern about Google's .mov domain.

                      Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

                      Link Preview Image
                      .zip (top-level domain) - Wikipedia

                      favicon

                      (en.wikipedia.org)

                      Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                      blaze@lemmy.dbzer0.comB 1 Reply Last reply
                      12
                      • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                        Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything

                        N This user is from outside of this forum
                        N This user is from outside of this forum
                        naiboftabr@infosec.pub
                        wrote last edited by
                        #14

                        Targeting Lemmy specifically? probably not, but that's not really the issue. It's not that being a .zip address makes the server vulnerable, it's that the existence of the .zip TLD makes everyone vulnerable:

                        Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

                        Link Preview Image
                        .zip (top-level domain) - Wikipedia

                        favicon

                        (en.wikipedia.org)

                        blaze@lemmy.dbzer0.comB 1 Reply Last reply
                        9
                        • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                          Welcome post: https://lemmy.zip/post/40323214

                          Voyager change: https://lemmy.dbzer0.com/post/45890744

                          Link Preview Image
                          T This user is from outside of this forum
                          T This user is from outside of this forum
                          tweak@feddit.uk
                          wrote last edited by
                          #15

                          lemmy.zip doesn't allow users from the UK.

                          blaze@lemmy.dbzer0.comB 1 Reply Last reply
                          5
                          • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                            Welcome post: https://lemmy.zip/post/40323214

                            Voyager change: https://lemmy.dbzer0.com/post/45890744

                            Link Preview Image
                            rickyrigatoni@retrolemmy.comR This user is from outside of this forum
                            rickyrigatoni@retrolemmy.comR This user is from outside of this forum
                            rickyrigatoni@retrolemmy.com
                            wrote last edited by
                            #16

                            You guys are making me feel left out 😞

                            1 Reply Last reply
                            0
                            • N naiboftabr@infosec.pub

                              The problem is that .zip conflicts with the very commonly used zip archive format which has caused user confusion - a user might click on what appears to be a URL to www.fakewebsite.zip and instead end up downloading a malicious .zip file. This creates an unnecessary and entirely avoidable security risk.

                              Google opened registration for the .zip and .mov top-level domains to the general public on May 3, 2023. Its release was immediately met with condemnation from cyber security experts as a result of its similarity with the file format of the same name. Malwarebytes warned against the use of already recognizable filenames and their confusion with top-level domains, as "plenty of users already have a clear idea that .zip means something completely different". Experts cautioned against their use, and noted that the use of .zip filetypes in cybercrime had had "an explosion" in recent years. Cisco warned against the potential for leaks for personal identifying information. Researchers also registered similar concern about Google's .mov domain.

                              Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

                              Link Preview Image
                              .zip (top-level domain) - Wikipedia

                              favicon

                              (en.wikipedia.org)

                              Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                              blaze@lemmy.dbzer0.comB This user is from outside of this forum
                              blaze@lemmy.dbzer0.comB This user is from outside of this forum
                              blaze@lemmy.dbzer0.com
                              wrote last edited by
                              #17

                              Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.

                              Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.

                              Link Preview Image
                              The .zip TLD: Ripe for abuse, but so far so good

                              favicon

                              DNS Research Federation (dnsrf.org)

                              Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                              Not sure if that tone is the best for a healthy debate.

                              N 1 Reply Last reply
                              5
                              • N naiboftabr@infosec.pub

                                Targeting Lemmy specifically? probably not, but that's not really the issue. It's not that being a .zip address makes the server vulnerable, it's that the existence of the .zip TLD makes everyone vulnerable:

                                Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

                                Link Preview Image
                                .zip (top-level domain) - Wikipedia

                                favicon

                                (en.wikipedia.org)

                                blaze@lemmy.dbzer0.comB This user is from outside of this forum
                                blaze@lemmy.dbzer0.comB This user is from outside of this forum
                                blaze@lemmy.dbzer0.com
                                wrote last edited by
                                #18

                                Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.

                                Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.

                                Link Preview Image
                                The .zip TLD: Ripe for abuse, but so far so good

                                favicon

                                DNS Research Federation (dnsrf.org)

                                Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                                Not sure if that tone is the best for a healthy debate.

                                1 Reply Last reply
                                0
                                • T tweak@feddit.uk

                                  lemmy.zip doesn't allow users from the UK.

                                  blaze@lemmy.dbzer0.comB This user is from outside of this forum
                                  blaze@lemmy.dbzer0.comB This user is from outside of this forum
                                  blaze@lemmy.dbzer0.com
                                  wrote last edited by
                                  #19

                                  Those users are probably going to go to feddit.uk?

                                  T 1 Reply Last reply
                                  1
                                  • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                                    Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.

                                    Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.

                                    Link Preview Image
                                    The .zip TLD: Ripe for abuse, but so far so good

                                    favicon

                                    DNS Research Federation (dnsrf.org)

                                    Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                                    Not sure if that tone is the best for a healthy debate.

                                    N This user is from outside of this forum
                                    N This user is from outside of this forum
                                    naiboftabr@infosec.pub
                                    wrote last edited by naiboftabr@infosec.pub
                                    #20

                                    Right, ok, so the problem with having a debate on this subject is that there's no reason for this risk to exist at all. There's no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.

                                    If you're weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.

                                    Also, "nothing bad has happened yet" is not a valid argument and is a terrible basis for making risk decisions.

                                    J blaze@piefed.socialB 2 Replies Last reply
                                    3
                                    • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                                      Those users are probably going to go to feddit.uk?

                                      T This user is from outside of this forum
                                      T This user is from outside of this forum
                                      tweak@feddit.uk
                                      wrote last edited by tweak@feddit.uk
                                      #21

                                      Dunno, I was already here 🐵 just thought it was worth mentioning in a community on feddit.uk hah.

                                      1 Reply Last reply
                                      1
                                      • N naiboftabr@infosec.pub

                                        Right, ok, so the problem with having a debate on this subject is that there's no reason for this risk to exist at all. There's no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.

                                        If you're weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.

                                        Also, "nothing bad has happened yet" is not a valid argument and is a terrible basis for making risk decisions.

                                        J This user is from outside of this forum
                                        J This user is from outside of this forum
                                        jax@sh.itjust.works
                                        wrote last edited by
                                        #22

                                        'This bridge is literally held together with duct tape, but it hasn't killed anyone yet!'

                                        I'm with you, unecessary risk. Thank you for the explanations.

                                        1 Reply Last reply
                                        1
                                        • M muzzle@lemm.ee

                                          Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?

                                          T This user is from outside of this forum
                                          T This user is from outside of this forum
                                          thorrjo@lemmy.sdf.org
                                          wrote last edited by
                                          #23

                                          take a peek at lemmy.sdf.org

                                          1 Reply Last reply
                                          0
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Login or register to search.
                                          Powered by NodeBB Contributors
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Popular