Hello and welcome to the Monday, May 15, 2023 edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Almost 10 years ago, Google was approved for the use of the generic top-level domain.sip as well as dot-M-O-V.

Google hasn't really used those two top-level domains since then, but started actually allowing

registrations of these domain names about a month ago.

Now, initially, there was sort of a limited release.

You had to pay, basically, an extra early registration fee starting last week.

Anybody for the standard fee of as low as $15 a year was able to register these domain names.

Now, there still appears to be sort of some variation in the exact price of the domain name,

some more popular, like based in English words and such, appear to be more expensive.

But what happened was that basically announced that this little bit of a gold rush started

of people registering domain names ending in dot zip and dot MOV.

The reason this is significant is that these are of course standard file extensions.

So some of the domain names being registered are, for example, office update.zip,

update.zip, installer.zip, and similar domain names that really are reminiscent of file names.

This, of course, could first of all lead to fishing attacks that confuse the user about whether or not they're

actually opening a local file or a remote URL.

The other risk here is that many tools like email readers and such may convert zip file names

into URLs.

And then when you're sort of hovering over that link to that external site now,

well, you're actually doing a DNS lookup, or maybe a user may, by mistake, click on it,

which then will leak the name of that zip file. Sip file names are usually nothing sort of

...