Blocking .zip Domains
Firewalls Don't Stop Dragons Podcast
Two weeks ago, I told you about the availability of two new top-level domains that also happen to be popular file name extensions: .zip and .mov. The ambiguity will undoubtedly be exploited by ne'er-do-wells to trick people into doing something they shouldn't do. There are clever ways to manipulate website addresses that would trick even tech-savvy people into clicking malicious links. Today I'll tell you how these tricks work and explain you can avoid all of these issues by simply blocking these new domains.
In other news: iTunes for Windows patches a nasty bug; Android malware downloaded over 420 million times; Android phones vulnerable to fingerprint brute-force attacks; Luxottica exposes 300 million customer records; free VPN service SuperVPN exposes 360 million user records; Amazon gets slap on the wrist for Ring video doorbell private data access; KeePass "master password crack" not as bad as it sounds; Twitter adding Content Notes 'fact checks' to images; Microsoft now scanning inside password-protected zip files; drone pilot is NOT killed by drone; AI is NOT likely to cause human extinction; and Brave introduces new Off The Record browsing mode. Plus my Dear Carey question: recommended cheat sheet for computer safety.
Article Links
[MacRumors] PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability https://www.macrumors.com/2023/06/01/itunes-windows-vulnerability/
[Lifehacker] This Android Malware Was Downloaded Over 420 Million Times https://lifehacker.com/this-android-malware-was-downloaded-over-420-million-ti-1850492306
[BleepingComputer] Android phones are vulnerable to fingerprint brute-force attacks https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks/
[bitdefender.com] Luxottica 2021 breach: 300 million customer records up for grabs online https://www.bitdefender.com/blog/hotforsecurity/luxottica-2021-breach-300-million-customer-records-up-for-grabs-online/
[hackread.com] Free VPN Service SuperVPN Exposes 360 Million User Records https://www.hackread.com/free-vpn-service-supervpn-leaks-user-records/
[AppleInsider] Amazon gets slap on the wrist over privacy violations with Ring cameras https://appleinsider.com/articles/23/05/31/amazon-gets-slap-on-the-wrist-over-privacy-violations-with-ring-cameras
[Naked Security] Serious Security: That KeePass “master password crack”, and what we can learn from it https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/
[Mashable] Twitter will now put Community Notes 'fact checks' on images https://mashable.com/article/twitter-notes-on-media-images
[Ars Technica] Microsoft is scanning the inside of password-protected zip files for malware https://arstechnica.com/information-technology/2023/05/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware/
[VICE] USAF Official Says He ‘Misspoke’ About AI Drone Killing Human Operator in Simulated Test https://www.vice.com/en/article/4a33gj/ai-controlled-drone-goes-rogue-kills-human-operator-in-usaf-simulated-test
[Schneier Blog] On the Catastrophic Risk of AI https://www.schneier.com/blog/archives/2023/06/on-the-catastrophic-risk-of-ai.html
[brave.com] Request "Off the Record" https://brave.com/privacy-updates/26-request-off-the-record/
Tip of the Week: Blocking .zip Domains: https://firewallsdontstopdragons.com/how-to-block-the-new-zip-domain/
Further Info
How to send files securely: https://firewallsdontstopdragons.com/how-to-send-files-securely-like-tax-info/
Checklist of Tips for my book: https://firewallsdontstopdragons.com/wp-content/uploads/2023/02/FDSDv5-workbook-v1.pdf
10 Years After Snowden: https://www.eff.org/deeplinks/2023/05/10-years-after-snowden-some-things-are-better-some-were-still-fighting
The Wayback Machine: https://web.archive.org/
In other news: iTunes for Windows patches a nasty bug; Android malware downloaded over 420 million times; Android phones vulnerable to fingerprint brute-force attacks; Luxottica exposes 300 million customer records; free VPN service SuperVPN exposes 360 million user records; Amazon gets slap on the wrist for Ring video doorbell private data access; KeePass "master password crack" not as bad as it sounds; Twitter adding Content Notes 'fact checks' to images; Microsoft now scanning inside password-protected zip files; drone pilot is NOT killed by drone; AI is NOT likely to cause human extinction; and Brave introduces new Off The Record browsing mode. Plus my Dear Carey question: recommended cheat sheet for computer safety.
Article Links
[MacRumors] PSA: If You Run Windows, Make Sure to Update iTunes to Fix Security Vulnerability https://www.macrumors.com/2023/06/01/itunes-windows-vulnerability/
[Lifehacker] This Android Malware Was Downloaded Over 420 Million Times https://lifehacker.com/this-android-malware-was-downloaded-over-420-million-ti-1850492306
[BleepingComputer] Android phones are vulnerable to fingerprint brute-force attacks https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks/
[bitdefender.com] Luxottica 2021 breach: 300 million customer records up for grabs online https://www.bitdefender.com/blog/hotforsecurity/luxottica-2021-breach-300-million-customer-records-up-for-grabs-online/
[hackread.com] Free VPN Service SuperVPN Exposes 360 Million User Records https://www.hackread.com/free-vpn-service-supervpn-leaks-user-records/
[AppleInsider] Amazon gets slap on the wrist over privacy violations with Ring cameras https://appleinsider.com/articles/23/05/31/amazon-gets-slap-on-the-wrist-over-privacy-violations-with-ring-cameras
[Naked Security] Serious Security: That KeePass “master password crack”, and what we can learn from it https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/
[Mashable] Twitter will now put Community Notes 'fact checks' on images https://mashable.com/article/twitter-notes-on-media-images
[Ars Technica] Microsoft is scanning the inside of password-protected zip files for malware https://arstechnica.com/information-technology/2023/05/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware/
[VICE] USAF Official Says He ‘Misspoke’ About AI Drone Killing Human Operator in Simulated Test https://www.vice.com/en/article/4a33gj/ai-controlled-drone-goes-rogue-kills-human-operator-in-usaf-simulated-test
[Schneier Blog] On the Catastrophic Risk of AI https://www.schneier.com/blog/archives/2023/06/on-the-catastrophic-risk-of-ai.html
[brave.com] Request "Off the Record" https://brave.com/privacy-updates/26-request-off-the-record/
Tip of the Week: Blocking .zip Domains: https://firewallsdontstopdragons.com/how-to-block-the-new-zip-domain/
Further Info
How to send files securely: https://firewallsdontstopdragons.com/how-to-send-files-securely-like-tax-info/
Checklist of Tips for my book: https://firewallsdontstopdragons.com/wp-content/uploads/2023/02/FDSDv5-workbook-v1.pdf
10 Years After Snowden: https://www.eff.org/deeplinks/2023/05/10-years-after-snowden-some-things-are-better-some-were-still-fighting
The Wayback Machine: https://web.archive.org/
Activity