Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Most TLDs are not the names of commonly used file transfer protocols, right? I think that's the primary difference that is concerning to the author of the post we are commenting on, and I it find convincing.


So surely there's some evidence from past TLDs like .app


When was the last time you used any file with .app?

.zip on the other hand is used more frequently across multiple operating systems.


Anyone that uses/used NeXTSTEP, OPENSTEP, Mac OS X, or GNUSTEP is very familiar with program names that end with .app


.app is the equivalent to .exe on MacOS, so for most MacOS users the answer is probably daily.


Not a Mac guy so this was a blank spot in my brain. thank you.


Zip isn't a file transfer protocol, it's a file compression format and popular file extension. Still, I don't understand a scenario in which this is going to be abused for exploitation.


Alice sends Bob an email containing the text resource.zip somewhere. Alice and Bob both trust each other. Bob's mail client converted the text into a link, Bob clicks the link and ends up on Mallory's website where the exploit is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: