Fediverse memes

1431 readers

527 users here now

Memes about the Fediverse.

Rules

General

Be respectful
Post on topic
No bigotry or hate speech

Specific

We are not YPTB. If you have a problem with the way an instance or community is run, then take it up over at !yepowertrippinbastards@lemmy.dbzer0.com.
- Addendum: Yes we know that you think ml/hexbear/grad are tankies and or .world are a bunch of liberals but it gets old quickly. Try and come up with new material.

Elsewhere in the Fediverse

Other relevant communities:

founded 8 months ago

MODERATORS

BoozeOrWater@feddit.uk

flamingos@feddit.uk

Emperor@feddit.uk

wingsfortheirsmiles@feddit.uk

sga@feddit.uk

Mex@feddit.uk

126

Voyager changed to lemmy.zip as well (i.imgflip.com)

submitted 3 days ago by Blaze@lemmy.dbzer0.com to c/fedimemes@feddit.uk

25 comments fedilink hide all child comments

Welcome post: https://lemmy.zip/post/40323214

Voyager change: https://lemmy.dbzer0.com/post/45890744

you are viewing a single comment's thread
view the rest of the comments

[–] Blaze@lemmy.dbzer0.com 5 points 3 days ago* (last edited 3 days ago) (1 children)

Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything

[–] NaibofTabr@infosec.pub 10 points 2 days ago (1 children)

Targeting Lemmy specifically? probably not, but that's not really the issue. It's not that being a .zip address makes the server vulnerable, it's that the existence of the .zip TLD makes everyone vulnerable:

Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

https://en.wikipedia.org/wiki/.zip_(top-level_domain)#Security_concerns

[–] Blaze@lemmy.dbzer0.com 1 points 2 days ago

Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.

Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.

https://dnsrf.org/blog/the--zip-tld---ripe-for-abuse--but-so-far-so-good-/index.html

Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

Not sure if that tone is the best for a healthy debate.