I feel like the .zip TLD debate is one of those cases where it's very easy for the purest security view to overwhelm the practical human reality. I'm yet to see a single good argument that is likely to have real world consequences as far as phishing goes and whilst I understand the sentiment surrounding the confusion new TLDs with common file types, all "the sky is falling" commentary I've seen is speculative at best. But hey, there's no rolling it back now, we can start judging by what actually happens with the TLD rather than sitting around creating misuse hypotheses.
References
- The .zip TLD situation really isn't going to impact phishing (and if you don't agree, too bad, it's here now so we'll know for sure soon enough)
- The ABC's "mosaic effect" visualisation of HIBP data is really cool (give this a go, it's a great way of seeing what the impact of data breaches really looks like)
- Luxottica had over 70M unique customer records exposed (also looks like they never contacted impacted individuals)
- Sponsored by: Kolide can get your cross-platform fleet to 100% compliance. It's Zero Trust for Okta. Want to see for yourself? Book a demo.