Google Did Something REALLY Stupid - Protect Yourself!

  Рет қаралды 370,831

ThioJoe

ThioJoe

Күн бұрын

The dumbest move I've seen in a while...
• PART 2 (It's WORSE Than I Thought): • Google's Zip Domains A...
⇒ Become a channel member for special emojis, early videos, and more! Check it out here: kzfaq.infojoin
▼ Time Stamps: ▼
0:00 - What's Going On?
1:37 - The Trick
3:12 - Is It Really That Bad?
3:54 - My Point: It's Still Worse
7:27 - Another Reason It's Bad
9:22 - How to Defend Against It?
9:54 - Just Block ALL .zip domains
10:22 - Blocking With DNS Services
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

Пікірлер: 1 400
@mikefischbein3230
@mikefischbein3230 Жыл бұрын
Even disregarding security risks, the obvious potential for confusing filenames and urls should have already been a dealbreaker.
@meghanachauhan9380
@meghanachauhan9380 Жыл бұрын
Yea... It's gonna be a new golden era of hacking. Everything you built shall fall and on the ashes of your filesystems, we'll build a better one
@dingdong2103
@dingdong2103 Жыл бұрын
Even bigger problem is the way how Microsoft hides file extensions by default
@Darkn3ssF4ll
@Darkn3ssF4ll Жыл бұрын
Blame IANA
@ruadeil_zabelin
@ruadeil_zabelin Жыл бұрын
@@dingdong2103 Yes! I hate that so much. Its such a security flaw its rediculous. It also doesnt make it any more easy to use either
@heavy0119
@heavy0119 Жыл бұрын
@@meghanachauhan9380 fear mongering at its finest.
@villegasrenzjustinel.5596
@villegasrenzjustinel.5596 Жыл бұрын
Using firefox tells a confirmation box if you want to browse the specific link after the '@' characters, while edge directly go to the link. Thumbs up firfox
@dluziond
@dluziond Жыл бұрын
oh nice
@Finalizor
@Finalizor Жыл бұрын
more reasons to stay on firefox
@stupidfanboyph
@stupidfanboyph Жыл бұрын
​​@@Finalizorut my office dont want to and keep Google Chrome. And with manifest v3 rolling out soon, not gonna be surprised if we get hacked or rnsmwred.
@ArtflPhenix
@ArtflPhenix Жыл бұрын
hmm does not work on youtube comments specially the @ sign and any text is not included in the link
@fss1704
@fss1704 Жыл бұрын
@@ArtflPhenix you forgot to use the unicode slash
@SmallLegacy
@SmallLegacy Жыл бұрын
Google yet again proving they don't really care about user/consumer protection
@eIucidate
@eIucidate Жыл бұрын
Username: user Password: consumer
@breadone_
@breadone_ Жыл бұрын
im not even sure they dont care. theyre just completely incompetent
@near5148
@near5148 Жыл бұрын
​@@eIucidate hacker: imma type this is in
@Irobert1115HD
@Irobert1115HD Жыл бұрын
its likely more someone with money but no brain getting to much to say at google. internet companys shouldnt be on sthe stock market and this is another piece of evidence.
@haroldcruz8550
@haroldcruz8550 Жыл бұрын
Never attribute to stupidity that which can be adequately explained by malice.
@5H4D0WOfficial
@5H4D0WOfficial Жыл бұрын
Imagine the nightmare of scams if Google releases domains of all types of file extensions 😱💀
@progCan
@progCan Жыл бұрын
google should have -infinity IQ to do that.
@sky_dragonsz
@sky_dragonsz Жыл бұрын
they also added .mov
@p3rf3ctxzer0
@p3rf3ctxzer0 Жыл бұрын
don't worry .rar4 is coming when google buys rar.
@BoltRM
@BoltRM Жыл бұрын
🔥😳🔥
@sc1ss0r1ng
@sc1ss0r1ng Жыл бұрын
example.exe
@triive.
@triive. Жыл бұрын
A mistake from a multi trillion dollar company?! Dang.
@Splarkszter
@Splarkszter Жыл бұрын
Worst is that they don't seem to want to back down "iT's ToO mUcH pApErWoRk" F_CK THEM ALL if you want something fixed, abuse it as hell.
@sihamhamda47
@sihamhamda47 Жыл бұрын
And this is not their first mistake this year (because we have KZfaq starting to block any adblock extension from earlier this month)
@triive.
@triive. Жыл бұрын
@@sihamhamda47 Bruh-
@charginginprogresss
@charginginprogresss Жыл бұрын
"mistake"
@MegasXLR
@MegasXLR Жыл бұрын
@@sihamhamda47 if they block ad blockers I'm just not watching anymore KZfaq lmao I will not tolerate 2 30 second ads on a 3 minute video!
@LaughingOrange
@LaughingOrange Жыл бұрын
I consider myself a computer expert, but with decent social engineering, I would totally fall for this.
@ExacoMvm
@ExacoMvm Жыл бұрын
I wonder in what kind scenario? I honestly don't really see myself falling for it, the username:password URL thing yes but whatever goes after that would be harmless to me, unless it's some super SE e.g. Patreon or Discord Mod/Admin's of some plugin/tool or modded game gets hacked and someone edits one of the links with own attached malware, but it doesn't mean that someone couldn't simply replace the file with their own so the .zip domain maybe adds some risks but not really that much, it's just +1 way of hacking someone of a hundreds of ways.
@bestaround3323
@bestaround3323 Жыл бұрын
@Exaco I mean those who think themselves unable to be fooled are some of the simplest to fool. Hubris will get you in trouble.
@haukikannel
@haukikannel Жыл бұрын
Yeah… A post from my own company would go unnotised… This is really bad…
@ember9361
@ember9361 Жыл бұрын
@@ExacoMvm 5:10 About a third of this video is giving examples bud.
@technocracy90
@technocracy90 Жыл бұрын
@Exaco Oh yeah, a classic "computer expert" saying more security hazards for "average people" is not a big deal, as if computers are only used by "experts". A friendly reminder is that even such tools that are used by nobody else than astronauts level experts, such as spacecraft themselves, are designed super carefully to minimize potential hazards. Imagine a single astronaut saying "eh I'm an expert so poor UI is not a big deal, make the numbers more confusing and I can deal with them" and you'll be like "wow what an expert he is" right?
@guardian1102
@guardian1102 Жыл бұрын
It's funny how Google with all it's technically skilled engineers and programmers can somehow reach the conclusion that a dot zip domain is somehow a great idea.
@redstoneparadox
@redstoneparadox Жыл бұрын
This is probably coming solely from corporate; the engineers probably realized that their concerns would at best fall on deaf ears.
@aquarius5719
@aquarius5719 Жыл бұрын
I used to believe that to work at Google you had to be brilliant. Now I am not sure.
@ember9361
@ember9361 Жыл бұрын
@Central Based Agency are you seriously blaming immigrants in this? Lmfao
@notcorrect
@notcorrect Жыл бұрын
Google did this so they can make a quick buck off of scammers. They know what they are doing.
@LauraLovesHugs
@LauraLovesHugs Жыл бұрын
@@ember9361 yeah lol this decision REEKS of high level executives trying to make some extra money wherever they can while ignoring engineers, immigrant or otherwise. being racist doesn't solve any of these problems it's just pointing fingers at a group that isn't responsible and excusing the people who actually are.
@tortoisesquid
@tortoisesquid Жыл бұрын
I literally had to explain the different between home wifi and mobile data to a family member its going to be hard to explain .zip and the dangers. I feel like this was a google employee joke that went so far to become true.
@bountoj
@bountoj Жыл бұрын
Holy shit, I thought I was the only one. A good majority of my family members don't understand this.
@tj71520
@tj71520 Жыл бұрын
most computer users will be powerless against this new problem 😢
@FlyboyHelosim
@FlyboyHelosim Жыл бұрын
Yeah, my dad's using limited mobile data like it's unlimited Wi-Fi. 😳
@DavidM2002
@DavidM2002 Жыл бұрын
That is far more common than you might think. If you say "data" to many people, they equate that to cell data usage; it's either "wifi" or "data" if they even understand that.
@Liggliluff
@Liggliluff Жыл бұрын
And people saying "wi-fi" when they mean internet is already common. Wi-fi is wireless connection irregardless of an internet connection. You can have wi-fi and no internet.
@eddielowe8189
@eddielowe8189 Жыл бұрын
Zip is a file extension so why confuse things by making it a domain. With companies out there making dumb decisions staying safe has got so much harder.
@thedrunkenrebel
@thedrunkenrebel Жыл бұрын
There should be a blacklist of words unable to be used for certain computer stuff, and it's funny why the past 4 decades haven't sprouted such list
@eddielowe8189
@eddielowe8189 Жыл бұрын
@@thedrunkenrebel I fully agree, that some words should never be used for more than one purpose. We are being forced to use programs and trust them to keep us safe because companies make bad choices. the average user may not be aware they have holes in the network and those that do will forever be fixing them because of companies like Microsoft.
@gardian06_85
@gardian06_85 Жыл бұрын
it mostly comes down to there are only so many 3 character combinations, and the decision to have the majority of TLDs be 3 letters (easier to remember, easier to identify, less likely to be confused or misrepresented), but still be meaningful at least in English. then almost anyone with enough funding and infrastructure can register a TLD. what probably happened here was Marketing handed down a list they came up with, and either it was given to a few of the thousand some people that were pre-poached as something to do. Or a fully versed team tried to give push back, but was told it was a required directive, and they HAD to complete.
@ericb6048
@ericb6048 Жыл бұрын
it's not a mistake, it's tactical agenda IMO. They're distressing the internet users to offer digital ID as the fix.
@ens0246
@ens0246 Жыл бұрын
I went on the site to see what their justification for creating this domain is and it's literally just "zip domains let your customers know you're fast paced and a real cool guy" unbelievable
@ApfelJohannisbeere
@ApfelJohannisbeere Жыл бұрын
Please don't forget that Google also released the .mov TLD (Top-Level-Domain) which can be ALSO seen as a file extension, in this case .mov witch is a MPEG-4 Apple Quick Time file format!
@philadams9254
@philadams9254 Жыл бұрын
Yeah, that's also dumb. All so they can troll Apple apparently
@tookitogo
@tookitogo 5 ай бұрын
FYI, .mov is _any_ QuickTime movie, regardless of codec used. .mov is a container format that doesn’t tell you anything about the contents within.
@_SJ
@_SJ Жыл бұрын
Ah.. yes... From the 1.56 Trillion Dollar company. Keep it up Google 👍🏻
@hungariancountryball2928
@hungariancountryball2928 Жыл бұрын
Lol
@RKlol24
@RKlol24 Жыл бұрын
Literally google fail moment💀💀
@killedbydead2953
@killedbydead2953 Жыл бұрын
How STUPID can they be??!!
@goodgoyim9459
@goodgoyim9459 Жыл бұрын
indian power, so remarkable woooow
@beforedrrdpr
@beforedrrdpr Жыл бұрын
​@@goodgoyim9459 what?! 😅
@GYTCommnts
@GYTCommnts Жыл бұрын
I've been suffering Google's ""mistakes"" lately: - Only can debloat Android TV from outside the system. - Can't disable Bluetooth discovery on some Android TVs. - Chromcast built in "guest mode" enabled by default and can only be disabled by Google Home app, or disabling the chromecast app entirely. And so on... That's why rooting devices and having advanced options for the ones who know what they are doing is mandatory to avoid headaches from this multi billon corporations that see you only as a product, so they don't care the problems they produce in your day to day life...
@hydra3693
@hydra3693 Жыл бұрын
not to mention no banking apps for custom ROMs without stupid cat and mouse workarounds that may randomly stop working and rely on deprecated access modes. Android peaked in 2014.
@tehdanny682
@tehdanny682 Жыл бұрын
I recently ordered an Android TV and wasn't aware of these issues, so thanks for the warning, I'll take a look at those when I get the TV.
@tehdanny682
@tehdanny682 Жыл бұрын
@@hydra3693 hmm yes, I know some of these words. Are you handling your banking on your TV? Or is that an Androind phone issue
@encycl07pedia-
@encycl07pedia- Жыл бұрын
@@tehdanny682 I got a Chromecast recently with KZfaq TV (I'm not sure if it's the same thing UI-wise). Bloat is a nuisance more than anything else. I'm not saying it's good, but it's not, AFAIK, some major security issue. The most aggravating thing about it is the lack of buttons on the remote virtually forcing you to use voice recognition to do anything. It's hard to blame Google for Android failings when Android is often modified by the OEMs. Samsung's Android is quite different from Google's.
@tehdanny682
@tehdanny682 Жыл бұрын
@@encycl07pedia- Ah, so I'm not necessarily getting bloat issues with my Philips android tv, it's just that some companies adds all of their apps, makes sense.
@Yougi
@Yougi Жыл бұрын
6:14 Fun fact, Discord actually hides credentials in URLs, so people would be less likely to get tricked!
@ThioJoe
@ThioJoe Жыл бұрын
Good to know
@jer1776
@jer1776 Жыл бұрын
Itll probably take Google months to make a Chrome/Gmail update that does that.
@hadassahsoddsandends
@hadassahsoddsandends Жыл бұрын
@@ThioJoe It might be good to know, if I understood what it meant!
@MyMobileGames
@MyMobileGames Жыл бұрын
@@hadassahsoddsandends somthing private information
@encycl07pedia-
@encycl07pedia- Жыл бұрын
@@hadassahsoddsandends "Credentials" is just a way of saying username and password, essentially: the stuff you need to log in to a website.
@PhotonMonkeygames
@PhotonMonkeygames Жыл бұрын
In a couple of months google will announce that Chrome will block zip domains by default to protect users. They’ll spin it that they are the only company that cares about this issue and if you want protection you must use Chrome.
@KaldekBoch
@KaldekBoch Жыл бұрын
Cheers mate, I'm a senior infosec resource for a 150,000 person business and I've used your video as our internal assessment. I've always liked your approach to content on InfoSec topics.
@hungariancountryball2928
@hungariancountryball2928 Жыл бұрын
Why is every company destroying themselves rn?
@justsomeguywithoutamustang6436
@justsomeguywithoutamustang6436 Жыл бұрын
I knew it! Google being run by Aliens
@goodgoyim9459
@goodgoyim9459 Жыл бұрын
@@justsomeguywithoutamustang6436 i thought it was just indians?
@hungrygrimalkin5610
@hungrygrimalkin5610 Жыл бұрын
Haven't you seen the google graveyard? Google is a failure, they got the low hanging fruit of search engine monopoly at a time with almost non existent alternatives and dominated through that same search engine. If Google were to start nowadays, nobody would know them.
@mind_of_a_darkhorse
@mind_of_a_darkhorse Жыл бұрын
One word sums up their self-destruction...greed! When profits are more important than the product or the workers, it is a sure sign of eventual collapse! The pursuit of constant growth is unsustainable!
@ItsWuLx
@ItsWuLx Жыл бұрын
@@goodgoyim9459 bros a bot
@MasicoreLord
@MasicoreLord Жыл бұрын
Google Chrome should implement -the same- a similar warning as firefox did, -when the domain you'd actually end up at doesn't require authentication in the url.-
@fss1704
@fss1704 Жыл бұрын
it doesn't solve much
@tpkowastaken
@tpkowastaken Жыл бұрын
@@fss1704 Yeah hackers can just require authentication
@MasicoreLord
@MasicoreLord Жыл бұрын
@@tpkowastaken seems chrome removed support for that auth method in url years ago, and it just strips them out prior to navigating So looks like that warning would have to be something else.
@autohmae
@autohmae Жыл бұрын
@@MasicoreLord no, it's worse, the behavior in Chrome hasn't changed, it's the same behavior IE removed over 15 years ago. I just tested, give it a domain with username and password and it will visit the website and authenticate with username and passport and as every browser has done: does not show anything about that in the URL, just the domain/website
@goku445
@goku445 Жыл бұрын
Why do you use a product made by the enterprise that's the root cause of the issue?
@luckywetland
@luckywetland Жыл бұрын
Sometimes I feel that big companies like Google make such mistakes deliberately to sell you some extra useless feature claiming they’re protecting you.
@mrdiamond64
@mrdiamond64 Жыл бұрын
I noticed that Firefox would show a prompt saying your logging into a site, and with the true domain. This would probably stop most phishing attacks if it was implemented in other browsers.
@ronnyparker7148
@ronnyparker7148 Жыл бұрын
well google owns firefox, so what do you think that says about concern for users/customeers
@Atlessa
@Atlessa Жыл бұрын
Google owns Firefox? Since when?
@Legendendear
@Legendendear Жыл бұрын
@@Atlessa They dont, but Firefox is financed by google. (To avoid monopoly lawsuit)
@Sid-69
@Sid-69 Жыл бұрын
​@@Legendendear And Apple financed Microsoft at one time. (Or was it vice versa?🤔) Anyway, financing ≠ owning
@Legendendear
@Legendendear Жыл бұрын
@@Sid-69 Isnt that exactly what I said?
@parkamark
@parkamark Жыл бұрын
7:00 You can't have underscores in domain names but dashes are certainly possible.
@ThioJoe
@ThioJoe Жыл бұрын
Ah i see, yea same idea
@underscore.
@underscore. Жыл бұрын
haha 7:00 and 7 likes
@SCIBER-IO
@SCIBER-IO Жыл бұрын
How did you spot that dam.. Please print screen this command and show it in ur next salary discussion u deserve a raise dude
@Sid-69
@Sid-69 Жыл бұрын
Can you have dashes either? I think you mean hyphens
@tin2001
@tin2001 Жыл бұрын
@@Sid-69 Difference? Aren't dashes and hyphens the exact same character?
@friarruse1827
@friarruse1827 Жыл бұрын
This is not a mistake. Google knows that scammers and malicious actors will pay for these domains, thus making them more money. It's always about money.
@memyshelfandeye318
@memyshelfandeye318 Жыл бұрын
How does Google make money from domains? Hint: Google is not selling domain names ...
@JaivianDean
@JaivianDean Жыл бұрын
@@memyshelfandeye318 .zip domains are currently being sold for 15 dollars/yr. This is because they just got released
@Mario583a
@Mario583a Жыл бұрын
@@memyshelfandeye318 Fine, we'll do it ourselves!!
@humilulo
@humilulo Жыл бұрын
@@memyshelfandeye318 no, when a company buys a TLD they buy the rights to sell domain names with that TLD ending. so this means Google bought rights to sell domain names that end in '.zip'.
@ericb6048
@ericb6048 Жыл бұрын
@@humilulo also, the premium domains add an approximate minimum of 1million. Google makes a million in seconds.. so the real culprit here is probably to break the internet, and rush in digital ID for their WEF and govt agency masters.
@southernflatland
@southernflatland Жыл бұрын
There should be a feature where when you hover over a link, it highlights any particularly suspicious characters such as the at symbol or suspicious Unicode characters or lookalike characters in red, to alert the user that it's likely a dangerous link.
@russianspy1234
@russianspy1234 Жыл бұрын
Firefox apparently warns you if you try to go to a URL with an @ so that's nice
@eekee6034
@eekee6034 Жыл бұрын
It didn't warn me just now. Firefox version 113.0.2.
@thepikachugamer
@thepikachugamer Жыл бұрын
@@eekee6034 It is for me, tested with the url in the pinned comment. 113.0.2 (64-bit)
@xXVibrantSnowXx
@xXVibrantSnowXx Жыл бұрын
i use latest firefox, didn't get any warning
@bobwatkins1760
@bobwatkins1760 Жыл бұрын
Good to know that someone is savvy enough to alert us netizens on upcoming scams and corporate stupidity. Thanks for the heads up!
@Enclave.
@Enclave. Жыл бұрын
I still can't believe how well you transitioned from tech pranks to being an actual tech channel.
@jase_allen
@jase_allen Жыл бұрын
I caught the @ right away. It reminded me of a link an acquaintance sent me years ago with a username and password built in. But yeah, the vast majority of people I know wouldn't think anything of it. If I didn't have that previous experience, I might not either.
@russianspy1234
@russianspy1234 Жыл бұрын
The biggest issue is autolinking though. So if you send someone an attachment, and mention the name of the zip file in the email, and the receiver clicks that link instead of the actual attachment, they'll be directed to that site which may or may not be malicious.
@ImpossibleOrange
@ImpossibleOrange Жыл бұрын
yeah, I see how this feature can be used without the .zip bit. having a legit looking url with @example .[any available domain] is still a really good way to trick someone. Unless you're aware about the @ exploit you wont have a clue. Since firefox already has a warning for it someone probably tried something like that already.
@ImpossibleOrange
@ImpossibleOrange Жыл бұрын
with autolink just take a domain with a common filename like presentation, project etc. and load it up with a virus
@Jerios
@Jerios Жыл бұрын
Another thing I would like to point out is that there are also malicious "mov" domain names as well that google let you register So watch out for those as well cheers
@lmaoidgaf
@lmaoidgaf Жыл бұрын
ThioJoe is the one scientist that warns everyone before the destruction.
@lmaoidgaf
@lmaoidgaf Жыл бұрын
Obviously no one hears him now until some big scam got played using this trick and then everyone becomes an expert 😂
@nicholasvinen
@nicholasvinen Жыл бұрын
“Your scientists were so preoccupied with whether they could, they didn't stop to think if they should.”
@Sid-69
@Sid-69 Жыл бұрын
"Thio Oppenheimer"
@Becke963
@Becke963 Жыл бұрын
NextDNS is actually free for the first 300,000 queries/month (When exceeding the free monthly quota, NextDNS will continue to answer DNS queries like a classic non-blocking DNS service)
@rafaeltorovip
@rafaeltorovip Жыл бұрын
I do really appreciate the time you take to make videos like this one, alerting us of potential dangerous situations. Thanks.
@hrudyplayz
@hrudyplayz Жыл бұрын
The issue isn't really the .zip extension but rather that browsers still support that antiquated URL format in the first place.
@adam.gibson
@adam.gibson Жыл бұрын
I am really surprised nobody at google could convince Google not to do this. That they would think this was an acceptable thing to do is just really bad for security.
@SimplyElectronicsOfficial
@SimplyElectronicsOfficial Жыл бұрын
Yeah, I have always been very good at spotting suspicious urls but this may very well trip me up in future given that I pull from github and other codebases a lot! Google should just park this domain extension never to be used by anyone
@lillyblackblood
@lillyblackblood Жыл бұрын
I absolutely agree with you. I could see myself falling to that type of scan and I consider myself fairly aware of scams.
@hidenfn
@hidenfn Жыл бұрын
This is pretty incredible, I was being safe about clicking links before but having to read the end of it every time is a bummer.
@ho77iday
@ho77iday Жыл бұрын
I have a feeling there's a catch. Even if it's benign, no one would want to click on it, so therefore, who would want to register it?
@steveb1739
@steveb1739 Жыл бұрын
Appreciate your keeping us on top of this! Thank you very much Joe!
@anon_y_mousse
@anon_y_mousse Жыл бұрын
I definitely think you're right about this one. Even those of us on Linux could potentially have a problem with it. The only solution I offer is to manually type in the domain name of whatever website you want to visit and once you've navigated somewhere within that site bookmark it and only ever use the bookmark going forward.
@charleswhite2426
@charleswhite2426 Жыл бұрын
That has been my practice for awhile now.
@Sonario648
@Sonario648 Жыл бұрын
But how would you know the name of the exact url without first typing it in?
@anon_y_mousse
@anon_y_mousse Жыл бұрын
@@Sonario648 You wouldn't need to know the exact URL, just the domain name. As I said, navigate from there to where you need to be on a given site and bookmark that.
@xXVibrantSnowXx
@xXVibrantSnowXx Жыл бұрын
@@anon_y_mousse That barely fix half the problem
@mmzett
@mmzett Жыл бұрын
I would like to correct that this isnt that big of a deal, because you can make this with any domain and then redirect it to a malicious link
@AussieMysteries
@AussieMysteries Жыл бұрын
Thanks Joe, I'm already on facebook in my local community spreading this info. This is a really stupid move by google.
@birdieberry
@birdieberry Жыл бұрын
Wow...this is insane. Thanks for the heads-up!
@ilovefoxes344
@ilovefoxes344 Жыл бұрын
BRUH. Is Google trying to help scammers or what?
@aerosw1ft
@aerosw1ft Жыл бұрын
They didn't even bother fixing scammers in youtube comments, don't think this would be any different
@ilovefoxes344
@ilovefoxes344 Жыл бұрын
Google is literally on Team Scam!
@hdezn26
@hdezn26 Жыл бұрын
Google is paid directly by scammers.... why do we see bad ads, spam ,and other shady **** on google's platforms? That's why..... And that's why I block ads due to this... Google ain't going to give up that Scammer money especially after they lost all that ad revenue in the ADpocalipse.... and other incedents afterward... Also hour or multi-hour long ads... that's just a joke... If I wanted to watch a Infomercial.... I'd stay up late at night to see em... Sorry... Rant.
@Fighter_Builder
@Fighter_Builder Жыл бұрын
They already don't do anything about scammers buying Google Search ads for popular software like OBS, so at this point I'd be legitimately surprised if they weren't actively trying to help them.
@ilovefoxes344
@ilovefoxes344 Жыл бұрын
I am starting to believe that Google's CEO is the world's best scammer.
@TRSC25
@TRSC25 Жыл бұрын
1:20 "Can you tell which one would download a .zip file with a virus in it?" Me who already watched sytonic's video -
@robertdelossantos633
@robertdelossantos633 Жыл бұрын
No I'm thankful that you take the time to make these videos for us. I believe if your worried about security you have to be aware of the smallest details. Thank you and be safe .
@DiaborMagics
@DiaborMagics Жыл бұрын
About the people saying it's no big deal because coming up with lookalike domains can already be done: that does not mean we should be giving bad actors an extra tool!
@ashley_smith
@ashley_smith Жыл бұрын
Yes, this is a big problem. Thank you for the video !
@charliecashman
@charliecashman Жыл бұрын
This does seem like a bad idea, but what you didn't cover is why Google thinks it's a good idea in the first place. One would think they would have considered the downside to having this but the advantages outweigh the disadvantages. Could you make an update to your post that looks at this?
@YannMetalhead
@YannMetalhead Жыл бұрын
That's why google don't fight scammers, it loves them.
@homecinematech
@homecinematech Жыл бұрын
I love your content over the years and this is a helpful video for lot of people . Thank you and keep more coming
@RedSiegfried
@RedSiegfried Жыл бұрын
It doesn't stop the stupidity of forcing everyone to use the absolutely terrible Google Authenticator if you want to keep your account with them safe.
@zacharylowe8083
@zacharylowe8083 Жыл бұрын
ThioJoe has been quietly becoming one of the most helpful KZfaqrs.
@developerpranav
@developerpranav Жыл бұрын
Damn! this was worse than I initially thought! Thanks for educating and explaining the mitigations :)
@Crlarl
@Crlarl Жыл бұрын
Google really dropped the "don't" from "Don't be evil."
@lucaspavlas
@lucaspavlas Жыл бұрын
Thanks for videos like this... there is too many scammers out there - its good to know how to recognize them
@MysticMylesZ
@MysticMylesZ Жыл бұрын
This is gonna make not falling for those emails even harder, and help spawn more Scam Channels. Shout out to LTT.
@zohircherifi5616
@zohircherifi5616 Жыл бұрын
Google is evolving backwards
@THE-X-Force
@THE-X-Force Жыл бұрын
All this time .. _years_ lol .. I thought facebookmail *_WAS_* a spam/phishing domain. The more you know! 🌠 Thanks Thio! Also .. yes .. this new TLD is ridiculously dumb and dangerous.
@jer1776
@jer1776 Жыл бұрын
Why does a for profit corporation even have the ability to register a new top level domain? Thats a better question.
@Philonix
@Philonix Жыл бұрын
probly the icann root servers and operations cost a lot, but its somewhat better to have that publicly funded than evil corp funding it, to keep links working and site data save., but owners of top level suffixes host own servers, to know if that is the real one, icann only needs to host the top, and that is probly not a lot of data, but that is the tlds, maybe ips are a lot more work to keep uptodata
@eboyd53
@eboyd53 Жыл бұрын
Thank you for the information. I learned something I did not know and I'm a retired IT professional.
@MudakTheMultiplier
@MudakTheMultiplier Жыл бұрын
Definitely forwarding this to my companies IT department!
@Eliotah
@Eliotah Жыл бұрын
Ofcourse, google enabling hackers!!!
@borisvolski
@borisvolski Жыл бұрын
Android 13 limiting access without pc And hackers already got a virus to this OS before Android 13 made it to at least half of devices, bravo
@kennethmoore324
@kennethmoore324 Жыл бұрын
I would like to hear the rationale behind why they believe this is NOT an astoundingly bad idea.
@dhoffnun
@dhoffnun Жыл бұрын
What shocks me about this is that it's so obviously stupid, even to laymen, and yet this giant company with tons of expertise decides they're going to do it. Why? What value could this possibly serve?
@fizixx
@fizixx Жыл бұрын
In order to 'ID' ambiguous website names, URLs, etc, I copy the name and paste it in Notepad, as you mentioned.
@sueelliott4793
@sueelliott4793 Жыл бұрын
I love your channel, wish there were more hours in the day for us students that have to work.
@downundarob
@downundarob Жыл бұрын
yeah, the Sun Audio file caused so much confusion in Gopher for any Australian site back in the day.
@helmuthuber2263
@helmuthuber2263 Жыл бұрын
I wasn‘t aware of that risc, thank you very much.
@furuthebat
@furuthebat Жыл бұрын
Everthing is sus when there is an "@" in your link and it's not an e-mail.
@Jacob-ABCXYZ
@Jacob-ABCXYZ Жыл бұрын
On that topic, that would be an interesting way to use this
@WNH3
@WNH3 Жыл бұрын
Surely the point is, all those defenses of this new practice are just hand waving. How 'bout you just not do something stupid to begin with, Google?
@Phantom-mk4kp
@Phantom-mk4kp Жыл бұрын
Another example across many industries of people with insufficient skills and knowledge, having the privilege to make decisions. A fact of modern times
@KAMB_n_Jinx
@KAMB_n_Jinx Жыл бұрын
Not gonna create that big of a risk - is still unacceptable risk. This is corporate irresponsibility.
@BlenderRookie
@BlenderRookie Жыл бұрын
Yeah, I don't think @Google thought this one through.
@zxuiji
@zxuiji Жыл бұрын
2:26, Simple browser fix, just don't treat anything with a protocol at the start as an email address, doesn't matter how many email addresses that break, they'll just have to get special exceptions made for them, or they just stay broken, either way the browser needs some sort of protection against the hack even if it means inconvenience for an unlucky few
@cameron7374
@cameron7374 Жыл бұрын
It's not an email address, it's a username for a website.
@zxuiji
@zxuiji Жыл бұрын
@@cameron7374 That's still an email address in short form. Either way the URIs in question are neither and are supposed to be just normal URLs hence the need for the browser to have more robust checks anyways. I'll admit if I was still naive enough to think that there's no way a simple URL could be made to be interpreted differently by the vs the browser, I would probably have done just simple checks too, now a looped string compare instead of character compare is needed to protect against such attacks
@BrutusMaximusAurelius
@BrutusMaximusAurelius Жыл бұрын
Just because of the confusion this shouldn’t be a thing.
@beforedrrdpr
@beforedrrdpr Жыл бұрын
Thanks, the explanation was really thorough
@michaelmarx1405
@michaelmarx1405 Жыл бұрын
Just retype the domain in the browser and disable autodownload. Risk mitigated.
@LabArlyn
@LabArlyn Жыл бұрын
This is a nice solution I often use.
@lxp
@lxp Жыл бұрын
Not much use to a novice
@xSqr_
@xSqr_ Жыл бұрын
Bro I swear I like your videos you the best
@psylentrage
@psylentrage Жыл бұрын
Thank you for this and just "Oh Dear!"😮😅
@rmhartman
@rmhartman Жыл бұрын
Excusing a security issue on the grounds that there are other security issues is that insane.
@Jackie815
@Jackie815 Жыл бұрын
So the top engineers in a top tech company can't figure it out 😕
@fredericapanon207
@fredericapanon207 Жыл бұрын
@Jack, the engineers had nothing to do with that decision. Marketing all the way.
@Lost-In-Blank
@Lost-In-Blank Жыл бұрын
How do we change the font in the Chrome and Edge address bars (omnibars)? It appears to be stuck at the ambiguous insecure Segoe UI, where upper case i looks like lower case L. I tried to change it to a secure font, Tahoma or Verdana, but the change does affect the address bar. The setting is in Settings/Appearance/Custom Fonts, but it doesn't affect the address bar fonts. Fixing the font there would not solve the @ problem, but in Verdana the different foward slashes are distinct looking too.
@Microwave_Dave
@Microwave_Dave Жыл бұрын
Easy solution - don't use Chrome or Edge. Use a browser that actually cares about your security. There is no reason why anybody should ever recommend Chrome to anybody else.
@TheSwaroopB
@TheSwaroopB Жыл бұрын
Many times, the URL is so large that you can't even see it fully in the bottom bar. We may just check the first few letters to somewhat verify the target. Gosh, such a security nightmare this is.
@jameskirk4692
@jameskirk4692 Жыл бұрын
Thank you for the warning and explanation. It is appreciated.
@dodo-rp3dh
@dodo-rp3dh Жыл бұрын
Google: Understood. Instead of canceling ".zip," we will create the ".dll" TLD
@ledgeri
@ledgeri Жыл бұрын
I would like to have a FONT when the similar unicode characters, and hiddens ones, etc are understanably different than the valid ones!... Anyone?
@user255
@user255 Жыл бұрын
I'm not personally worried about this, but how do I explain this to my mother...
@mohamedattar4526
@mohamedattar4526 Жыл бұрын
They fired 12000 people, probably the seniors and good one.
@TradieTrev
@TradieTrev Жыл бұрын
Good to see you using your status to protect others. Most suss thing I seen was dodgy github links.
@Capt-Intrepid
@Capt-Intrepid Жыл бұрын
Quad9 is one of the best, if not the best, free security DNS providers. Reviews and tests have shown they have the most comprehensive malware and phishing blocking available.
@endeavor911
@endeavor911 Жыл бұрын
Yes, they have the best malware and phishing filtering and they're also Swiss-based non-profit. They have servers worldwide in more than 200 locations in 90 nations.
@Head2Tow
@Head2Tow Жыл бұрын
I blocked these last night but can't manage every employee's home firewall.
@nicknorthcutt7680
@nicknorthcutt7680 Жыл бұрын
It's just crazy to me how google would do something this reckless. It's insane to me.
@Addi_the_Hun
@Addi_the_Hun Жыл бұрын
Jfc they must have seen this coming? Yet they chose to go threw with this?
@cylisplaysgames
@cylisplaysgames Жыл бұрын
If you don't want to use a web based redirect for that TLD, you can edit your windows host file and add an entry.
@vissitorsteve
@vissitorsteve Жыл бұрын
Once again...Thank you!
@berkkrkc09
@berkkrkc09 Жыл бұрын
Google isn't Google anymore. They see people as just money.
@MeroSany
@MeroSany Жыл бұрын
I think Microsoft like that too, Am I right?
@idan678
@idan678 Жыл бұрын
@@MeroSany for real.. win11 spyware bloatware edition is f*ing BS with their force account
@TorutheRedFox
@TorutheRedFox Жыл бұрын
@@MeroSany yup
@transcendtient
@transcendtient Жыл бұрын
This is to go along with them scanning the contents of encrypted zip files. It's a cross promotional thing, you wouldn't get it.
@0AThijs
@0AThijs Жыл бұрын
I'm so glad to give you a second chance and that I actually watch your content now. Thanks for the heads up!
@GameIT.
@GameIT. Жыл бұрын
Ty for the update thio!!!
@m3talh3ad18
@m3talh3ad18 Жыл бұрын
But isn't this better than the alternative, Thio? Google could will be held accountable if they sell .zip to malicious personnels. If this Top Level Domain was launched by any other lesser known company (the alternative), they couldn't be held as accountable, right? Sorry if I'm being ignorant.
@andygardiner6526
@andygardiner6526 Жыл бұрын
Google will sell domains like any other TLD owner - there's no other reason to own it apart from control. AFAIK no other TLD owner has ever been held responsible for registration of domains by "malicious personnels".
@Liggliluff
@Liggliluff Жыл бұрын
Is the company held accountable who sold the tools that the criminal used for malicious intent? I don't think so.
Hackers Are Trying Something New (Again) - Watch Out!
9:15
ThioJoe
Рет қаралды 356 М.
I’m So Dumb It Took Me Months to Solve This…
12:21
ThioJoe
Рет қаралды 151 М.
She ruined my dominos! 😭 Cool train tool helps me #gadget
00:40
Go Gizmo!
Рет қаралды 45 МЛН
Final muy inesperado 🥹
00:48
Juan De Dios Pantoja
Рет қаралды 12 МЛН
ГДЕ ЖЕ ЭЛИ???🐾🐾🐾
00:35
Chapitosiki
Рет қаралды 12 МЛН
Каха инструкция по шашлыку
01:00
К-Media
Рет қаралды 8 МЛН
10 Internet Myths to Stop Believing
14:29
ThioJoe
Рет қаралды 120 М.
Thieves Are Showing Up At People's Houses Demanding iPhones
16:01
How hackers spoof your email address
17:52
CTF Security
Рет қаралды 23 М.
Beware Malicious Chrome Extensions!
17:26
ThioJoe
Рет қаралды 130 М.
Fixing what YouTube couldn’t. - ThioJoe Spammer Purge
11:16
Linus Tech Tips
Рет қаралды 1,8 МЛН
My Stupid Meme Saved HUNDREDS of Wasted Monitors
5:29
ThioJoe
Рет қаралды 228 М.
I Just Got Scammed for $399  -  Watch Out!
12:52
ThioJoe
Рет қаралды 615 М.
[UPDATE 1] Windows End of Life Startup & Shutdown Sounds
17:12
FuzzyCube
Рет қаралды 1 МЛН
What Are Those Other Weird QR Codes?
16:10
ThioJoe
Рет қаралды 897 М.
The Most HATED Image Format
11:45
ThioJoe
Рет қаралды 80 М.
Урна с айфонами!
0:30
По ту сторону Гугла
Рет қаралды 6 МЛН
сюрприз
1:00
Capex0
Рет қаралды 1,3 МЛН
Samsung S24 Ultra professional shooting kit #shorts
0:12
Photographer Army
Рет қаралды 19 МЛН