• Beware of Google’s .ZIP domain and password-embedded URLs

    newsletter banner

    ISSUE 20.22 • 2023-05-29


    Brian Livingston

    By Brian Livingston

    The security community is up in arms, because Google this month started selling domain names with deceptive endings such as .zip and .mov.

    Even worse, some browsers are allowing usernames and passwords to be embedded into URLs. This means following a link can expose users to viruses without any explicit action (such as clicking “OK”).

    Internet-standards bodies years ago prohibited usernames and passwords in URLs — but hackers still do it.

    Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).
    This story also appears in our public Newsletter.