Smashing Security podcast: Email attachment malware

Three security industry veterans, chatting about computer security and online privacy.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Smashing Security podcast: Email attachment malware

You lucky people. Vanja Svajcer, Carole Theriault and I have made another special “splinter” episode of the “Smashing Security” podcast – tackling the issue of malicious email attachments.

The death of email-borne malware has been announced on many occasions, but computer users are just as much at risk as ever.

Listen to this before you click!

Oh, and Carole would like to apologise to all her fellow Canadians for the terrible faux pas she made in this episode…

Smashing Security: 'Email attachment malware'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Smashing Security podcast: Email attachment malware”

  1. Bob

    Emailing the sender on a 'known' email address won't protect you if the sender's address has been compromised.

    Most email servers now have server-side scanning to reduce spam and commercial solutions use advanced threat protection technologies to stop many zero-day threats.

    DMARC and DKIM will prevent spoofing of the address if deployed correctly.

    Unzipping a zipped email attachment *should* invoke virus scanning upon receipt; this relies upon the sysadmin properly configuring the software.

    Even on the latest versions of Windows you should disable "Hide extensions for known file types". The setting is enabled by default ;-(

    More encouragingly Google have rolled out hosted S/MIME for additional security. Disappointingly, and somewhat to be expected, you are required to upload your private key to Google for "ease of use". It does provide a higher level of in-transit security than TLS on its own however.

    https://security.googleblog.com/2017/02/hosted-smime-by-google-provides.html

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.