You lucky people. Vanja Svajcer, Carole Theriault and I have made another special “splinter” episode of the “Smashing Security” podcast – tackling the issue of malicious email attachments.
The death of email-borne malware has been announced on many occasions, but computer users are just as much at risk as ever.
Listen to this before you click!
Oh, and Carole would like to apologise to all her fellow Canadians for the terrible faux pas she made in this episode…
Smashing Security: 'Email attachment malware'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Show notes:
- New feature in Office 2016 can block macros and help prevent infection
- It’s time to secure Microsoft Office
- Memories of the Anna Kournikova worm
- Memories of the Love Bug
- Memories of the Melissa virus
- Alanis Morissette – Ironic (Official video)
- Avril Lavigne – Complicated
Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.
Emailing the sender on a 'known' email address won't protect you if the sender's address has been compromised.
Most email servers now have server-side scanning to reduce spam and commercial solutions use advanced threat protection technologies to stop many zero-day threats.
DMARC and DKIM will prevent spoofing of the address if deployed correctly.
Unzipping a zipped email attachment *should* invoke virus scanning upon receipt; this relies upon the sysadmin properly configuring the software.
Even on the latest versions of Windows you should disable "Hide extensions for known file types". The setting is enabled by default ;-(
More encouragingly Google have rolled out hosted S/MIME for additional security. Disappointingly, and somewhat to be expected, you are required to upload your private key to Google for "ease of use". It does provide a higher level of in-transit security than TLS on its own however.
https://security.googleblog.com/2017/02/hosted-smime-by-google-provides.html