Smashing Security podcast: Email attachment malware

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security podcast: Email attachment malware

You lucky people. Vanja Svajcer, Carole Theriault and I have made another special "splinter" episode of the "Smashing Security" podcast - tackling the issue of malicious email attachments.

The death of email-borne malware has been announced on many occasions, but computer users are just as much at risk as ever.

Listen to this before you click!

Oh, and Carole would like to apologise to all her fellow Canadians for the terrible faux pas she made in this episode...

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Bob

    February 8, 2017 at 9:29 pm #

    Emailing the sender on a 'known' email address won't protect you if the sender's address has been compromised.

    Most email servers now have server-side scanning to reduce spam and commercial solutions use advanced threat protection technologies to stop many zero-day threats.

    DMARC and DKIM will prevent spoofing of the address if deployed correctly.

    Unzipping a zipped email attachment *should* invoke virus scanning upon receipt; this relies upon the sysadmin properly configuring the software.

    Even on the latest versions of Windows you should disable "Hide extensions for known file types". The setting is enabled by default ;-(

    More encouragingly Google have rolled out hosted S/MIME for additional security. Disappointingly, and somewhat to be expected, you are required to upload your private key to Google for "ease of use". It does provide a higher level of in-transit security than TLS on its own however.

    https://security.googleblog.com/2017/02/hosted-smime-by-google-provides.html

Leave a Reply