Smashing Security podcast: Email attachment malware

Three security industry veterans, chatting about computer security and online privacy.

Smashing Security podcast: Email attachment malware

You lucky people. Vanja Svajcer, Carole Theriault and I have made another special “splinter” episode of the “Smashing Security” podcast - tackling the issue of malicious email attachments.

The death of email-borne malware has been announced on many occasions, but computer users are just as much at risk as ever.

Listen to this before you click!

Oh, and Carole would like to apologise to all her fellow Canadians for the terrible faux pas she made in this episode…

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

One Response

  1. Bob

    February 8, 2017 at 9:29 pm #

    Emailing the sender on a ‘known’ email address won’t protect you if the sender’s address has been compromised.

    Most email servers now have server-side scanning to reduce spam and commercial solutions use advanced threat protection technologies to stop many zero-day threats.

    DMARC and DKIM will prevent spoofing of the address if deployed correctly.

    Unzipping a zipped email attachment *should* invoke virus scanning upon receipt; this relies upon the sysadmin properly configuring the software.

    Even on the latest versions of Windows you should disable “Hide extensions for known file types”. The setting is enabled by default ;-(

    More encouragingly Google have rolled out hosted S/MIME for additional security. Disappointingly, and somewhat to be expected, you are required to upload your private key to Google for “ease of use”. It does provide a higher level of in-transit security than TLS on its own however.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.