Smashing Security podcast: Email attachment malware

Graham Cluley

Smashing Security podcast: Email attachment malware

Smashing Security podcast: Email attachment malware

You lucky people. Vanja Svajcer, Carole Theriault and I have made another special “splinter” episode of the “Smashing Security” podcast – tackling the issue of malicious email attachments.

The death of email-borne malware has been announced on many occasions, but computer users are just as much at risk as ever.

Listen to this before you click!

Oh, and Carole would like to apologise to all her fellow Canadians for the terrible faux pas she made in this episode…

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Show notes:

Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team at @SmashinSecurity on Twitter.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Smashing Security podcast: Email attachment malware”

  1. Emailing the sender on a 'known' email address won't protect you if the sender's address has been compromised.

    Most email servers now have server-side scanning to reduce spam and commercial solutions use advanced threat protection technologies to stop many zero-day threats.

    DMARC and DKIM will prevent spoofing of the address if deployed correctly.

    Unzipping a zipped email attachment *should* invoke virus scanning upon receipt; this relies upon the sysadmin properly configuring the software.

    Even on the latest versions of Windows you should disable "Hide extensions for known file types". The setting is enabled by default ;-(

    More encouragingly Google have rolled out hosted S/MIME for additional security. Disappointingly, and somewhat to be expected, you are required to upload your private key to Google for "ease of use". It does provide a higher level of in-transit security than TLS on its own however.

    https://security.googleblog.com/2017/02/hosted-smime-by-google-provides.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES