moderated Re: email clients


Shan Noyes
 

Hi folks:

 

Since the discussion has moved on to internet security I felt it was time to chime in and stress the importance of keeping all your programs up to date.  I’ve worked in the computer security area for over 20 years providing security consulting and investigations of numerous computer security incidents. 

 

Yes, programs that directly interact with services  over the internet like email programs be it either thick or webmail interfaces as well as browsers need to be kept up to date.  Although there isn’t much one can do in terms of webmail interfaces, because one is at the mercy of the webmail provider for security improvements etc.

 

However, if one only concentrates on these programs i.e. email clients and browser and think well that all I use to interact with the big bad internet well you are doing yourself a disservice.

 

What about things like PDF files found on the internet.  Sure if you are using the PDF  reader found inside the browser well then by keeping the browser upt do date you should be fairly safe.

 

But what if you have changed your PDF  reader to either Adobie or MS  Word?   If you haven’t been keeping them up to date then the risk of viewing that PDF could put you at a greater risk.

 

What about attachments?  Or files that you download via your browser and then open up with either Word, or Excel? 

 

The best approach to lowering your exposure is to keep all your applications up to date with Security patches.

 

I’ve been involved with numerous computer investigations where the computer infection came from the opening of attachments. 

 

The bad guys are getting smarter.  They often minipuate emails so that it looks legit and even coming from a friend of yours. 

 

So as pointed out in a previous email message you as the user are a very important asset in the lowering of your computer security exposure.  If you receive an email from some one you know with an unexpected attachment, before opening that attachment, Do what we say in the security industry and check out of band with the person did you really send this to me.  Out of band meaning don’t reply to the email asking, but rather either call them, or create a brand new message to a different address asking them.  The reason for not replying directly to them via the email is that the bad guys may of faked out the address so rather then you are expecting the email to go to the person you know, but it really goes some where else.

 

Think of computer security like an arms race.  The bad guys come up with a new way to compromise a person’s computer.  The computer industry then patches the issue.  Well what do the bad  guys do?  They don’t give up and go home.  No they start working on another attack vector.  The other thing to keep in mind is that the bad guys are not just individuals hiding in their basements developing new attack features.   There are some very well organized and funded groups trying to compromise your computers.   And yes, some of these groups are state sponsored.

 

Anyways, stay safe on the internet and as well at home with Covid protection.  Have a good day everyone

 

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Brian Vogel
Sent: Wednesday, April 7, 2021 7:24 PM
To: main@jfw.groups.io
Subject: Re: email clients

 

-------------------------------------------------------------
WARNING, this email originated from outside of SaskTel.
Do not click links or open attachments unless you trust the sender and believe the contents are safe.
--------------------------------------------------------------

Alan,

           The amount of "exposure" is really pretty much dependent on how much you directly interact with cyberspace with any of these programs.  It's entirely possible to almost entirely avoid interacting with cyberspace with programs like Word or Excel (or PowerPoint or Publisher, too).  But the same cannot be said of any e-mail client or web browser.  This is why I limit my real concern for those two classes of program for the most part.

            And the need for constantly upgraded security (which means updates) is never going away.  If anything, the pace is increasing.  Just today, on BleepingComputer, is an article about the latest, greatest breach:  Microsoft's Windows 10, Exchange, and Teams hacked at Pwn2Own.  There's always the next very clever nefarious actor that you need to thwart.  It's an endless cat and mouse game.
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

There are many who labor under the gross misapprehension that the Constitution is a cage and a laundry-list rather than a framework upon which great things have been and still will be built. Many things that are entirely Constitutional are not "in the Constitution," but are allowed under it.

            ~Brian Vogel

NOTICE: This confidential e-mail message is only for the intended recipients. If you are not the intended recipient, be advised that disclosing, copying, distributing, or any other use of this message, is strictly prohibited. In such case, please destroy this message and notify the sender.

Join main@jfw.groups.io to automatically receive all group messages.