moderated Re: email clients
What an excellent and thoughtful post. Thank you.
From: firstname.lastname@example.org <email@example.com> On Behalf Of Shan Noyes
Sent: Thursday, April 8, 2021 1:29 PM
Subject: Re: email clients
Since the discussion has moved on to internet security I felt it was time to chime in and stress the importance of keeping all your programs up to date. I’ve worked in the computer security area for over 20 years providing security consulting and investigations of numerous computer security incidents.
Yes, programs that directly interact with services over the internet like email programs be it either thick or webmail interfaces as well as browsers need to be kept up to date. Although there isn’t much one can do in terms of webmail interfaces, because one is at the mercy of the webmail provider for security improvements etc.
However, if one only concentrates on these programs i.e. email clients and browser and think well that all I use to interact with the big bad internet well you are doing yourself a disservice.
What about things like PDF files found on the internet. Sure if you are using the PDF reader found inside the browser well then by keeping the browser upt do date you should be fairly safe.
But what if you have changed your PDF reader to either Adobie or MS Word? If you haven’t been keeping them up to date then the risk of viewing that PDF could put you at a greater risk.
What about attachments? Or files that you download via your browser and then open up with either Word, or Excel?
The best approach to lowering your exposure is to keep all your applications up to date with Security patches.
I’ve been involved with numerous computer investigations where the computer infection came from the opening of attachments.
The bad guys are getting smarter. They often minipuate emails so that it looks legit and even coming from a friend of yours.
So as pointed out in a previous email message you as the user are a very important asset in the lowering of your computer security exposure. If you receive an email from some one you know with an unexpected attachment, before opening that attachment, Do what we say in the security industry and check out of band with the person did you really send this to me. Out of band meaning don’t reply to the email asking, but rather either call them, or create a brand new message to a different address asking them. The reason for not replying directly to them via the email is that the bad guys may of faked out the address so rather then you are expecting the email to go to the person you know, but it really goes some where else.
Think of computer security like an arms race. The bad guys come up with a new way to compromise a person’s computer. The computer industry then patches the issue. Well what do the bad guys do? They don’t give up and go home. No they start working on another attack vector. The other thing to keep in mind is that the bad guys are not just individuals hiding in their basements developing new attack features. There are some very well organized and funded groups trying to compromise your computers. And yes, some of these groups are state sponsored.
Anyways, stay safe on the internet and as well at home with Covid protection. Have a good day everyone
Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042
There are many who labor under the gross misapprehension that the Constitution is a cage and a laundry-list rather than a framework upon which great things have been and still will be built. Many things that are entirely Constitutional are not "in the Constitution," but are allowed under it.
NOTICE: This confidential e-mail message is only for the intended recipients. If you are not the intended recipient, be advised that disclosing, copying, distributing, or any other use of this message, is strictly prohibited. In such case, please destroy this message and notify the sender.