Normally, if some one I know is sending me a file as an email attachment, they will send me an email letting me know, that they are going to send me a file by email. Also, normally they will wait until I respond to the first email, before they send the one with the attached file. Jim On Mon, 2007-05-28 at 23:46 -0500, Bruno Wolff III wrote: > On Tue, May 29, 2007 at 07:33:04 +0800, > Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote: > > D. Hugh Redelmeier wrote: > > > > > | However, the OpenOffice.org community repeats the consistent message from > > > | security experts that users should never accept files from unknown > > > | sources. > > > > > > That is silly advice. > > > > Not really. I think the wording should be modified to read "never accept or > > open files unless they are coming from a trusted source". Where "trusted" > > means you know the person who sent you the file and you know it came from > > that person. > > And how do you tell that? Viruses pretend to be sent by people you know > as one of their tricks for replication. Are you suggesting you call someone > back on the phone (or email) to confirm every document that was sent to you? > > > > 1. dangerous things can come (or appear to come) from known sources. > > > > Only if the recipient is careless. If you get an email from someone that > > you know but it is forged you should be able to detect by the content of the > > message if it was indeed sent by that person. > > And how do you propose to do that? Have a secret nonstandard handshake > that you use with every correspondant? Viruses are capable of send email > from a person's normal email account and attaching themselves to a generic > text message. While these should raise suspicion, for many people these > seem fairly normal. > > > All I know is that if someone I know appears to have sent me an email with > > an attachment and a quick message saying "Hey, check this out." my guard > > would be raised immediately and I'd verify before opening. If they wrote > > more than "Hey, check this out." I'm confident the bogus sender would not be > > able to mimic the sender I know. > > Perhaps. Right now they are picking up the low hanging fruit. If viruses > start looking at saved email messages they might be able to do significantly > better. > > > I also know that I rarely open attachments from certain folks that I do know > > and do trust since the attachments they send are forwarded from untrusted > > sources. But, since I know the person, I trust they are careless. :-) > > I prefer to trust that mail document viewer isn't going to screw me over. > Once upon a time this kind of misfeature was considered a bug. Though > some unix based document viewers have had these misfeatures in the past (e.g. > tex/latex and vi). >
