Re: Press reports regarding "SB/BadBunny-A" virus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



    Normally, if some one I know is sending me a file as an email
attachment, they will send me an email letting me know, that they are
going to send me a file by email. Also, normally they will wait until I
respond to the first email, before they send the one with the attached
file.

Jim
On Mon, 2007-05-28 at 23:46 -0500, Bruno Wolff III wrote:
> On Tue, May 29, 2007 at 07:33:04 +0800,
>   Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote:
> > D. Hugh Redelmeier wrote:
> > 
> > > | However, the OpenOffice.org community repeats the consistent message from
> > > | security experts that users should never accept files from unknown
> > > | sources.
> > > 
> > > That is silly advice.
> > 
> > Not really.  I think the wording should be modified to read "never accept or
> >  open files unless they are coming from a trusted source".  Where "trusted"
> > means you know the person who sent you the file and you know it came from
> > that person.
> 
> And how do you tell that? Viruses pretend to be sent by people you know
> as one of their tricks for replication. Are you suggesting you call someone
> back on the phone (or email) to confirm every document that was sent to you?
> 
> > > 1. dangerous things can come (or appear to come) from known sources.
> > 
> > Only if the recipient is careless.  If you get an email from someone that
> > you know but it is forged you should be able to detect by the content of the
> > message if it was indeed sent by that person.
> 
> And how do you propose to do that? Have a secret nonstandard handshake
> that you use with every correspondant? Viruses are capable of send email
> from a person's normal email account and attaching themselves to a generic
> text message. While these should raise suspicion, for many people these
> seem fairly normal.
> 
> > All I know is that if someone I know appears to have sent me an email with
> > an attachment and a quick message saying "Hey, check this out." my guard
> > would be raised immediately and I'd verify before opening.  If they wrote
> > more than "Hey, check this out." I'm confident the bogus sender would not be
> > able to mimic the sender I know.
> 
> Perhaps. Right now they are picking up the low hanging fruit. If viruses
> start looking at saved email messages they might be able to do significantly
> better.
> 
> > I also know that I rarely open attachments from certain folks that I do know
> > and do trust since the attachments they send are forwarded from untrusted
> > sources.  But, since I know the person, I trust they are careless.  :-)
> 
> I prefer to trust that mail document viewer isn't going to screw me over.
> Once upon a time this kind of misfeature was considered a bug. Though
> some unix based document viewers have had these misfeatures in the past (e.g.
> tex/latex and vi).
> 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux