[Pauldotcom] e-mail attachments and security
d4ncingd4n at gmail.com
d4ncingd4n at gmail.com
Tue Jan 26 22:33:03 UTC 2010
That scares me telling users to not run exe files emailed to them except the exe files that are emailed to them. I would not send the files as self extracting to avoid mixed messages. Just my .02
Sent from my Verizon Wireless BlackBerry
From: Bert Van Kets <mailing at vankets.com>
Date: Tue, 26 Jan 2010 22:56:51
To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] e-mail attachments and security
I just tested 7Zip and it does create self extracting files (SFX
option). Combined with the 256bit AES encryption it's a pretty good
solution. The only hurdle now is that EXE files are not accepted by some
e-mail applications, ex. Outlook. Of course zipping the EXE with regular
Windows Zip compression prior to emailing is one possible solution. I
know that with Outlook renaming the EXE to something else is enough to
make it pass. Of course that is a bit less user friendly.
Thanks for the solution!
You guys rock!
David A. Gershman wrote:
> Sounds to me the only way to go would be for your brother to install the
> software that would encrypt but make a self-extracting executable. This
> way the other end would (hopefully) scan for viruses and just run the
> program which would prompt for the password key.
> Any one know of specific programs that do the encryption *and* create
> self-extracting .exe's?
>> Hi Guys,
>> I got a pretty interesting question from my brother yesterday. He's a
>> medical doctor in the UK and he needs to send reports to other doctors
>> by e-mail regularly. The reports are in MS Word format. These doctors
>> are in different locations and not connected to a common organization
>> (hospital or company).
>> At the moment he uses the MSWord password protection to try to keep the
>> sensitive data away from prying eyes. We all know how secure that method
>> is (not!).
>> I told hem he'd better use some other system that guarantees a bit more
>> protection but the problem is he can not ask of the people who receive
>> the reports to install extra software (like PGP or GPG encryption). The
>> security may not get in the way of the usability. Asking the receivers
>> to install extra software and configuring it is not an option. These are
>> not IT guys and don't even know how to spell GPG, let alone install it.
>> Passing a password over by telephone is the maximum these guys are
>> willing to go. 8-O
>> Do you guys have some ideas on what could be a better solution for this
>> "three legged stool" problem?
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> Main Web Site: http://pauldotcom.com
> David A. Gershman
> gershman at dagertech.net
> "It's all about the path!" --d. gershman
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com
More information about the Pauldotcom