Press reports regarding "SB/BadBunny-A" virus
Ed Greshko
Ed.Greshko at greshko.com
Tue May 29 05:02:57 UTC 2007
Bruno Wolff III wrote:
> On Tue, May 29, 2007 at 07:33:04 +0800,
> Ed Greshko <Ed.Greshko at greshko.com> wrote:
>> D. Hugh Redelmeier wrote:
>>
>>> | However, the OpenOffice.org community repeats the consistent message from
>>> | security experts that users should never accept files from unknown
>>> | sources.
>>>
>>> That is silly advice.
>> Not really. I think the wording should be modified to read "never accept or
>> open files unless they are coming from a trusted source". Where "trusted"
>> means you know the person who sent you the file and you know it came from
>> that person.
>
> And how do you tell that? Viruses pretend to be sent by people you know
> as one of their tricks for replication. Are you suggesting you call someone
> back on the phone (or email) to confirm every document that was sent to you?
Of course not.... But I explain below that as a human being I can detect if
a message being sent from someone I know is being masked. As an example.
Please send me an email and pretend to be "Donald C Jensen" and I'll bet you
I'll detect it every time.
>>> 1. dangerous things can come (or appear to come) from known sources.
>> Only if the recipient is careless. If you get an email from someone that
>> you know but it is forged you should be able to detect by the content of the
>> message if it was indeed sent by that person.
>
> And how do you propose to do that? Have a secret nonstandard handshake
> that you use with every correspondant? Viruses are capable of send email
> from a person's normal email account and attaching themselves to a generic
> text message. While these should raise suspicion, for many people these
> seem fairly normal.
Yes, if I care to...and it won't be non-standard. I can digitally sign my
emails as well as digitally signing all documents. Check out the security
features of macros under OO.
>> All I know is that if someone I know appears to have sent me an email with
>> an attachment and a quick message saying "Hey, check this out." my guard
>> would be raised immediately and I'd verify before opening. If they wrote
>> more than "Hey, check this out." I'm confident the bogus sender would not be
>> able to mimic the sender I know.
>
> Perhaps. Right now they are picking up the low hanging fruit. If viruses
> start looking at saved email messages they might be able to do significantly
> better.
What saved email messages would they look at?
>> I also know that I rarely open attachments from certain folks that I do know
>> and do trust since the attachments they send are forwarded from untrusted
>> sources. But, since I know the person, I trust they are careless. :-)
>
> I prefer to trust that mail document viewer isn't going to screw me over.
> Once upon a time this kind of misfeature was considered a bug. Though
> some unix based document viewers have had these misfeatures in the past (e.g.
> tex/latex and vi).
I prefer to trust my instincts.
--
When you have an efficient government, you have a dictatorship.
-- Harry Truman
More information about the fedora-list
mailing list