From: "John Rudd" <[EMAIL PROTECTED]>
Matus UHLAR - fantomas wrote:
On 22.07.07 18:47, John Rudd wrote:
As I've said for years: we should just ban attachments. They're not
really useful for anything that can't be done a better way. Which only
leaves them being useful for attacks of one form or another.
some people just want, some just need attachments.
"some people just want" -- yup, no disagreement there. No matter how many
alternatives you give them, some people just want the ease and convenience
of attachments.
"some just need" -- no, I can't agree there. I have yet to come across
ANY situation where a person _NEEDED_ attachments. As I said above,
there's nothing that can be done with attachments that you can't do
another way.
I could send files to my customer other ways. But ANY alternative way
involves opening a security hole in his mind, on my machines, or both.
If he gets used to retrieving files via ftp when I send him email with
a link, he's in trouble. If I open an ftp port that is one more firewall
security hole for me. If I throw the files onto my ISP's web facilities
that's one more hole for the whole project if somebody guesses the name
used.
The same applies for http and a host of other alternatives.
His son and I have almost trained him not to click on links in email
unless he scrutinizes the link and knows exactly where it goes, which
is not possible with many email programs. (He uses <gag><choke><sputter>
AOL, which is a security hole in itself judging from how badly his
computer was infected the last time we all checked.) We also have
almost trained him to check attachments CAREFULLY before opening them.
Is he sure he knows what they are, that they are from a trustworthy
source, and that he was expecting the attachment.
(He is a good salesman who knows his business. He's not very technically
minded, which leaves him vulnerable.)
If I have to get new telecommuting files to him I have to settle on
which vulnerability to allow. (I am NOT going to VPN into his network,
both for his security and mine. Setting it up on his network is pretty
much out of the question, anyway.)
You just can't win, John. All you can do is try to stay ahead of the
game.
{^_^}
