There's a fundamental question that illustrates well the problems with a corporate culture that enables the free exchange of complex documents and other files via e-mail: How do you know you know the source of the e-mail?
E-mail is so trivially spoofed that an "unknown source" can often impersonate a trusted source. This has led some to give the, imo, more correct advice of:
"Don't open documents from unknown sources and be suspicious of any document you get from a known source that you weren't expecting."
Not only is it more effective advice to follow, it also serves a secondary purpose of demonstrating just how untrustworthy typical patterns of e-mail communication and use actually are.
E-mail is so trivially spoofed that an "unknown source" can often impersonate a trusted source. This has led some to give the, imo, more correct advice of:
"Don't open documents from unknown sources and be suspicious of any document you get from a known source that you weren't expecting."
Not only is it more effective advice to follow, it also serves a secondary purpose of demonstrating just how untrustworthy typical patterns of e-mail communication and use actually are.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/436/1752#1752