*OT* had to do an on-line security quiz for work

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
64 (verbal) slides, blew off 61 of them (fast forward baby).   10
question quiz at the end - got 2 wrong, both dealing with e-mail
attachments.   One was if you receive an attachment called
"installme.exe" you should.......

My answer was download the file and submit to virustotal.com, but alas
that wasn't an option LOL.  The correct one was 'call the person who
sent you the e-mail'.  WTF?   Suppose the person sent some piggybacked
trojan horse?   Just say okay, they did send it, it must be safe.
*Right*.   The other was a blank e-mail with just an attachment.  Same
thing, call the person who sent it.    Perhaps I should do that(call
when ever they send me a file attachment) just to bug some coworkers.
After all it was part of the security quiz.

Re: *OT* had to do an on-line security quiz for work


| 64 (verbal) slides, blew off 61 of them (fast forward baby).   10
| question quiz at the end - got 2 wrong, both dealing with e-mail
| attachments.   One was if you receive an attachment called
| "installme.exe" you should.......

| My answer was download the file and submit to virustotal.com, but alas
| that wasn't an option LOL.  The correct one was 'call the person who
| sent you the e-mail'.  WTF?   Suppose the person sent some piggybacked
| trojan horse?   Just say okay, they did send it, it must be safe.
| *Right*.   The other was a blank e-mail with just an attachment.  Same
| thing, call the person who sent it.    Perhaps I should do that(call
| when ever they send me a file attachment) just to bug some coworkers.
| After all it was part of the security quiz.

Q: "if you receive an attachment called "installme.exe" you should......." ?

The correct answer is to delete the email message.  The quiz is wrong.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: *OT* had to do an on-line security quiz for work

wrote:
Quoted text here. Click to load it

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
You know that and I know that, but .... :0)

BTW, the work e-mail client does block .exe attachments so I guess the
question relates if you are using a personal e-mail.  I've actually
had to send attachments to personal e-mail (other companies) because
the filter on one end would not let them through no matter how I tried
to disguise it (including encrypting a password).   One of my sister's
workplace has to have the name of the company in the e-mail body or
the attachment is blocked.

Re: *OT* had to do an on-line security quiz for work

"Duh_OZ" wrote:

Quoted text here. Click to load it

Fire up the debugger and see what it does!

Quoted text here. Click to load it

Sould be: call the IT dept and ask them why they let through an
executable attachment.

Quoted text here. Click to load it

And what if it's from a spammer who aren't in the habit of providing
contact details.



Re: *OT* had to do an on-line security quiz for work

Quoted text here. Click to load it

WTF indeed! I would say delete the entire e-mail, unread. Is this
related to a business that must accept unknown executable files from
e-mails? If so, their reasoning may be different than normal. IMO
executables shouldn't have made it to the workstation desktop through
e-mail in the first place.

Quoted text here. Click to load it

...or the malware only activates its payload after a certain criteria
are met? Just because they got to see the dancing pigs without
contracting malware doesn't mean you will be as lucky.

Quoted text here. Click to load it

Trust, but verify. Sure, I trust you like a brother, but sign here
anyway (and here...and here...).

Accept the executable as trustworthy on the word of the person offering
it, *then* submit it to scanning after a 'cooling off period'
preferably. After all, it comes from "outside" and you don't know where
it's been.

Quoted text here. Click to load it

:o)

(I know that you know all this)

Quoted text here. Click to load it

Yeah, and give 'em hell for being so pathetic. :oD

Quoted text here. Click to load it

I'll bet if you ask them about PDF files they'll say that they are safe
to open.



Re: *OT* had to do an on-line security quiz for work

In article <31252e6f-e8ad-4371-963e-2cc4ff5b9b57
@h20g2000yqn.googlegroups.com>, ozzy.kopec@gmail.com says...
Quoted text here. Click to load it

Calling the person does two things:

1) Verifies that the file was actually sent properly and you can
determine WHY.

2) If the file was sent improperly, lets the user know that their
account has been compromised and to take action.

The sad thing is that a properly configured firewall would not allow
.exe files to reach users.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Site Timeline