Sending a Link
Tonight I'm working on a brief article for our the I.T. Department's newsletter that is distributed to the company.
I'd noticed that some outbound email was being detected as a virus when people copied a webpage into an email and sent it. All that Javascript made the scanner unhappy. I think the rotating banner ad was also a problem because the email was then different each time it was loaded.
So the article was pointing out how to avoid the problem. The Exchange administrator advised the best way is to just send a link rather than the entire article. That reminded me that some infosec people don't believe in sending links. Rather you're supposed to just tell the recipient to go to site X and enter a search term.
I can see this now. "Go to www.fnord.ch and search on Bin Laden. You know this is not a virus because I'm making you type in the link and do a search yourself." Where's the protection there? Of course if its "Go to the BBC site and search on Bin Laden" then its safer. Its safer because people are to lazy to do that much work unless nudity is promised. :)
Security through unusability may be acceptable to some, but its not to me.
Categories
Antivirus0 TrackBacks
Listed below are links to blogs that reference this entry: Sending a Link.
TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/348
Leave a comment
Powered by Ajax Comments