That scares me telling users to not run exe files emailed to them except the exe files that are emailed to them. I would not send the files as self extracting to avoid mixed messages. Just my .02
Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Bert Van Kets <[email protected]> Date: Tue, 26 Jan 2010 22:56:51 To: PaulDotCom Security Weekly Mailing List<[email protected]> Subject: Re: [Pauldotcom] e-mail attachments and security I just tested 7Zip and it does create self extracting files (SFX option). Combined with the 256bit AES encryption it's a pretty good solution. The only hurdle now is that EXE files are not accepted by some e-mail applications, ex. Outlook. Of course zipping the EXE with regular Windows Zip compression prior to emailing is one possible solution. I know that with Outlook renaming the EXE to something else is enough to make it pass. Of course that is a bit less user friendly. Thanks for the solution! You guys rock! Bert David A. Gershman wrote: > Sounds to me the only way to go would be for your brother to install the > software that would encrypt but make a self-extracting executable. This > way the other end would (hopefully) scan for viruses and just run the > program which would prompt for the password key. > > Any one know of specific programs that do the encryption *and* create > self-extracting .exe's? > > >> Hi Guys, >> >> I got a pretty interesting question from my brother yesterday. He's a >> medical doctor in the UK and he needs to send reports to other doctors >> by e-mail regularly. The reports are in MS Word format. These doctors >> are in different locations and not connected to a common organization >> (hospital or company). >> At the moment he uses the MSWord password protection to try to keep the >> sensitive data away from prying eyes. We all know how secure that method >> is (not!). >> I told hem he'd better use some other system that guarantees a bit more >> protection but the problem is he can not ask of the people who receive >> the reports to install extra software (like PGP or GPG encryption). The >> security may not get in the way of the usability. Asking the receivers >> to install extra software and configuring it is not an option. These are >> not IT guys and don't even know how to spell GPG, let alone install it. >> Passing a password over by telephone is the maximum these guys are >> willing to go. 8-O >> >> Do you guys have some ideas on what could be a better solution for this >> "three legged stool" problem? >> >> Thanks. >> >> Bert >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> >> > > ---------------------------------------- > David A. Gershman > [email protected] > http://dagertech.net/gershman/ > "It's all about the path!" --d. gershman > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
