What about putting the files on a publicly accessible linux box and letting the users SCP them down.
A tool like WinSCP runs on Windows, is free, has no installation, and makes moving the files around as easy as drag-and-drop On Tue, Jan 26, 2010 at 4:40 PM, David A. Gershman <[email protected]> wrote: > > I agree (contradicts myself I agree). Any other suggestions though? > > As for passing scanning tools, the dumber ones can be defeated simply by > changing the .exe extension. Unfortunately, this adds to the steps on > the receivers side. > > Perhaps not sending the .exe file via email in the first place. Anyone > heard of a "secure" web file sharing site? A place where N people can > create a shared area which requires authentication to access. This > would be a fair place to put the .exe file (NOT a replacement for the > encryption). > > >> That scares me telling users to not run exe files emailed to them > except the exe files that are emailed to them. I would not send the > files as self extracting to avoid mixed messages. Just my .02 >> >> >> Sent from my Verizon Wireless BlackBerry >> >> -----Original Message----- >> From: Bert Van Kets <[email protected]> >> Date: Tue, 26 Jan 2010 22:56:51 >> To: PaulDotCom Security Weekly Mailing > List<[email protected]> >> Subject: Re: [Pauldotcom] e-mail attachments and security >> >> I just tested 7Zip and it does create self extracting files (SFX >> option). Combined with the 256bit AES encryption it's a pretty good >> solution. The only hurdle now is that EXE files are not accepted by some >> e-mail applications, ex. Outlook. Of course zipping the EXE with regular >> Windows Zip compression prior to emailing is one possible solution. I >> know that with Outlook renaming the EXE to something else is enough to >> make it pass. Of course that is a bit less user friendly. >> >> Thanks for the solution! >> You guys rock! >> >> Bert >> >> David A. Gershman wrote: >> > Sounds to me the only way to go would be for your brother to install the >> > software that would encrypt but make a self-extracting executable. This >> > way the other end would (hopefully) scan for viruses and just run the >> > program which would prompt for the password key. >> > >> > Any one know of specific programs that do the encryption *and* create >> > self-extracting .exe's? >> > >> > >> >> Hi Guys, >> >> >> >> I got a pretty interesting question from my brother yesterday. He's a >> >> medical doctor in the UK and he needs to send reports to other doctors >> >> by e-mail regularly. The reports are in MS Word format. These doctors >> >> are in different locations and not connected to a common organization >> >> (hospital or company). >> >> At the moment he uses the MSWord password protection to try to keep the >> >> sensitive data away from prying eyes. We all know how secure that > method >> >> is (not!). >> >> I told hem he'd better use some other system that guarantees a bit more >> >> protection but the problem is he can not ask of the people who receive >> >> the reports to install extra software (like PGP or GPG encryption). The >> >> security may not get in the way of the usability. Asking the receivers >> >> to install extra software and configuring it is not an option. > These are >> >> not IT guys and don't even know how to spell GPG, let alone install it. >> >> Passing a password over by telephone is the maximum these guys are >> >> willing to go. 8-O >> >> >> >> Do you guys have some ideas on what could be a better solution for this >> >> "three legged stool" problem? >> >> >> >> Thanks. >> >> >> >> Bert >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> >> >> >> >> >> >> > >> > ---------------------------------------- >> > David A. Gershman >> > [email protected] >> > http://dagertech.net/gershman/ >> > "It's all about the path!" --d. gershman >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> > >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> > > ---------------------------------------- > David A. Gershman > [email protected] > http://dagertech.net/gershman/ > "It's all about the path!" --d. gershman > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Andrew Ellis http://www.samurainet.org/blog _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
