Mail security - Keep your inbox safe - Tutorial [Archive]

View Full Version : Mail security - Keep your inbox safe - Tutorial

Mrkvonic

October 8th, 2008, 08:34 AM

Hi all,

This article is the second article in a series of comprehensive articles / tutorials about general Windows (Internet) security.

The first article dealt with general Web practices, the choice of the browser, the vectors of exposure and infection, how to handle suspicious files, and other useful tricks.

You can find the first article here:

http://www.dedoimedo.com/computers/safe_web.html

This second article is about email security, that of mail clients in particular. It will teach you how to harden your mail client, how to minimize vectors of exposure, how to treat supicious attachments, minimize spam, and properly catalogue and filter mail.

Here's the second article:

http://www.dedoimedo.com/computers/mail_security.html

Have fun. Comments are welcome.

Mrk

tlu

October 8th, 2008, 09:19 AM

Mrk,

very good, indeed! :thumb:

One suggestion for the first article regarding Firefox and SSL certificates: The way how FF3 handles SSL sites has changed. While sites with Extended Validation (EV) SSL certificates (http://en.wikipedia.org/wiki/Extended_validation) have a very obvious green field in the address bar, sites with normal SSL certificates (and they represent the vast majority of SSL sites) are only marked with a blueish background or frame around the favicon. This is not only hardly visible but can also easily be confused with a spoofed favicon. In order to prevent that one should set browser.identity.ssl_domain_display to 1. For details see https://blog.startcom.org/?p=86 . From now on, a blue field for sites with normal SSL certificates is displayed in the address bar. Sites that use a spoofed favicon can no longer be mistaken as SSL sites.

Mrkvonic

October 8th, 2008, 09:27 AM

Hi,
Thanks, I'll take a look ...
Cheers,
Mrk

ruinebabine

October 8th, 2008, 10:36 AM

-{ Quote: "Sites that use a spoofed favicon can no longer be mistaken as SSL sites." }-
What is and why spoofed favicons? Can we read some reference to security risk inferred by them in normal web browsing? Just curious...

EDIT: never mind, re-reading the linked pages, I understand the context in with those faked padlock site icons might be somewhat misleading...

Pedro

October 8th, 2008, 11:34 AM

tlu, what do you think of this:
http://lifehacker.com/396582/turn-firefox-3s-location-bar-yellow-at-https-urls#c6299408

tlu

October 9th, 2008, 08:11 AM

-{ Quote: "tlu, what do you think of this:
http://lifehacker.com/396582/turn-firefox-3s-location-bar-yellow-at-https-urls#c6299408" }-

Nice - but I changed userChrome.css manually as shown on http://news.cnet.com/8301-13554_3-9974221-33.html

Pedro

October 9th, 2008, 09:18 AM

Same thing ;D
-{ Quote: "Fortunately, LifeHacker has a instructions on how to Turn Firefox 3's Location Bar Yellow at https:// URLs." }-