See this article by UK-based computer security specialist Graham Cluley Just previewing an Outlook email could infect your computer. Microsoft warns of zero-day flaw.
Just previewing it? Gah! I remember when Microsoft Office macros were shown to be able to be exploited to infect computers. I ran my (since departed) MS Office suite with the ‘Disable Macros’ option selected, and was, you know, careful what I clicked on. But previewing a message now?
In the context of news last week about the NSA (reportedly) sensing malware around the planet, I can see why people within real reason for security maintain some equipment that is never connected to the internet — ‘air-gapped’.
This, from a fascinating article in the New York Times How Laura Poitras Helped Snowden Spill His Secrets makes the point:
Once she began working on her surveillance film in 2011, she raised her digital security to an even higher level. She cut down her use of a cellphone, which betrays not only who you are calling and when, but your location at any given point in time. She was careful about e-mailing sensitive documents or having sensitive conversations on the phone. She began using software that masked the Web sites she visited. After she was contacted by Snowden in 2013, she tightened her security yet another notch. In addition to encrypting any sensitive e-mails, she began using different computers for editing film, for communicating and for reading sensitive documents (the one for sensitive documents is air-gapped, meaning it has never been connected to the Internet).
These precautions might seem paranoid — Poitras describes them as “pretty extreme” — but the people she has interviewed for her film were targets of the sort of surveillance and seizure that she fears. William Binney, a former top N.S.A. official who publicly accused the agency of illegal surveillance, was at home one morning in 2007 when F.B.I. agents burst in and aimed their weapons at his wife, his son and himself. Binney was, at the moment the agent entered his bathroom and pointed a gun at his head, naked in the shower. His computers, disks and personal records were confiscated and have not yet been returned. Binney has not been charged with any crime.
I’m still struck by how the US government cancelled Edward Snowden’s passport without any charges & trial or any apparent due process, in an effort to strand him stateless — trapping him in Moscow airport.
Who can you trust?
See also: Beware the ubiquitous PDF? Really?