email security?

[Ralf Mardorf]

On Sat, 07 Apr 2018 21:20:09 -0400, Doug wrote:
>One note here: Do not open any email that purports to come from any 
>financial institution!
>And it may be useful to forward it to *abuse@(financial 
>institution).com* because many of those
>financial institutions will attempt to track down and stop those
>emails. They are *all* phishing
>expeditions!

Actually I won an iPad, because I opened a mail from my house bank. You
don't need to worry about all those phishing mails. Opening a phishing
mail doesn't cause any harm at all, even not, if you open HTML mails
with faked links, just don't allow remote content to get opened and
before you click a link, take a look, at the status bar, it does show
the real link location. Your house bank never ever will ask you for a
PIN or TAN when getting in contact with you by an email.

On Sat, 7 Apr 2018 23:29:21 +0100, Peter Flynn wrote:
>> If there is risk does using text mode mitigate it any?  
>
>It depends what you mean by text mode -- that is, what mail
>application? If you use UCB Mail, I'd say zero risk, as there isn't
>any kind of API that a virus could latch onto AFAIK. Probably the same
>applies to mutt, elm, pine, etc.

1. Yes, text mode does mitigate the risk, what ever MUA you are using.

2. Indeed there always is a risk, but this risk applies to any API you
are using, even sandboxes/containers are not an absolute protection,
just keep in mind security wholes, such as Meltdown.

3. When using Linux, we are usually very good protected. For testing
purpose I used Linux installs, to open malicious attachments, non of
those attachments ever was able to corrupt an completely unprotected
Linux install.

It is possible to hack a Linux and quite often Linux servers get
hacked, but usually by other kinds of attacks, than by a Windows hacker
approach  of the "Britney_Spears_naked.jpg" email attachment kind.