[GreenKeys] OT: Safely opening attachments

[Jones, Douglas W]

There was a recent discussion of how to safely open an attachment to an e-mail.  This has come up in other forums as well.  A friend of mine at Princeton who is very involved in questions of election security has written a piece on this (because attachments are a popular way to attack state and local election offices):

-- https://freedom-to-tinker.com/2020/06/24/safely-opening-pdfs-received-by-e-mail-or-fax/

What he says about opening PDFs also applies to opening Word, JPG and GIF attachments.  Open them in Firefox or Chrome or Internet Explorer, don't use external viewers.  Web browsers do not have "full feature" viewers for these attachments, and it is the obscure features of the attachment data formats that are dangerous.  Web browser's limited feature viewers are deliberately and carefully written to handle content of questionable safety.  The full-feature viewers outside the web browser are designed to support the entire feature set of the data format, and unfortunately, some of those features can be quite dangerous.  Active PDF documents under Adobe's tools, for example, can reach into your file system and do just about anything.  Microsoft Word document formats are equally dangerous under Word.

             Doug Jones
             jones at cs.uiowa.edu