<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">I have been meaning to roll application
      whitelisting out for my customers.<br>
      I think I'll be moving up its priority.<br>
      <br>
      On 24/10/13 12:05, Peter Tiggerdine wrote:<br>
    </div>
    <blockquote
cite="mid:CAHgLLqbiK8twr-M1DJqFngj-j5JsnQdR0=0ACJVO4OknyXSv3A@mail.gmail.com"
      type="cite">
      <div dir="ltr">When you think about it, just about all file
        extension are insecure and have being compromised in one way or
        another. It's almost at the stage where sending/receiving any
        attachment is high risk.
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Thu, Oct 24, 2013 at 10:51 AM,
          Robert Hudson <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:hudrob@gmail.com" target="_blank">hudrob@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <div class="im">On 24 October 2013 11:27, Pinkerton, Eric
                (AU Sydney) <span dir="ltr"><<a
                    moz-do-not-send="true"
                    href="mailto:Eric.Pinkerton@baesystemsdetica.com"
                    target="_blank">Eric.Pinkerton@baesystemsdetica.com</a>></span>
                wrote:<br>
              </div>
              <div class="gmail_extra">
                <div class="gmail_quote">
                  <div class="im">
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
                      IMHO, The 'best' policy is a combination of many
                      things starting with training your end users to
                      spot dodgy looking links, filtering egress
                      traffic, patching patching and more patching, not
                      using XP with IE6, monitoring your logs, changing
                      your default password from 'password' and giving
                      people permissions in line with their requirements
                      (ie not making everyone a domain admin) etc etc.</blockquote>
                    <div><br>
                    </div>
                  </div>
                  <div>Unfortunately, much of that relies on educating
                    users, and if educating users was going to work,
                    it'd have done so already. :(<br>
                  </div>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            AusNOG mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
            <a moz-do-not-send="true"
              href="http://lists.ausnog.net/mailman/listinfo/ausnog"
              target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>