Email is stupid/broken/unmanageable
I was today years old when this first penny dropped for me. Email Link-following. Cool term, what does it mean? In hindsight, it's obvious. In order to protect you from bad guys including bad links in the email they send to you, your email server is most likely... wait for it... waaaaaiiit... "clicking" on every link, in every inbound email, to check it, before sending it on to you. Once more, in case the significance of that went skating past you, like it has me... Every.link.in.every.inbound.email. The tactic works, and is pretty much the only way it can be done, but gracious, there are some privacy issues, right there! And, while we're stirring this *particular "email is stupid"* pot.... here's another GEM. "Microsoft says that Midnight Blizzard, a cyber unit inside Russia's SVR Foreign Intelligence Service, has begun using a clever new technique to compromise victims and deploy malware on their systems. The technique involves sending malicious RDP configuration files to victims via email." Translation: This version of Ivan has stopped trying to break into your computer. Now, he'd like you to click on this file that he's sent to you via email, which will connect you to him! With every administrator privelege that Windows can give, and then some. Read every byte on every hard drive. Install any software on your computer. Terrifying as it is, you just have to say, this.is.brilliant! "I won't call you, I'll just give you my number. You'll call me." It's also absurdly stupid. Configuration files are common and necessary. Almost every application has one. Most of them are text files. Or they should be. Text files are pretty harmless. Buuuut... *sinister voice* what happens when you make a configuration file executable? Believe it or not, this is not the first time Microsoft has done this. They used to have a ... feature ... where if you downloaded a file like a .doc for example, if it was associated with an application in Windows, IT WOULD RUN THAT APPLICATION! And before you think "Well, that's quite useful and convenient?" I'll just remind you that .py and .bat and .vbs and .cmd and .js are ALSO examples of text files that are associated with an application. (python3.exe, cmd.exe, vb.exe etc).