In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails.
Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems "at-risk" file attachments, which are typically sent with malicious scripts or executables.
The move will prevent users from downloading email attachments with various file extensions, including ones associated with Python, PowerShell, digital certificates, Java and more. Overall, Microsoft had blocked 104 file extensions from Outlook (a full list of which can be found here), including .exe, .url, .lnk, and more. With these newest extensions, that number will now rise to 142.
"We're always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today," said Microsoft in a post this week.
Microsoft said that many of these newly-blocked file types are rarely used, so most organizations will not be affected by the change: "However, if your users are sending and receiving affected attachments, they will report that they are no longer able to download them," it said.
[...] Newly blocked file extensions include:
- Python scripting language: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
- PowerShell scripting language:”.ps1″, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”, “.cdxml”, “.pssc”
- Java programming language: “.jar”, “.jnlp”
- digital certificates: “.cer”, “.crt”, “.der”
- Windows ClickOnce (“.appref-ms”)
- Microsoft Data Access Components (“.udl”)
- Windows Sandbox (“.wsb”)
Microsoft will also block various extensions being used by vulnerable applications, which could be used to exploit security vulnerabilities in third-party software, including: ".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab", ".grp"
For these extensions, 38 in all, "while the associated vulnerabilities have been patched (for years, in most cases), they are being blocked for the benefit of organizations that might still have older versions of the application software in use," Microsoft said.
-- submitted from IRC
(Score: 3, Disagree) by edIII on Saturday September 28 2019, @10:10PM (17 children)
How about just NO FILES THROUGH EMAIL. It's an amazingly stupid thing to do in the modern age of the Internet. Not that it was a really good idea ever. Perhaps for the first few years when there weren't that many alternatives, and they weren't as easy and convenient, but not now. I've seen people upset about not being able to send attachments 500MB in size, with zero understanding of how it chokes the receiving mail server and is shamefully inefficient.
For businesses, it's even more stupid to accept anything by email. Especially, when they take none of the time necessary to secure email and authenticate senders. There is a lack of "ack/syn". Anytime you accept a file there should be a conversation before it, and one from a source you can reasonably trust. Which is why for a lot of businesses they have platforms to do this kind of stuff now. Insurance carriers and agencies don't actually need to send anything outside of their platforms anymore, which is far safer. A notification email may be sent, but it contains links back into the platform which ostensibly perform security checks beforehand.
For people, the sheer depth and breadth of social media services and others that exist to share that media make email a sincerely foolish choice. Those platforms are more likely to be performing antivirus and RBL processing on the data than a home user is.
For programmers and sysadmins? They fucking know better :) Besides, almost any serious project will have a versioning repository of some type. I actually do send code through email sometimes, but as talking points, and not as attachments. The reference to the location of the file and the line numbers is included.
Oh yeah, you still didn't answer the questions about tabs and spaces :)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Insightful) by MostCynical on Saturday September 28 2019, @10:23PM (3 children)
I have now worked on several projects where there was no versioning, and several where large support, reference or user files where emailed to a developer to be loaded..
One large project (millions of dollars) where, while there were different DEV and UAT environments, defects were being fixed in UAT before go-live, as DEV had alot of weird stuff andwhere SIT was being (re-)done, and there was not regression testing, because it was a 'configuration', not a 'build'...
So , I refute that any programmers and sysadmins know better.. maybe the older (>50 year olds?) ones would fight for 'proper methodology', but anyone else does as they are told and collects a pay check. (I am neither a sysadmin nor a programmer, and I am NOT a project manager - I think I am allergic to Gantt charts)
tl;dr: Attachments by email is easy. SFTP and drop boxes or something else 'better' are hard for most people, "Here is your file".
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by edIII on Sunday September 29 2019, @03:03AM
Shit you have to do for a paycheck is obviously excluded. I've had to do things that were very unwise, but I did so anyways.
I've been in different situations like that before too, a lot of it without versioning systems. That being said, we all seemed to have some server in common that we could drop files off via SSH, SFTP, whatever. If you're developing in a common space, it doesn't seem unreasonable to also be able to exchange files between devs. Email is a pain in the ass for files.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by c0lo on Sunday September 29 2019, @07:13AM (1 child)
With that much Agile everywhere, I sorta warmly reminisce the good old days of Gantt charts. Estimation be damned, at least they captured the task dependencies; with all those epics and user-stories, no wonder the product integration is always in a state of flux.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by MostCynical on Sunday September 29 2019, @08:15AM
add the fact that half (?) the time, the user stories were not signed off, if they were even reviewed...
I like good project managers who can develop Gantt charts, and mange to ensure all the dependencies are linked, and there is a true 'critical path' - along with a proper, complete risk and issue register, etc etc..
I just don't want to have to touch the things!
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Insightful) by The Mighty Buzzard on Saturday September 28 2019, @11:49PM (4 children)
Oh, I'll still email myself a file now and then if I need to send it from something I don't want to put my ssh keys on. Like a Windows box or my phone. It's a little handier for sending a handful of pictures or other small files to someone in may instances too.
Spaces for code formatting are nothing but oppression by authoritarian cockbites. Tabs let you view the indentation any old way you please while spaces are a blatant attempt to force you to view it the way someone else thinks you should.
My rights don't end where your fear begins.
(Score: 1, Insightful) by Anonymous Coward on Sunday September 29 2019, @12:09PM (3 children)
Uh uh. Indenting and formatting are two different things. The very failure to recognize these as separate use cases has led many people on a crusade against tabs completely. So please understand the argument against tabs before getting on that horse again.
(Score: 2) by The Mighty Buzzard on Sunday September 29 2019, @03:48PM (2 children)
The hell you say. They're both purely cosmetic unless you're using python.
My rights don't end where your fear begins.
(Score: 2) by bart9h on Monday September 30 2019, @10:01PM (1 child)
Yes, they are cosmetic.
And, cosmetically, they are different things.
But being cosmetic doesn't mean they're not important.
Readability is, apart from correctness, the code most important code quality.
(Score: 2) by The Mighty Buzzard on Monday September 30 2019, @10:49PM
No, they are not different things. Indentation is absolutely and without question a part of code formatting. It is in fact the primary aspect of code formatting.
My rights don't end where your fear begins.
(Score: 2, Informative) by Ethanol-fueled on Sunday September 29 2019, @01:46AM (1 child)
Even in the military industrial complex, the only "repositories" are Windows folders, and the only "version control" is comments in the code documenting the changes right below the banner.
Some places have proper version control, but a surprising number don't.
(Score: 2) by edIII on Sunday September 29 2019, @03:05AM
All of those would also seem to include plenty of alternatives to email. FTP for one thing.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Informative) by Anonymous Coward on Sunday September 29 2019, @05:14AM (5 children)
How else do I send pictures and PDF etc to people?
File sharing services tend to be blocked.
In the real world people send emails with attachments
(Score: 2) by c0lo on Sunday September 29 2019, @07:16AM (4 children)
"Pro"tip: put them on Google Docs then share them, that's what professional big businesses do. Because... cloud.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Runaway1956 on Sunday September 29 2019, @04:33PM (3 children)
Even I can do that, and have done it. That, despite the fact that I hate "cloud".
(Score: 2) by Bot on Monday September 30 2019, @04:34AM (2 children)
Soo, I had this bunch of pics to share. Just load it on a Google photo folder and share the link right? It worked for 99% of the people, except for the cellphone of the owner of the photos who had requested them to be shared...
Account abandoned.
(Score: 2) by Runaway1956 on Monday September 30 2019, @05:07AM (1 child)
Weird . . .
But, if you own the device from which the photos were shared, and you own the cellphone, I suppose you can just plug the phone into the other device, and download them directly?
I hope that I didn't imply that sharing on google folders is *always* going to work.
(Score: 2) by Bot on Monday September 30 2019, @06:54AM
There are options, mounting an USB device from the smartphone, the mtp protocol through the Linux desktop (buggy) jmtpfs, and yet another implementation whose name I don't recall which was born out of frustration for the buggy solution above. There is a share via http app on f droid, ftp servers, on the desktop side droopy with the --dl option for the lan and possibly nextcloud on the net. Needless to say, the best was USB device emulation on earlier Android versions.
Account abandoned.