Vamwe vatengi vetsamba vari panjodzi yekurwadziswa pavanoshandisa "mailto:"

Darkcrizt

4 maminitsi

Vatsvagiri vanobva kuRuhr University muBochum, Germany, yakaongorora maitiro evatengi veemail pavanobata "mailto:" zvinongedzo nemaparameter akawedzerwa.

Mune mairi mashanu emakumi maviri evatengi E-mail iyo yavakaongorora vaive panjodzi yekurwadziswa yezvivakwa uchishandisa iyo "batanidza" paramende.

Vatanhatu vatengi email yakawanda dzakakanganiswa nePGP uye S / MIME kiyi kutsiva kurwisauye vatengi vatatu vaive panjodzi yekurwadziswa kuti vatore zvemukati memashoko akanyorwa.

"Mailto:" zvinongedzo zvinoshandiswa kugadzirisa kuvhurwa kwevatengi vetsamba kuitira kuti inyore email kune iye anotambira akataurwa mu link iyi. Pamusoro pekero, sechikamu cheiyo link, unogona kudoma mamwe ma parameter, senge mutsara wenyaya uye template yezvinhu zvirimo.

Kurwiswa kwakarongwa shandisa "batanidza" paramende yekubatanidza faira kune iyo email inogadzirwa.

Pakati pevatengi veemail vakaongororwa, zvinotevera zvinotaurwa:

Tsamba vatengi Thunderbird, GNOME Shanduko (CVE-2020-11879) KDE KMail (CVE-2020-11880) IBM / HCL Zvinyorwa (CVE-2020-4089) uye Pegasus Mail ivo vaitambura kurwisa kudiki uko otomatiki akanamatira chero yakatarwa yemuno faira Kuburikidza nehungano senge "mailto :? attach = path_to_file".

Iyo faira inosungirirwa pasina chiziviso chisati chaitika, nokudaro, pasina kukoshesa kwakanyanya, mushandisi anogona kusaziva kuti mune tsamba inotumirwa pamwe nechisungo.

Uku kukanganisa kunogona kushandiswa zviri nyore, nekuti kuwana mafaera-akasarudzika, haufanire kuita zvakawanda, kunze kwekungodudzira nzira. Semuenzaniso, inogona kushandiswa kuwana cryptocurrency portfolio kana kubva kudhatabhesi kana chimwe chinhu chinonakidza.

Kuwedzera kune mafaera emuno, vamwe vatengi veemail vanogadzira zvinongedzo kunetiweki yekuchengetedza uye nzira pane iyo IMAP server.

Kunyanya IBM Notes inokubvumira kutumira faira kubva kunetiweki dhairekitori paunenge uchigadzirisa zvinongedzo zvakaita se "attach = \\ site.com \ file", pamwe nekukanganisa NTLM yekumisikidza parameter nekutumira chinongedzo kune anorwisa-anotariswa SMB server (chikumbiro chinotumirwa pamwe neazvino mushandisi sisitimu paramende).

Mune yakakosha kesi ye Thunderbird, izvi zvinobudirira kubata zvikumbiro zvekubatanidza zvinyorwa zvemukati pane IMAP server.

Panguva imwecheteyo, iwo mameseji anotorwa kubva kuIMAP, akavharidzirwa achishandisa OpenPGP uye S / MIME, anongobviswa necomputer mutengi asati aatumira.

Vagadziri veThunderbird vakaziviswa nezvenyaya iyi muna Kukadzi uye nyaya yacho yakagadziriswa muThunderbird 78 (matavi eThunderbird 52, 60, uye 68 vachiri munjodzi).

Pakutanga shanduro dzeThunderbird dzaive nenjodzi kune dzimwe nzira mbiri dzekurwisa dzePGP uye S / MIME dzakakurudzirwa nevatsvagiri.

 Kunyangwe Thunderbird yakabvisa iyo mailto:? Batanidza, zvichiratidzika kunge zviripo mukugovera kunoshandisa xdg-email kuti utarise mailto ma URL. 

Kunyanya, Thunderbird, pamwe ne OutLook, PostBox, eM Client, MailMate uye R2Mail2, vakakwanisa kuita kiyi yekuchinja kurwisa, inokonzerwa nekuti iyo tsamba yemutengi inozvipinza nekumisikidza zvitupa zvitsva zvinopfuudzwa muS / MIME mameseji, izvo zvinobvumidza anorwisa kuronga kutsiva makiyi eruzhinji akatochengetwa nemushandisi.

Kurwiswa kwechipiri, kwavanoratidzwa Thunderbird, PostBox uye MailMate, shandura maficha eiyo autosave mashini ezvinyorwa zvinyorwa uye inobvumidza iwe kushandisa iyo mailto parameter kutanga decryption yemashoko akanyorwa kana kuwedzera siginicha yedhijitari yemameseji asingabvumirwe, iine chinongedzo chinotevera cheiyo kune anorwisa IMAP server.

Mukurwiswa uku, chinyorwa chinoburitswa kuburikidza ne "muviri" paramende uye iyo "meta yekuzorodza" tag inoshandiswa kutanga kufona kune anorwisa IMAP server.

Zvekugadzirisa otomatiki "mailto:" zvinongedzo pasina kupindira kwevashandisi, zvakanyatsogadzirwa zvinyorwa zvePDF zvinogona kushandiswa: OpenAction muPDF inokutendera kuti utange otyaira mailto paunovhura gwaro.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo pamusoro penyaya iyi, unogona kubvunza iyo yekutsvaga faira Mune inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Raul usabvunze chero huremu akadaro
    inoita 4 makore

    malito: mishuevos@gmail.com? attatch = / etc / passwd nditumire e-mail

    Pindura Raul usabvunze imwe pesao