Haruffa Kobold: Hare-Haren Imel na tushen HTML
A ranar 31 ga Maris, 2024, Luta Security ya fitar da labarin da ke ba da haske kan sabon salo. mai leƙan asiri vector, Kobold Haruffa. Sabanin yunƙurin arfafa na al'ada, waɗanda ke dogaro da saƙon yaudara don jawo waɗanda abin ya shafa su bayyana masu hankali. bayanai, wannan bambance-bambancen yana amfani da sassaucin HTML don haɗa abubuwan da ke ɓoye a cikin imel. Waɗanda ƙwararrun tsaro suka yi wa lakabi da “haruffa na kwal”, waɗannan ɓoyayyun saƙonnin suna amfani da Motocin Abubuwan Takardun Takardun (DOM) don zaɓar bayyana kansu dangane da matsayinsu na dangi a cikin tsarin imel.
Yayin da manufar ɓoye sirri a cikin imel ɗin na iya zama da farko kamar maras lahani ko ma dabara, gaskiyar ta fi muni. Masu aikata mugunta za su iya yin amfani da wannan dabarar don ƙetare ganowa da rarraba kaya masu lahani. Ta hanyar shigar da muggan abun ciki a cikin imel ɗin imel, musamman abun ciki wanda ke kunnawa yayin turawa, masu aikata laifuka na iya yuwuwar gujewa matakan tsaro, ta haka ƙara haɗarin yada malware ko aiwatar da makircin zamba.
Musamman ma, wannan raunin yana shafar shahararrun abokan cinikin imel kamar Mozilla Thunderbird, Outlook akan Yanar gizo, da Gmel. Duk da abubuwan da ke tattare da tartsatsi, Thunderbird ne kawai ya ɗauki matakai don magance matsalar ta yin la'akari da faci mai zuwa. Sabanin haka, Microsoft da Google har yanzu ba su samar da ingantattun tsare-tsare don magance wannan raunin ba, yana barin masu amfani da damar yin amfani da su.
Yayin da imel ya kasance ginshiƙin sadarwar zamani, wannan raunin yana nuna buƙatar tsauraran matakan tsaro na imel. Tsananin faɗakarwa da matakan faɗakarwa suna da mahimmanci don rage haɗarin haɓaka barazanar imel. Bugu da ƙari, haɓaka al'adar alhakin haɗin gwiwa da sa hannu ta hanyar haɗin gwiwa da aiki tare shine mabuɗin ƙarfafa tsaro.
