{"id":240,"date":"2007-08-14T12:32:25","date_gmt":"2007-08-14T15:32:25","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=240"},"modified":"2007-08-14T12:32:25","modified_gmt":"2007-08-14T15:32:25","slug":"escaneo-de-puertos-mediante-ficheros-flash","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/","title":{"rendered":"Escaneo de puertos mediante ficheros Flash"},"content":{"rendered":"<p>Cualquier pel\u00c3\u00adcula Flash (una inocente animaci\u00c3\u00b3n, una demo de un programa, un banner, la cabecera animada de un sitio web\u00e2\u20ac\u00a6) es capaz de escanear los puertos TCP abiertos en tu m\u00c3\u00a1quina.<\/p>\n<p>\u00e2\u20ac\u0153Ah, bueno, pero yo tengo un cortafuegos que me aisla del exterior\u00e2\u20ac\u00a6\u00e2\u20ac\u009d<\/p>\n<p>Pues lo siento, pero sigues siendo vulnerable. Los puertos analizados son los del propio host donde se visualiza la peliculita. Es decir, que aunque est\u00c3\u00a9s usando NAT y salgas a Internet con la IP que sea, se puede escanear tu localhost 127.0.0.1\u00e2\u20ac\u00a6<\/p>\n<p>La causa: una fallo de dise\u00c3\u00b1o en el manejo de sockets en ActionScript 3, que permite saltarse el modelo de seguridad sandbox de Flash.<\/p>\n<p>Sistemas afectados: seg\u00c3\u00ban el descubridor, se ha comprobado con Flash Player 9 en Windows XP SP2 (con Explorer y Firefox), en Mac OS X 10.4 (con Safari y Firefox), en Ubuntu y Solaris 10 (con Firefox). Yo mismo lo he comprobado tambi\u00c3\u00a9n en Arch Linux con Firefox y Epiphany. Una vez m\u00c3\u00a1s, parece que Opera se salva. Tampoco me ha funcionado la demo con Konqueror ni con m\u00c3\u00a1quinas virtuales.<\/p>\n<p>Soluci\u00c3\u00b3n: mientras Adobe no saque ninguna soluci\u00c3\u00b3n s\u00c3\u00b3lo cabe deshabilitar Flash o permitir Flash s\u00c3\u00b3lo a sitios fiables. Tambi\u00c3\u00a9n se puede prevenir con NoScript y desinstalando Flash Player 9 y volviendo a la versi\u00c3\u00b3n 8.<\/p>\n<p>La misma p\u00c3\u00a1gina que informa del bug incluye la demostraci\u00c3\u00b3n, que requiere habilitar Javascript y Flash. <\/p>\n<p>No estar\u00c3\u00ada mal que hicier\u00c3\u00a1is vuestras propias pruebas y poste\u00c3\u00a1rais los resultados aqu\u00c3\u00ad.<\/p>\n<p>Enlaces relacionados:<\/p>\n<p>Design flaw in AS3 socket handling allows port probing<br \/>\nhttp:\/\/scan.flashsec.org\/<\/p>\n<p>Fuente: http:\/\/www.kriptopolis.org\/escaneao-de-puertos-mediante-flash<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cualquier pel\u00c3\u00adcula Flash (una inocente animaci\u00c3\u00b3n, una demo de un programa, un banner, la cabecera animada de un sitio web\u00e2\u20ac\u00a6) es capaz de escanear los puertos TCP abiertos en tu m\u00c3\u00a1quina. \u00e2\u20ac\u0153Ah, bueno, pero yo tengo un cortafuegos que me aisla del exterior\u00e2\u20ac\u00a6\u00e2\u20ac\u009d Pues lo siento, pero sigues siendo vulnerable. Los puertos analizados son los [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,1],"tags":[],"class_list":["post-240","post","type-post","status-publish","format-standard","hentry","category-noticias","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Escaneo de puertos mediante ficheros Flash<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Escaneo de puertos mediante ficheros Flash\",\"datePublished\":\"2007-08-14T15:32:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/\"},\"wordCount\":282,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Noticias\",\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Escaneo de puertos mediante ficheros Flash\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2007-08-14T15:32:25+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Escaneo de puertos mediante ficheros Flash","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Escaneo de puertos mediante ficheros Flash","datePublished":"2007-08-14T15:32:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/"},"wordCount":282,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Noticias","Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/","url":"https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Escaneo de puertos mediante ficheros Flash","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2007-08-14T15:32:25+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/escaneo-de-puertos-mediante-ficheros-flash\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=240"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/240\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}