{"id":484,"date":"2009-02-25T07:18:56","date_gmt":"2009-02-25T10:18:56","guid":{"rendered":"https:\/\/www.talsoft-security.com\/site\/?p=484"},"modified":"2009-02-25T07:18:56","modified_gmt":"2009-02-25T10:18:56","slug":"desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/","title":{"rendered":"Desaconsejan confianza a ciegas en el candado de SSL"},"content":{"rendered":"

\"\" SSL (Secure Socket Layer), el sistema m\u00c3\u00a1s usado en el mundo para el cifrado de datos transmitidos v\u00c3\u00ada redes inform\u00c3\u00a1ticas, ya no es totalmente seguro. Hacker ha logrado vulnerarlo con una combinaci\u00c3\u00b3n de ingenier\u00c3\u00ada social y software.<\/span> <\/p>\n

En el marco de la conferencia Black Hat, realizada en Washington DC, Estados Unidos, el hacker Moxie Marlinspike demostr\u00c3\u00b3 la forma en que un software, combinado con t\u00c3\u00a9cnicas de phishing (en que se induce a un usuario a acceder a un sitio adulterado), hace posible acceder subrepticiamente al sistema SSL.<\/p>\n

El hacker demostr\u00c3\u00b3 adem\u00c3\u00a1s un procedimiento que le permiti\u00c3\u00b3 apoderarse de 16 n\u00c3\u00bameros de tarjetas de cr\u00c3\u00a9dito, acceder a 117 cuentas de Gmail e ingresar a 300 otras \u00c3\u00a1reas cifradas de Internet.<\/p>\n

Esto significa, en los hechos, que el s\u00c3\u00admbolo del candado que parece en el extremo inferior derecho del navegador cuando el usuario se conecta a un sitio seguro con direcci\u00c3\u00b3n https ha dejado de ser seguro.<\/p>\n

Marlinspike us\u00c3\u00b3 el programa gratuito “SSL Strip”, instal\u00c3\u00a1ndolo como “unidad intermedia” entre la conexi\u00c3\u00b3n SSL y el usuario, rompiendo as\u00c3\u00ad la cadena de seguridad de la cual hasta ahora han dependido los pagos seguros en l\u00c3\u00adnea.<\/p>\n

Las direcciones de sitios corrientes comienzan con “http”, en tanto que las p\u00c3\u00a1ginas que transportan informaci\u00c3\u00b3n cifrada comienzan con “https”, donde la letra “s” significa “seguridad”. Al usar una p\u00c3\u00a1gina https falsa, Marlinspike enga\u00c3\u00b1\u00c3\u00b3 al usuario, haci\u00c3\u00a9ndole creer que se estaba conectando a una p\u00c3\u00a1gina segura.<\/p>\n

El hacker asegur\u00c3\u00b3 en la conferencia haber usado las p\u00c3\u00a1ginas del sitio de pagos PayPal para obtener la informaci\u00c3\u00b3n del caso. Aparte de ello habr\u00c3\u00ada usado Facebook, Gmail y sitio de venta de billetes Ticketmaster.<\/p>\n

Marlinspike asegur\u00c3\u00b3 haberse apropiado mediante estos sitios de la informaci\u00c3\u00b3n de los usuarios, lo que le permiti\u00c3\u00b3 a acceder a 117 cuentas de correo electr\u00c3\u00b3nico Gmail.<\/p>\n

Fuente: ITPro.co.uk
\nFuente ilustraci\u00c3\u00b3n: secure-travel.co.uk y DiarioTi
\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

SSL (Secure Socket Layer), el sistema m\u00c3\u00a1s usado en el mundo para el cifrado de datos transmitidos v\u00c3\u00ada redes inform\u00c3\u00a1ticas, ya no es totalmente seguro. Hacker ha logrado vulnerarlo con una combinaci\u00c3\u00b3n de ingenier\u00c3\u00ada social y software. En el marco de la conferencia Black Hat, realizada en Washington DC, Estados Unidos, el hacker Moxie Marlinspike […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-484","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"\nTalSoft - Seguridad Inform\u00e1tica Empresarial - Desaconsejan confianza a ciegas en el candado de SSL<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Desaconsejan confianza a ciegas en el candado de SSL\",\"datePublished\":\"2009-02-25T10:18:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/\"},\"wordCount\":339,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg\",\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Desaconsejan confianza a ciegas en el candado de SSL\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg\",\"datePublished\":\"2009-02-25T10:18:56+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage\",\"url\":\"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg\",\"contentUrl\":\"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Desaconsejan confianza a ciegas en el candado de SSL","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Desaconsejan confianza a ciegas en el candado de SSL","datePublished":"2009-02-25T10:18:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/"},"wordCount":339,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage"},"thumbnailUrl":"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg","articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/","url":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Desaconsejan confianza a ciegas en el candado de SSL","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage"},"thumbnailUrl":"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg","datePublished":"2009-02-25T10:18:56+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/desaconsejan-confianza-a-ciegas-en-el-candado-de-ssl\/#primaryimage","url":"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg","contentUrl":"http:\/\/www.diarioti.com\/sisimg\/21360b_ssl_candado_120.jpg"},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=484"}],"version-history":[{"count":1,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/484\/revisions"}],"predecessor-version":[{"id":485,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/484\/revisions\/485"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}