Menu - Option Selects

Gratuitous certificates SSL/HTTPS, emitted by Let's Encrypt are used in fraudulent webpages

Gratuitous certificates SSL/HTTPS, emitted by Let's Encrypt are used in fraudulent webpages

HTTPS-Not-Secure.png

Internet is full of threats and dangers for the users. When we visited a webpage we can know if this is legitimate verifying, if it has a digital certificate correctly signed, being able to sail safely by her through SSL/HTTPS. Until now, to obtain a digital certificate SSL supposed a quite complex process and was necessary to pass a series of tests to demonstrate that the Web was legitimate and safe, nevertheless, the launching of Let's Encrypt has supposed before and later in terms of security.

Let's Encrypt, is a new platform, that allow any user to obtain free and simple, legitimate digital certificates for its webpages of totally gratuitous form. Thanks to them, any user can form a connection HTTPS with a digital signature that demonstrates the legitimacy of the website and offers to the users a sensation of security within its Web. Nevertheless, as it always happens, whenever he appears something good are some that turns it into something bad and dangerous.

Several experts of security notice on the exponential increase of certificates issued by Let's Encrypt that are used by hackers, to settle down safe connections with their servers/malicious Webs, being able to carry out different action without raising as soon as suspicions. An example of this could the past be seen of December, when it began to use a certificate issued by this organization to redirigir to the users towards a servant controlled by hackers and to distribute exploits of the kit Angler with which to be able to infect to the users with a banking Trojan that has already taken thousands from victims.

The technique that has used the hackers to take to end these attacks knows as “domain shadowing “. These hackers are able to create different subdomains behind a legitimate domain, but in fact these subdomains are lodged in a servant controlled by the attackers. For example, in this previous case the attackers created the ad.web_legitima.com domain that, although apparently seems an advertising servant, in fact is a domain controlled by pirates.

The S of connections HTTPS/SSL with certificates Let's Encrypt no longer is so “Secure?

Until now, he was practically unthinkable to find webpages that used certificates HTTPS to take to end malicious activities since at the moment at which any suspicious activity was detected the certificate is revoked and it is added to the black list of the filters of Internet, nevertheless, the times are changing and right now, as we have been able to previously see, he is relatively simple to obtain a certificate and to use it in a Web freely, making think the users who their connections are safe and legitimate when it is not really being thus.

The best option than could be taken to end is that the emitting organizations cancelled the issued certificates that are used with malicious aims, as it is the case. Nevertheless, this it is a complicated process that in the majority of the occasions cannot be carried out. For this reason, the only option that is to avoid this type of threats is that the own administrators Web suitably protect the Control Panels of their Webs to guarantee that no hacker creates new illegal subdomains without his knowledge.

At the same time, the users also must be conscious that “a safe? website does not have why to be it, and to avoid the attacks with more and more habitual exploits they must make sure to always use applications updated to his last versions and to have installed a software of trustworthy security with the last companies of virus with the purpose of to reduce to the minimum the probabilities of falling into the hands of hackers.

Recommendations

From bekkos you in seeing if the Web has green padlock or no, we recommended to you that always advised only not to have left you beat in but information and you verify that is the company that this behind the Web where you are buying or sailing is legitimate.

We in ours hosting and servers offer the possibility to the client, to install the gratuitous certificate of Let's Encrypt, but also we advised to read this before: Certificate of gratuitous Payment or?


Special supply

We gave disc to you cloud 3GB Micloud Zero with your new hosting/VPS, and if you want but space you have 30GB with a 50% of discount, it takes advantage of these supplies…

it punctures here to know but

Monthly promotion - Amazon

Of the hand of CompuPrint, we offer to you you complete supplies and discounts in Amazon

Kitchen mhelp in the button TO OBTAIN PROMOS to have the best discounts in technology. You do not let them escape, are per limited time and with a discount special offered by bekkos, already including in the price.

To obtain Promos Amazon

Our Hosting Soporta

Html5
Data bases Mysql
PHP 5x, JS, Java and .NET
Java
Jquery
Phyton

Scroll

  Remember to me

or   To create an account


To remember password? |  To remember usuary?
It does login with the credentials of user received by email, when you registered yourself. If he does not remember his user or password beats to remember password or user according to corresponds.

If he does not have user, he can register itself now beating in Creating Account or to do it ahead but.

×


Register now



  To register   or
Login