20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Celera Networks today at (617) 375-9100.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 17 January 2018

Captcha Image

Request a Free Consultation

  • Company name *
  • First Name *
  • Last Name *
  • Title
  • Phone
  • What are your concerns?

      Sign up for our Newsletter!

      • Company *
      • First Name *
      • Last Name *

          Mobile? Grab this Article!

          QR-Code dieser Seite

          Tag Cloud

          security Tip of the Week technology Privacy Best Practices Cloud Hackers Productivity Business Computing business Malware Microsoft Internet IT Services Backup IT Support Hosted Solutions Managed Service Provider Email Network Mobile Devices Workplace Tips Communication Hardware Smartphones Computer Microsoft Office Disaster Recovery Mobile Device Management Holiday Windows Miscellaneous Windows 10 Efficiency Data network security Business Continuity Small Business Server Alert Smartphone Virtualization User Tips Software Upgrade Saving Money Google Business Management WiFi Social Media Internet of Things BYOD Passwords Gmail Remote Computing Ransomware Operating System VoIP Big Data Android Vendor Management Apple Remote Monitoring Spam Innovation Cybersecurity The Internet of Things Mobile Computing App Office Browser Analytics Artificial Intelligence Collaboration Wireless Technology Apps Phishing Business Growth Facebook Risk Management Budget Hacker IT Solutions Information Technology Robot Outsourced IT Retail Best Practice Office Tips Save Money Tech Support Bring Your Own Device Going Green Data Management Customer Service Automation Gadgets Office 365 Managed IT Services Money Content Filtering Firewall Hacking Hard Drives Lithium-ion Battery Cortana Running Cable Customer Relationship Management virus Employer-Employee Relationship Cost Management IT Consultant Saving Time End of Support Computers Managed IT Health Document Management Mobile Device Hosted Solution Outlook IT service Bitcoin Proactive IT Current Events Application Data storage Avoiding Downtime Recovery Presentation Social Update Law Enforcement Downtime Business Owner LiFi Maintenance Competition eWaste Search project management Marketing Humor Trending Education Analyitcs Network Congestion Safety Mouse Twitter Encryption Programming Windows 8 Specifications User Disaster Website IT Support Wireless Laptop Settings Phone System Bandwidth USB Quick Tips VPN Chrome Virtual Desktop Administration PowerPoint Samsung Cryptocurrency Social Engineering Statistics Password Antivirus Save Time iPhone Google Docs intranet communications Two-factor Authentication Cybercrime Hacks Work/Life Balance Excel Tablet Net Neutrality Hiring/Firing Fun Software as a Service Travel Printing Networking Storage Regulations Data Warehousing Computer Repair Private Cloud Paperless Office Hard Drive Google Calendar Technology Tips Entrepreneur Computing Business Cards Dark Data Gadget Buisness Windows Server 2008 Router Debate Refrigeration Skype Consumers Deep Learning Data Security IP Address Access Control Knowledge Mobile Technology Memory Google Wallet Politics CIO Windows 7 LinkedIn Public Cloud Hard Drive Disposal Touchscreen Mobile Office Black Market Experience Mobile Payment Environment Drones Telephony User Error Freedom of Information Data Breach Best Available Identities security breach Unified Threat Management Troubleshooting History Patch Management People Training News Undo Downloads Video Surveillance Solid State Drive Modern technology Fiber-Optic Backups Processors Display Comparison Word Mobility File Sharing YouTube Fake News Licensing data breaches Alt Codes business owners Fraud Legal Notifications Monitors Television Online Currency Managed Service Providers Files Flexibility Microsoft Excel Piracy Domains Managed IT Services Wi-Fi risk Typing email scam Telephone Systems bdr Writing Cyber-attacks Websites Blockchain Company Culture Public Speaking 5G cyberattack Windows 8.1 Update Business Intelligence Printer Productivity Documents Help Desk Vulnerabilities Google Drive Crowdsourcing Digital Signature Halloween SharePoint Heating/Cooling Botnet today ’s world Tip of the week IBM cyberattacks Crowdfunding Printer Server PDF Computing Infrastructure Government Scary Stories Distributed Denial of Service Users experience downtime Digital Data loss Augmented Reality businesses Co-managed IT Vulnerability Sports Compliance Evernote Unified Communications Virtual Assistant IT Management Cloud Computing Webcam Motion Sickness Chromebook How To Cabling GPS Error Personal Information Cleaning Emoji Tracking Upgrades Infrastructure Electronic Medical Records Computer Care Identity Theft 3D Printing Uninterrupted Power Supply Automobile Staffing Unsupported Software Hard Disk Drive test post Administrator Taxes Mobile Data Sync Web Server Supercomputer Mobile Device Managment Cameras IT Budget Corporate Profile CCTV Digital Payment WannaCry G Suite Virtual Reality Point of Sale Google Maps Machine Learning Unified Threat Management SaaS Data Backup Meetings Software Tips Relocation Physical Security