20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Celera Networks today at (617) 375-9100.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 18 March 2018

Captcha Image

Request a Free Consultation

  • Company name *
  • First Name *
  • Last Name *
  • Title
  • Phone
  • What are your concerns?

      Sign up for our Newsletter!

      • Company *
      • First Name *
      • Last Name *

          Mobile? Grab this Article!

          QR-Code dieser Seite

          Tag Cloud

          security Tip of the Week technology Hackers Privacy Best Practices Cloud Business Computing Productivity business Malware Microsoft Internet IT Services Backup Hosted Solutions Managed Service Provider IT Support Email Network Mobile Devices Workplace Tips Communication Hardware Disaster Recovery Computer Smartphones Mobile Device Management Microsoft Office network security Holiday Windows Miscellaneous Business Continuity Small Business Windows 10 Efficiency Software Data Server Smartphone Google Alert Business Management User Tips Virtualization Internet of Things Upgrade Saving Money Ransomware Social Media WiFi Remote Monitoring Innovation Cybersecurity BYOD Passwords VoIP Remote Computing Operating System Gmail Big Data Android Browser Apple Spam Vendor Management App Mobile Computing The Internet of Things Office Apps Hacking Phishing Analytics Facebook Information Technology Budget Collaboration Wireless Technology Artificial Intelligence Business Growth Risk Management Gadgets Data Management Retail Office 365 Best Practice IT Solutions Cybercrime Tech Support Bring Your Own Device Hacker Save Money Customer Service Managed IT Services Cost Management Automation Going Green Robot Outsourced IT Office Tips Money Presentation Website Content Filtering Firewall Downtime Antivirus Lithium-ion Battery Proactive IT Running Cable intranet Current Events Customer Relationship Management virus Avoiding Downtime End of Support Hosted Solution Bitcoin IT service Maintenance Two-factor Authentication communications Data storage Recovery IT Consultant Managed IT Hard Drives Saving Time Mobile Device Laptop Cortana VPN Social Engineering Health Employer-Employee Relationship Outlook Application Computers Document Management Private Cloud Excel project management Company Culture Hiring/Firing Tablet Wireless Data Breach Business Owner iPhone Data Recovery Settings Competition Bandwidth Virtual Desktop IT Support eWaste Administration Search Cryptocurrency Net Neutrality Humor Twitter Trending Education Analyitcs Network Congestion Google Docs Blockchain Programming Hacks Vulnerabilities Augmented Reality Specifications User Disaster Marketing Social LiFi Websites Phone System Productivity Piracy Chrome USB Windows 8 PowerPoint Cloud Computing Samsung Statistics Password Save Time Work/Life Balance Data Security Safety Quick Tips Mouse Update Mobile Technology Law Enforcement Encryption Solid State Drive Hard Drive Disposal Paperless Office Windows 8.1 Update Backups Redundancy Printer Mobile Payment Word Freedom of Information Device security Gadget YouTube Alt Codes Unified Threat Management Legal Printer Server Patch Management News Domains Tech Term Politics Public Cloud Debate Typing Fiber-Optic Users Wi-Fi Downloads Consumers IT Plan Black Market Skype bdr Comparison Fake News Public Speaking Identity Theft HTML Telephony Memory Fraud security breach 5G data breaches Business Intelligence Google Drive Migration LinkedIn Halloween Television Heating/Cooling Microsoft Excel IBM Managed IT Services Environment Data Protection Training Computer Repair email scam Modern technology risk Business Technology Processors Best Available Scary Stories Cyber-attacks Display Troubleshooting Mobility History Router File Sharing People business owners cyberattack Desktop Notifications Video Surveillance Sports SharePoint Monitors Unified Communications Tip of the week Flexibility Files Touchscreen Licensing Printing Computing Infrastructure Fun cyberattacks Storage Applications Telephone Systems Distributed Denial of Service Writing Managed Service Providers Digital Data loss Computing Vulnerability Help Desk businesses Entrepreneur Refrigeration Dark Data Mobile Security Crowdsourcing Buisness Evernote Botnet Deep Learning Virtual Assistant today ’s world IP Address IT Management Google Wallet Networking Virtual Reality Knowledge Software as a Service Documents Government CIO Data Warehousing Hard Drive experience downtime Mobile Office Google Calendar Digital Signature Drones Business Cards Experience Technology Tips Windows Server 2008 Compliance PDF Online Currency Crowdfunding User Error Identities Access Control Travel Software License Windows 7 Regulations Undo Co-managed IT Multi-factor Authentication test post Motion Sickness Chromebook How To Uninterrupted Power Supply GPS Error Personal Information Cleaning Emoji Upgrades Hard Disk Drive Tracking Electronic Medical Records Computer Care 3D Printing Automobile Staffing Unsupported Software Administrator Taxes Mobile Data Corporate Profile Devices Sync Web Server WannaCry Supercomputer Mobile Device Managment Cameras IT Budget Data Backup CCTV Digital Payment G Suite Point of Sale Value Machine Learning Google Maps Unified Threat Management SaaS Cabling Meetings UTM Relocation Physical Security Software Tips Infrastructure Webcam