Computerware has been serving the Vienna area since 1976, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Computerware today at (703) 821-8200.

ALERT: Your Business’ Infrastructure May Be Suscep...
Looking at the Landscape of Email Fraud


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 21 April 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Microsoft Software Business Computing Hackers Backup Managed Service Provider Productivity Workplace Tips Data Hardware Saving Money Business Malware Email IT Support IT Services Hosted Solutions Network Security Google Small Business Efficiency Smartphones Gadgets Quick Tips Mobile Devices User Tips Business Continuity Computer Disaster Recovery Virtualization Mobile Office Network Microsoft Office Server VoIP Social Media Mobile Device Management Smartphone Android Windows 10 Miscellaneous Upgrade Innovation Ransomware Windows Unified Threat Management Remote Monitoring Passwords Holiday Operating System Remote Computing Mobile Computing BYOD Communication Collaboration Apps WiFi Vendor Management The Internet of Things Marketing Facebook Managed IT services Firewall Analytics History Cybersecurity Apple Users communications IT Support Data Management Productivity Alert Save Money Internet of Things IT Consultant Managed IT Services Phishing Outsourced IT Content Filtering BDR Spam Big data Bring Your Own Device Office App Automation Gmail Health Information Technology Best Practice Going Green Outlook Mobile Device Maintenance Wireless Technology Virus Budget Data Backup Search Bandwidth Lithium-ion Battery Windows 8 Hard Drives Hiring/Firing Tech Support Antivirus Artificial Intelligence Data Recovery Browser Managed IT Employer-Employee Relationship IBM Cost Management Update Phone System Encryption Hacking Office 365 Help Desk Money Printer Recovery Cybercrime Data storage Risk Management Cloud Computing Document Management Legal Administration Saving Time Intranet SaaS Two-factor Authentication Customer Service Website Travel It Management Education Hard Drive Save Time Networking Proactive IT Humor Training Computers VPN Running Cable Law Enforcement Government Business Intelligence Excel Word Flexibility Data Loss Cortana Password Laptop Hacker Data Breach Computer Repair Downtime Project Management Tablet Company Culture Hosted Solution Wireless Robot Social Engineering Compliance Black Market Digital Payment Mobility Business Growth Comparison Fax Server Augmented Reality Windows 10 PowerPoint Telephone Systems Social Networking User Twitter Disaster Avoiding Downtime End of Support Access Control DDoS Securty Solid State Drive Data Security Current Events iPhone User Error Bitcoin Patch Management Google Maps Cryptocurrency Emails Google Docs Blockchain Redundancy Gaming Console Cleaning Trending Hack Processors Office Tips Webcam USB Private Cloud Regulations Statistics Presentation Paperless Office Sports Computing Virtual Desktop Distributed Denial of Service Identity Theft Streaming Media Documents Programming Inbound Marketing Public Cloud IT service Heating/Cooling Virtual Reality Business Technology Co-managed IT Bluetooth Chrome Computing Infrastructure Retail Experience Router eWaste Scam Computer Accessories Value Automobile Customer Relationship Management Lifestyle Telephony Monitors Mouse How To Digital Text Messaging YouTube Websites Unified Communications Tech Terms Start Menu Settings Safety Specifications Taxes Social Software as a Service Vulnerabilities Uninterrupted Power Supply Mobile Technology Network Congestion Pain Points Politics Net Neutrality Tech Term Data Protection Chromebook cache Analytic CCTV Piracy Upselling Webinar Messenger Content Management Public Speaking HTML Corporate Profile Television In Internet of Things Work/Life Balance Download Assessment Software License Video Surveillance Books Scalability Entrepreneur IT consulting LinkedIn Devices HIPAA VoIP SharePoint Saving ZTime Business Managemenet Meetings Best Practives Microchip Electronic Payment CIO Consultation Tip of the week IT Plan Debate Cabling Reading Archive Windows XP IP Address Society Audit Accountants Evernote Microserver Administrator Supercomputer Hacks Human Resources Micrsooft Point of Contact Virtual Assistant Emergency Migration Worker Relocation Machine Learning Computer Care Equifax Data Warehousing Turn Key Thin CLient Skype Employer Employee Relationship Trojan Notifications Google Drive Hard Drive Disposal Vulnerability Desktop Teamwork Licensing Organize Reliable Computing Music Printing Startup Storage Electricity Windows Server 2008 Leadership Botnet Upgrades PDF Unified Threat Management LiFi Applications Device Management Best Available Keyboard Domains Downloads Smart Tech WannaCry Windows 7 Product Reviews Computer Malfunction Rental Service Deep Learning Time Management Fiber-Optic Read online Currency Shortcut Visible Light Communication Mobile Security Memory Wi-Fi Google Calendar Multi-Factor Security Troubleshooting Freedom of Information Motion Sickness Tracking Staffing Environment Touchscreen Fraud Harddrive Competition Advertising Knowledge UTM Flash Google Wallet Technology Tips Legislation Business Owner News External Harddrive Web Server Workers GPS Displays email scam Application Multi-factor Authentication Get More Done Banking Drones Wireless Headphones Access Fake News Smart Phones Ebay Samsung Printer Server 3D File Sharing Permissions Device security Recycling Digital Signature G Suite Language Business Metrics Entertainment Spyware Microsoft Excel Physical Security Pirating Information Tablets Adminstration Writing switches Business Cards Mobile Payment Sync 3D Printing Capital Productuvuty CrashOverride Nanotechnology