facebook linkedin twitter

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Computerware today at (703) 821-8200.

ALERT: Your Business’ Infrastructure May Be Suscep...
Looking at the Landscape of Email Fraud


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, October 23, 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Business Computing Software Hackers Microsoft Backup Managed Service Provider Workplace Tips Productivity Data Hardware Business Saving Money Email Malware Network Security IT Services IT Support Hosted Solutions Efficiency Google Small Business Computer Smartphones User Tips Gadgets Quick Tips Mobile Devices Business Continuity Disaster Recovery Innovation Virtualization Network Android Microsoft Office Mobile Office Social Media Server VoIP Mobile Device Management Collaboration Smartphone Communication Miscellaneous Ransomware Upgrade Windows 10 Data Backup Unified Threat Management Data Recovery Windows Operating System Tech Term Remote Monitoring IT Support Passwords Holiday Productivity BYOD Remote Computing Mobile Computing Managed IT services Vendor Management Facebook WiFi communications Cybersecurity Apps Marketing BDR The Internet of Things Analytics History Users Apple Automation Firewall Outsourced IT Internet of Things Alert Data Management Phishing Mobile Device Managed IT Services Browser Save Money Artificial Intelligence App Big data IT Consultant Antivirus Office Maintenance Bandwidth Health Content Filtering Encryption Spam Going Green Gmail Bring Your Own Device Wireless Technology Search Cybercrime Printer Tech Support Virus Cost Management Managed IT Best Practice Information Technology Office 365 Lithium-ion Battery Budget Hiring/Firing Two-factor Authentication Hard Drives Outlook Help Desk Windows 8 Saving Time Computers VPN Recovery Employer-Employee Relationship Travel Update Hacking Training Phone System Money IBM Document Management Business Technology Cloud Computing Website Government SaaS Administration Intranet Windows 10 Humor Education Law Enforcement Risk Management Compliance Data storage Access Control Save Time Hard Drive It Management Networking Legal Customer Service Running Cable Regulations Proactive IT Sports Fax Server Information Disaster Data Breach Computing Twitter End of Support Hosted Solution Robot Word Project Management Securty Machine Learning Password Cortana Avoiding Downtime Telephone Systems Solid State Drive Applications iPhone Hacker Business Intelligence Flexibility Black Market Digital Payment Laptop Excel Downtime File Sharing Business Growth Current Events Data Security User Comparison Tablet Customer Relationship Management Company Culture Patch Management Blockchain Mobility Augmented Reality Data Loss PowerPoint Wireless Computer Repair Social Engineering DDoS Social Networking Paperless Office Storage Statistics Lifestyle Computing Infrastructure Webcam Hack Programming Unified Communications Settings Redundancy Management Text Messaging How To Network Congestion Vulnerabilities Private Cloud Download Retail Digital Healthcare eWaste Streaming Media IT service Websites Telephony Tech Terms Inbound Marketing Taxes Value Start Menu Mobile Technology Distributed Denial of Service Net Neutrality Bluetooth Software as a Service Uninterrupted Power Supply Public Cloud Processors Pain Points Chrome Managed Service USB Cryptocurrency Vendor Google Docs Identity Theft Router Bitcoin Conferencing Presentation Data Protection Computer Accessories Experience Google Maps Specifications Safety Monitors User Error Virtual Desktop Cleaning Co-managed IT Trending Office Tips Virtual Reality Social Monitoring Politics Automobile Documents Gaming Console Emails Mouse Entertainment YouTube Chromebook Heating/Cooling Scam Micrsooft Google Calendar Multi-factor Authentication Tip of the week Messenger GPS Tracking Drones VoIP Migration Connected Devices External Harddrive PDF Point of Contact Touchscreen News Wireless Headphones Rental Service Telephone Meetings Network Management Cabling Best Practives Consultation Evernote Equifax Fleet Tracking Web Server Best Available Keyboard Knowledge Domains Proxy Server Technology Tips Device security Wi-Fi MSP Administrator Thin CLient Permissions Language Virtual Assistant Books 3D Workers Ebay Recycling Electronic Medical Records Microserver Audit Desktop Finance Smart Phones Analytic Fake News Nanotechnology Social Network Supercomputer Public Speaking Business Cards Service Level Agreement Worker Product Reviews switches Writing Data Warehousing Startup Microchip Asset Tracking Shortcut Music Samsung Pirating Information Troubleshooting Dark Web Upgrades Get More Done Access Username Leadership Entrepreneur Read Emergency Hard Drive Disposal Unified Threat Management Backup and Disaster Recovery Reading Adminstration Health IT Turn Key Computer Care Gamification G Suite Environment LiFi Printer Server Microsoft Excel Screen Reader Customer Resource management Employer Employee Relationship HIPAA Piracy Upload Licensing Electronic Payment Trojan Google Drive Windows Server 2008 Smart Tech Hacks Distribution Physical Security Competition Device Management Relocation Tablets Business Owner Business Managemenet Bookmark Deep Learning Spyware Mobile Payment HTML Banking Botnet Content Management Work/Life Balance Organize Vulnerability Fiber-Optic Database Electricity Printing Mobile Security Sync Visible Light Communication Memory Telephone System IP Address Software License Trends Human Resources IT consulting Windows 7 Multi-Factor Security Notifications Cost Upselling CCTV Application online Currency Tactics Reliable Computing Video Surveillance Browsers cache Television Devices Business Metrics Computer Malfunction Fraud LinkedIn CIO User Tip WannaCry Downloads UTM Content In Internet of Things Saving ZTime Advertising Flash Webinar Staffing Google Wallet Corporate Profile IT Plan Enterprise Resource Planning Windows XP Time Management Freedom of Information Legislation Error Digital Signature email scam Addiction Scalability Debate Skype Data Analysis Displays Assessment SharePoint Accountants A.I. Harddrive Motion Sickness Teamwork Archive Society Printers CrashOverride Fileless Malware Capital Productuvuty Managing Stress 3D Printing Regulation