20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Computerware today at (703) 821-8200.

ALERT: Your Business’ Infrastructure May Be Suscep...
Looking at the Landscape of Email Fraud


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, July 17, 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Software Microsoft Business Computing Hackers Managed Service Provider Backup Productivity Workplace Tips Data Hardware Business Saving Money Malware Email IT Support IT Services Hosted Solutions Network Security Google Efficiency Small Business Smartphones Quick Tips Gadgets Mobile Devices Business Continuity User Tips Computer Disaster Recovery Mobile Office Network Virtualization Microsoft Office Innovation Android Server VoIP Mobile Device Management Social Media Smartphone Miscellaneous Upgrade Windows 10 Windows Ransomware Unified Threat Management Operating System Remote Monitoring Passwords Holiday BYOD Remote Computing Mobile Computing Collaboration Communication Vendor Management Apps Managed IT services Cybersecurity WiFi The Internet of Things Data Backup Marketing Facebook Data Recovery IT Support Analytics Firewall History Users Apple BDR Automation Internet of Things Productivity Tech Term Alert Data Management communications IT Consultant Outsourced IT Save Money Artificial Intelligence App Managed IT Services Phishing Spam Going Green Mobile Device Gmail Bandwidth Bring Your Own Device Office Big data Content Filtering Health Budget Hiring/Firing Hard Drives Outlook Windows 8 Browser Wireless Technology Managed IT Cybercrime Antivirus Search Encryption Maintenance Printer Virus Cost Management Tech Support Best Practice Information Technology Lithium-ion Battery Phone System Money IBM Document Management Help Desk Recovery Computers Employer-Employee Relationship Travel Hacking Update Office 365 Windows 10 SaaS Customer Service Two-factor Authentication Law Enforcement Running Cable Proactive IT Website Government Saving Time Compliance Training Data storage Administration VPN Intranet Humor It Management Education Hard Drive Business Technology Risk Management Networking Legal Regulations Cloud Computing Save Time Excel Downtime User Project Management Current Events Disaster Comparison Tablet End of Support Customer Relationship Management Hosted Solution Augmented Reality Robot Wireless Company Culture Securty DDoS PowerPoint Computer Repair Social Networking Telephone Systems Fax Server Solid State Drive Access Control Applications Twitter Flexibility Word Black Market Data Security Laptop Password Cortana Patch Management Blockchain Avoiding Downtime Business Growth Hacker Mobility Data Loss Social Engineering iPhone Business Intelligence Digital Payment Paperless Office Data Breach Sports Router Unified Communications Settings How To Download Digital Specifications Safety Computing Private Cloud Vulnerabilities Virtual Desktop Computer Accessories User Error Websites Healthcare Social Co-managed IT Trending Telephony Documents Start Menu Tech Terms Taxes Mobile Technology IT service Machine Learning Heating/Cooling Gaming Console Mouse Storage Software as a Service Distributed Denial of Service Statistics Text Messaging Lifestyle Webcam Programming Uninterrupted Power Supply Network Congestion Bluetooth Public Cloud Retail Bitcoin eWaste Cryptocurrency Identity Theft Data Protection Google Docs Streaming Media Value Inbound Marketing Google Maps Experience Monitors Politics Cleaning Virtual Reality Net Neutrality Office Tips Emails Processors Automobile Scam Chromebook Redundancy USB Pain Points Chrome Presentation YouTube Computing Infrastructure Hack Application Micrsooft Rental Service Consultation Meetings Evernote Wireless Headphones Human Resources Knowledge Migration Connected Devices Drones Web Server Technology Tips Equifax Cabling Virtual Assistant Network Management Upselling online Currency Device security Video Surveillance Books Workers Fake News Wi-Fi Administrator Audit Digital Signature LinkedIn Supercomputer Data Warehousing Nanotechnology Saving ZTime Webinar Permissions Language Desktop Finance Microchip Access Startup Entertainment Emergency Worker Hard Drive Disposal Business Cards Service Level Agreement Teamwork Computer Care Debate Skype switches Writing Reading Samsung Microsoft Excel Unified Threat Management Backup and Disaster Recovery Harddrive Archive Music GPS Upgrades Google Drive Employer Employee Relationship Windows Server 2008 Screen Reader PDF G Suite Gamification Hacks Spyware Physical Security Mobile Payment Smart Tech External Harddrive Point of Contact LiFi Vulnerability Licensing Piracy Upload Best Available Keyboard Banking Electricity Botnet Printing HTML Domains Best Practives Relocation Tablets Fiber-Optic Database Public Speaking 3D Ebay Deep Learning File Sharing Windows 7 Conferencing Thin CLient Work/Life Balance Sync Mobile Security Recycling Microserver Notifications cache CCTV Television Multi-Factor Security Smart Phones Analytic Visible Light Communication Memory Software License Trends Shortcut Business Metrics WannaCry Computer Malfunction Downloads Devices Troubleshooting Product Reviews IT consulting Reliable Computing Fraud Tactics Entrepreneur HIPAA Adminstration Pirating Information Get More Done Time Management Freedom of Information Monitoring Environment Leadership Read Corporate Profile In Internet of Things UTM Content Turn Key CIO Assessment SharePoint Legislation Electronic Payment Printer Server Advertising Flash IT Plan Enterprise Resource Planning Competition Motion Sickness Google Calendar Accountants Business Owner Trojan Windows XP Scalability Tip of the week email scam Addiction Device Management Staffing Google Wallet Multi-factor Authentication Information IP Address Business Managemenet Displays Messenger Touchscreen Tracking News Management Content Management Organize Society VoIP MSP Capital Username Productuvuty Managing Stress 3D Printing CrashOverride