Fuse Networks Blog

Fuse Networks has been serving the Tukwila area since 2009, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Fuse Networks today at 855-GET-FUSE (438-3873).

ALERT: Your Business’ Infrastructure May Be Suscep...
Tip of the Week: Don’t Let Your Old Android Device...
 

Comments

Comments are not available for public users. Please login first to view / add comments.

Newsletter Sign Up

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Tip of the Week Security Best Practices Technology Privacy Network Security Tech Term Cybersecurity Android Hackers Business Computing Cost Management Artificial Intelligence Innovation User Tips Smartphone Internet Small Business Malware Ransomware Business Technology Collaboration Google Business IT Support Cybercrime Backup Saving Money Data Security Data recovery Blockchain Email Patch Management Internet of Things Maintenance Vulnerability Vulnerabilities Bandwidth Data Breach Access Control Business Management Holiday Applications Communications Data loss Phishing Computer Passwords Mobile Device Software Hacking Social Engineering Data Backup Update Productivity Gmail Office 365 Remote Monitoring Scam Smartphones Bitcoin Mobile Device Management Hardware Network Tech Terms Alert Robot Going Green Startup Business Continuity Operating System Desktop Apps Paperless Office HTML Tip of the week Budget Gadgets Download Browser Information Technology Distributed Denial of Service Computer Care Database VPN Managed IT Services Computing Infrastructure Comparison Upload Antivirus Freedom of Information Downloads Tactics Data Protection Legislation Networking Social Media Specifications Trends Virtualization App Mobile Technology News Mobility Addiction Windows 10 Digital Apple VoIP Business Cards Television Gamification Screen Reader Virtual Reality Mobile Security Fake News Unified Communications Automation Devices Virtual Assistant Emails Communication Mouse Cortana Conferencing Company Culture Websites Microsoft Excel Printing IT Management Machine Learning Compliance Bluetooth Google Maps Disaster Government Microsoft Office Identity Theft Multi-factor Authentication Facebook Hard Drive Network Management Regulations Wireless Headphones Emergency Legal Chromebook Device security Website Cryptocurrency Hard Drive Disposal Google Calendar Encryption Accountants Cleaning Downtime SharePoint Law Enforcement Backup and Disaster Recovery Disaster Recovery Spam email scam Document Management Managed IT services Training Knowledge Computers Piracy project management WiFi Mobile Devices Two-factor Authentication eWaste Google Docs Service Level Agreement Equifax Nanotechnology Software License Laptop Money Audit Printer Augmented Reality Data Excel Tech Support Safety Productivity The Internet of Things Hiring/Firing Multi-Factor Security Competition Fun Big Data Users Employer-Employee Relationship BDR Miscellaneous Upgrade Wireless Search Server Wi-Fi Presentation Microsoft Cloud Windows 10 5G Wireless Technology Managed Service Provider IBM Hacker Marketing Managing Stress IT Services Customer Relationship Management IP Address Content Customer Service Mobile Office Domains Hard Drives Twitter Public Speaking Hosted Solutions Lithium-ion battery