Fuse Networks Blog

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Fuse Networks today at 855-GET-FUSE (438-3873).

ALERT: Your Business’ Infrastructure May Be Suscep...
Tip of the Week: Don’t Let Your Old Android Device...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, December 11 2018

Captcha Image

Newsletter Sign Up

  • No-Spam Guarantee: We hate spam as much or more than you do and will NEVER rent, share or give your information away to anyone else. We will only use your information to communicate with you direct, and you can also remove yourself from our list at any time with a simple click..
  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Tech Term Best Practices Hackers Network Security Business Computing Data Backup Privacy Computer Android Innovation Data recovery Productivity Collaboration Data Software IT Support Cybersecurity Efficiency Internet User Tips Email Communication IT Services Mobile Device Malware Google Hardware Business Technology Smartphone Cloud Communications Small Business Blockchain Browser Cybercrime Office 365 Business Management Backup Cost Management Applications Managed Service Artificial Intelligence Mobile Device Management Access Control Data Security Two-factor Authentication Information Passwords Phishing Workplace Tips BDR Maintenance Ransomware Saving Money Business Mobile Devices Saving Time Automation Printer Holiday Websites Conferencing Tech Terms Document Management Bitcoin Network Apps Vendor Bandwidth Data Breach Microsoft Office Alert Patch Management Disaster Recovery Google Maps Social Engineering Internet of Things Vulnerability Hacking Remote Monitoring Scam Update Vulnerabilities Data loss Smartphones Managed IT services Facebook Social Media Cloud Computing Gmail Telephone Comparison Windows 10 Apple Gamification Legal Bookmark Managed IT Services Mobile Security Knowledge Google Calendar Outsourced IT Computing Infrastructure Devices Equifax Service Level Agreement Cryptocurrency Laptop VoIP Screen Reader Directions Hard Drive Disposal Freedom of Information Nanotechnology Downloads Social Network Specifications Health IT SharePoint Downtime Microsoft Emails Hosted Solutions Law Enforcement Browsers Monitoring Evernote Networking Compliance Augmented Reality Startup Going Green NCSAM Desktop Cost email scam HTML Machine Learning Analytics News Mobile Technology Operating System Travel Cortana Mobility Paperless Office Customer Resource management Television project management Piracy Bluetooth WiFi Digital Multi-factor Authentication Management Business Continuity Google Docs Healthcare Business Cards Regulations Productivity Download Managed Service Provider Unified Communications IT Microchip eWaste VPN Network Management Audit Proxy Server Fake News Virtual Reality Gadgets Budget Username Disaster Virtual Assistant Device security Database Telephone System Mouse Sports Money Software License Wireless Headphones Content Entertainment Chromebook Computing Tech Big Data Upload Printing Support Excel Antivirus IT Management Processor Robot Data Protection Website Accountants Encryption Help Desk Microsoft Excel Company Culture Users Fuse Networks Emergency Miscellaneous Tactics Electronic Medical Records Cleaning BYOD Data Analysis Backup and Disaster Recovery Error Term Legislation Trends Government CIO Tip of the week Navigation Training Computer Care Vendor Management Identity Theft App Hard Drive Addiction User Tip Distributed Denial of Service Information Technology Spam Computers Virtualization Fileless Malware Twitter Hard Drives Public Speaking Search Regulation Presentation Wi-Fi Printers Server Lithium-ion battery Windows 10 Wireless Technology 5G Tech Support Safety IBM Managing Stress The Internet of Things Marketing Hacker Multi-Factor Security Competition Customer Relationship Management Hiring/Firing IP Address Fun Quick Tips Customer Service Employer-Employee Relationship Upgrade Mobile Office Domains Wireless