Fuse Networks Blog

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Fuse Networks today at 855-GET-FUSE (438-3873).

ALERT: Your Business’ Infrastructure May Be Suscep...
Tip of the Week: Don’t Let Your Old Android Device...
 

Comments

Comments are not available for public users. Please login first to view / add comments.

Newsletter Sign Up

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Tip of the Week Security Technology Tech Term Best Practices Network Security Hackers Privacy Android Data recovery Software Business Computing Data Backup Cybersecurity User Tips Computer IT Support Innovation Malware Collaboration Email Small Business Backup Cost Management Google Artificial Intelligence Internet Business Technology Smartphone Data Communications Communication Blockchain Cybercrime IT Services Office 365 Maintenance Business Management Mobile Device Saving Money Ransomware Applications Business Hardware Mobile Device Management Access Control Data Security Two-factor Authentication Passwords Network Apps Phishing Vendor Bandwidth Data Breach Microsoft Office Browser Alert Patch Management BDR Social Engineering Internet of Things Vulnerability Hacking Remote Monitoring Managed Service Scam Update Vulnerabilities Data loss Smartphones Managed IT services Facebook Social Media Gmail Efficiency Productivity Information Holiday Conferencing Tech Terms Document Management Cloud Bitcoin Mobility email scam HTML Machine Learning News Mobile Technology Operating System Travel Cortana Digital Multi-factor Authentication Paperless Office Customer Resource management Television project management Piracy Bluetooth WiFi Management Business Continuity Google Docs Business Cards Regulations Download Unified Communications Disaster eWaste VPN Network Management Audit Fake News Virtual Reality Gadgets Budget Username Virtual Assistant Device security Database Telephone System Mouse Sports Money Software License Wireless Headphones Content Chromebook Computing Upload Printing Excel Antivirus Emergency IT Management Robot Data Protection Website Accountants Encryption Microsoft Excel Company Culture Fuse Networks Disaster Recovery Miscellaneous Tactics Electronic Medical Records Google Maps Cleaning BYOD Backup and Disaster Recovery Error Legislation Trends Government Tip of the week Training Computer Care Identity Theft App Hard Drive Addiction Cloud Computing User Tip Distributed Denial of Service Information Technology Spam Computers Virtualization Telephone Comparison Windows 10 Apple Gamification Legal Managed IT Services Mobile Security Screen Reader Knowledge Google Calendar Computing Infrastructure Devices Mobile Devices Equifax Service Level Agreement Cryptocurrency Laptop VoIP Hard Drive Disposal Automation Freedom of Information Nanotechnology Downloads Websites Printer Social Network Specifications Health IT SharePoint Downtime Microsoft Emails Law Enforcement Monitoring Networking Compliance Augmented Reality Startup Going Green Desktop Wireless Technology 5G Analytics Tech Support Safety IBM Managing Stress The Internet of Things Productivity Managed Service Provider Marketing Hacker Proxy Server Multi-Factor Security Competition Customer Relationship Management Hiring/Firing IP Address Big Data Fun Users Quick Tips Customer Service Employer-Employee Relationship Mobile Office Upgrade Domains Wireless Twitter Hard Drives Regulation Public Speaking Search Presentation Wi-Fi Printers Server Lithium-ion battery Windows 10 Hosted Solutions