Get Started Today!  217-475-0226

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Decatur Computers Inc. today at 217-475-0226.

ALERT: Your Business’ Infrastructure May Be Suscep...
Tip of the Week: Don’t Let Your Old Android Device...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, September 22 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Network Security Tech Term Hackers Business Computing Software IT Support Data Recovery Malware User Tips Android Business Management Cybersecurity Data Google Email Data Backup Backup Internet Computer Small Business Smartphone Managed IT Services Efficiency Innovation Ransomware Cloud Communications Business Technology Collaboration Windows 10 IT Services Productivity Artificial Intelligence IT Management Mobile Device Management Business Hardware BDR Phishing Cybercrime Communication Cost Management Two-factor Authentication Hard Drive Managed IT Services Update Saving Money Microsoft Office Antivirus Social Media Outsourced IT Patch Management App Data Security Mobile Device Passwords Applications Maintenance Blockchain Browser Encryption Gadgets Network Facebook Access Control SaaS Conferencing Data Management Business Continuity Document Management Data loss Hacking Disaster Recovery Holiday Money Search Spam VPN Vendor Save Money Information Scam Word Vulnerabilities Alert Touchscreen Digital Data Breach Data Protection Bitcoin Operating System Microsoft Cloud Computing Windows Automation Bandwidth Social Engineering Law Enforcement Smartphones Apps Start Menu Laptop Websites Remote Monitoring Tech Terms Gmail Server Project Management Internet of Things Managed Service Office 365 Electronic Medical Records Legal Business Cards Virtualization Cabling Analytics Content SharePoint Wireless Paperless Office Corporate Profile Time Management Employer-Employee Relationship Download Managed Service Provider Specifications Identity Theft Error eWaste Tip of the week Training Consultant How to Addiction Outlook Information Technology Computers Password Miscellaneous Google Maps Virtual Assistant Microsoft Excel Unsupported Software Health IT Downloads Apple BYOD Disaster Distributed Denial of Service Multi-factor Authentication Database Equifax Upload Emergency Television Desktop Chromebook Uninterrupted Power Supply Google Drive Telephone Robot Virus Machine Learning Google Docs Mobile Technology Nanotechnology Cryptocurrency Devices Unified Threat Management VoIp Downtime Emails Worker Big Data Freedom of Information Device security Tactics Social Network Unified Communications Cortana Startup Trends Vulnerability Mouse Backup and Disaster Recovery Telephony YouTube Network Management Redundancy Budget Augmented Reality Samsung Vendor Mangement Monitoring Audit Hard Drive Disposal Compliance Upgrades Sports Mobility Piracy Bluetooth Travel Knowledge News Website Unified Threat Management Customer Resource management Printing Computing Infrastructure Access Gamification DDoS History VoIP Settings Service Level Agreement Virtual Reality Screen Reader Business Mangement Management email scam Regulations Managed IT Software License Wireless Headphones Username Fake News Telephone System Government Networking Automobile Legislation Hosted Solutions Running Cable Spyware Mobile Security WiFi Printer IBM Administration Going Green Comparison Company Culture Solid State Drive Computing Computer Care Mobile Devices Excel Accountants Telephone Systems Tablet Software as a Service User Tip Google Calendar IT Support Cleaning HTML Best Practice CrashOverride Users Printers Office Tips Proxy Server Regulation Multi-Factor Security Twitter Windows 10 Quick Tips Managing Stress Marketing Office

Latest Blog

You know just how essential your company’s IT is, but do you have any idea how your employees feel about the technology you provide them? In order to get the productivity your company needs out of your staff, meeting their computing needs becomes a fundamental requirement. T...

Latest News

Decatur Computers Inc. is proud to announce the launch of our new website at http://www.decaturcomputers.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.