Bredy Network Management Corporation Blogs

2 minutes reading time (410 words)

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact BNMC today at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, June 25 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Malware Privacy Business Computing Hackers Internet Software Microsoft Google Business Hosted Solutions Ransomware Network Security Computer Smartphone Android IT Services Mobile Devices Windows Data Management Managed IT Services Backup Tech Term Windows 10 Cloud Computing Small Business Cybersecurity Internet of Things User Tips App Business Continuity Browser Innovation Hardware Data Recovery Encryption Server IT Support Data Artificial Intelligence Gmail Saving Money Remote Monitoring Business Management Disaster Recovery Word Outsourced IT Productivity Smartphones Productivity Windows 10 Office 365 Chrome Managed Service Provider Facebook Phishing Tip of the week Efficiency Data Backup Vulnerability Infrastructure IT Support IT Management Applications Robot Passwords Big Data Google Drive Communication Bandwidth Upgrade Settings Government Analytics communications Antivirus YouTube Managed IT Services Risk Management Data storage Social Media Money Office Tips Save Money Spam Computing Data Security Maintenance Outlook Firewall Business Technology Server Management WiFi LiFi The Internet of Things Automation Virtual Private Network Hosted Solution End of Support VoIP Virtual Reality Administration Content Filtering Mouse Employer-Employee Relationship Miscellaneous SaaS Mobile Device Paperless Office Apple Two-factor Authentication Holiday Avoiding Downtime Workplace Tips Storage Microsoft Office BYOD Scam Alert Data loss Unified Threat Management Network HIPAA Telephone Systems Website Mobile Security Vendor Management Monitors VPN Virtual Desktop Work Chromebook Alt Codes Cyber Monday Collaboration Sports Smart Tech Cooperation Service Level Agreement Bring Your Own Device Operating System Legislation Laptop Router Voice over Internet Protocol Social Engineering Uninterrupted Power Supply Hotspot Internet Exlporer Websites Budget Touchscreen SharePoint Document Management Spyware Compliance Business Intelligence Social Microsoft Excel Information Technology Quick Tips Techology Computer Care IBM IT Technicians Optimization Typing Humor Managed IT Smart Technology File Sharing Connectivity How To Lenovo Solid State Drive Staff Leominster Best Practice Statistics Tablet Wireless Modem Safety Current Events Downtime Language Value Downloads Identity Theft Cybercrime Regulations Company Culture Remote Computing Mail Merge Blockchain Apps VoIP Unified Threat Management Training Corporate Profile Mirgation Recycling Network Congestion Cryptocurrency Shortcut Distributed Denial of Service Marketing IoT IT solutions Going Green Firefox Superfish Hard Disk Drive Augmented Reality K-12 Schools Google Docs Bluetooth Comparison Automobile Gadgets Cookies Dell Computing Infrastructure Professional Services Wi-Fi Social Networking Managing Stress Writing Education Hacks Address Permissions Star Wars Google Wallet User Error WannaCry Chatbots eWaste Computers Bitcoin Patch Management Managed IT Service Cabling Printing Customer Relationship Management Wearable Technology Network upgrade Dark Data Business Growth Specifications Users Google Maps Halloween Nanotechnology Alerts USB Legal Heating/Cooling Multi-Factor Security Motherboard Cables Retail Password Fraud Cost Management Unified Communications Politics Drones Time Management Printer Identity Continuity Display Windows 8 Break Fix Networking Smart Office Customer Service Hacker Search Black Friday Scary Stories Screen Reader Emergency desktop Licensing Dongle Deep Learning Servers Google Calendar Digital Payment Running Cable Wires Office Samsung Disaster Buisness Assessment Tech Support Network Management Access Control Digital Solar Dark Web Law Enforcement Cleaning CCTV Electronic Medical Records Notifications Mobile Computing Webcam Physical Security Twitter Upgrades Gadget Emoji Error FinTech Crowdsourcing Point of Sale Ben McDonald shares Personal Information Botnet 3D Printing Cortana Travel G Suite Machine Learning Supercomputer CrashOverride Processors Unsupported Software Staffing Virtualization Motion Sickness Taxes Update Administrator Web Server what was your? Computer Repair Relocation IT Budget Mobile Data GPS How To Work/Life Balance IT Consultant Recovery Cameras Health Private Cloud BDR Mobile Device Management Tracking Black Market Meetings

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      What Our Clients Say

      • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
      • 1
      • 2
      • 3