Bredy Network Management Corporation Blogs

BNMC has been serving the Andover area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact BNMC today at 978-482-2020.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 March 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Privacy Malware Hackers Software Business Computing Internet Ransomware Microsoft Hosted Solutions Android IT Services Network Security Business Google Mobile Devices Computer Backup Smartphone Windows Windows 10 Innovation Data Management Small Business Business Continuity Cloud Computing Browser Internet of Things App Artificial Intelligence Hardware Encryption Data Server Phishing User Tips Business Management Gmail Smartphones Data Recovery Managed Service Provider Efficiency IT Support Saving Money Outsourced IT Tip of the week Remote Monitoring Productivity Managed IT Services Office 365 Data storage Money Word Office Tips Antivirus Productivity Cybersecurity Big Data Communication IT Support Facebook Infrastructure Windows 10 Risk Management Robot Google Drive Upgrade Vulnerability Chrome IT Management Settings Microsoft Office Virtual Private Network Bandwidth Workplace Tips Holiday Data loss Telephone Systems Alert YouTube Outlook communications Firewall Monitors Social Media Save Money Automation Disaster Recovery Mouse Data Backup Employer-Employee Relationship Virtual Reality Miscellaneous HIPAA Passwords Apple Mobile Security SaaS Storage LiFi Government Business Technology Administration Content Filtering Unified Threat Management BYOD Managed IT Services Computing Analytics Maintenance Two-factor Authentication Scam Network End of Support Mobile Device VPN Data Security Hosted Solution Server Management Drones Microsoft Excel Quick Tips Staff Hacker Techology Tablet Apps Statistics Halloween Display Users Regulations Blockchain desktop Mail Merge Education VoIP Politics Augmented Reality Alt Codes Digital Unified Threat Management Comparison Bluetooth Scary Stories Collaboration Samsung Budget Permissions Address Website Document Management Avoiding Downtime Tech Support Humor Wearable Technology Typing Spyware User Error Current Events Specifications Unified Communications Sports File Sharing Fraud Solid State Drive Printer Identity Theft Time Management The Internet of Things Websites Cryptocurrency Going Green Black Friday Search Remote Computing VoIP Hard Disk Drive Emergency Access Control WiFi Network Management Cybercrime Applications Bitcoin Printing Cyber Monday Cabling Writing Marketing Legal Hotspot How To SharePoint Touchscreen Dark Data IT Technicians Windows 8 Smart Technology Managed IT Retail Language Lenovo Firefox Downloads IT solutions Digital Payment Customer Service Mirgation Distributed Denial of Service Disaster Shortcut Office Vendor Management Operating System Computing Infrastructure Superfish Running Cable Chatbots Social Information Technology Managed IT Service Uninterrupted Power Supply Patch Management Buisness Social Engineering Virtual Desktop Computer Care Customer Relationship Management Alerts Best Practice IBM Multi-Factor Security Wireless Heating/Cooling Laptop Identity Break Fix Deep Learning Safety Training Google Docs Licensing Corporate Profile Networking Google Calendar Spam Servers Automobile Network Congestion Tech Term Hacks Google Wallet Dark Web Bring Your Own Device Dell Downtime Paperless Office Wi-Fi Cooperation Business Growth WannaCry Password Legislation Google Maps Computers Gadgets Compliance Processors what was your? Web Server GPS Computer Repair Mobile Device Management How To Cameras Tracking Health Mobile Computing Black Market CCTV Electronic Medical Records Twitter Upgrades Notifications Travel G Suite 3D Printing Crowdsourcing CrashOverride Supercomputer Botnet Motion Sickness Taxes Unsupported Software IT Budget Update Machine Learning IT Consultant Mobile Data Recovery Relocation Meetings Cleaning Work/Life Balance Chromebook Private Cloud Webcam Physical Security Law Enforcement Emoji Error Ben McDonald shares Point of Sale Personal Information Gadget Cortana Staffing Virtualization Administrator

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      What Our Clients Say

      • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
      • 1
      • 2
      • 3