Bredy Network Management Corporation Blogs

BNMC has been serving the Andover area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact BNMC today at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 16 January 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Best Practices Cloud Privacy Email Malware Hackers Internet Business Computing Hosted Solutions Microsoft IT Services Business Ransomware Software Android Computer Smartphone Windows Google Network Security Backup Small Business Windows 10 App Hardware Business Continuity Data Management Browser Innovation Data Internet of Things User Tips Cloud Computing Saving Money Artificial Intelligence Encryption Productivity Data Recovery Outsourced IT Phishing Mobile Devices IT Support Tip of the week Office 365 Remote Monitoring Smartphones Managed IT Services Word Data storage Money Productivity Efficiency Cybersecurity Risk Management IT Support Settings Windows 10 Robot Gmail Office Tips Google Drive Vulnerability Upgrade Big Data Facebook Managed Service Provider Microsoft Office Virtual Private Network Administration Content Filtering Outlook Employer-Employee Relationship Analytics Monitors Save Money Automation Antivirus Government Data Backup Network Mouse Miscellaneous Unified Threat Management Managed IT Services Apple SaaS Chrome Server Maintenance Hosted Solution Bandwidth Workplace Tips YouTube Computing Social Media communications Two-factor Authentication Mobile Device Scam End of Support Disaster Recovery Holiday Passwords Telephone Systems Business Management Alert IT Management LiFi Firewall Samsung Microsoft Excel Drones Quick Tips Hacker Spyware Techology Tablet Display Statistics File Sharing Blockchain Solid State Drive Mail Merge IT solutions VoIP Alt Codes Websites Unified Threat Management Comparison Bluetooth Permissions Hard Disk Drive Address Budget Running Cable Humor Avoiding Downtime Buisness Typing User Error Specifications Cabling Virtual Desktop Current Events Laptop Fraud Printer Deep Learning Time Management Cryptocurrency Virtual Reality How To Black Friday Communication Infrastructure Search Going Green BYOD Mobile Security Emergency Spam Access Control Bring Your Own Device Storage Digital Payment Network Management Downtime Bitcoin Firefox Cyber Monday Writing Disaster Printing Gadgets Hotspot Business Technology Legal SharePoint Dark Data Touchscreen Windows 8 Smart Technology Retail Uninterrupted Power Supply Managed IT Halloween Users Language IBM Lenovo Apps Computer Care Downloads Customer Service Wireless Distributed Denial of Service Office Shortcut Education Scary Stories Computing Infrastructure Vendor Management Corporate Profile Superfish Operating System Training Website Social Automobile Managed IT Service Social Engineering Dell Patch Management Information Technology Customer Relationship Management Sports Best Practice Alerts WannaCry Unified Communications Multi-Factor Security Google Maps Heating/Cooling Break Fix Safety The Internet of Things Google Docs Data loss Networking Google Calendar Network Congestion Servers Hacks VoIP Dark Web desktop VPN WiFi Google Wallet Cybercrime Business Growth Politics Marketing Wi-Fi Digital Data Security Legislation Computers Server Management Password Collaboration CCTV Document Management Tech Support Computer Repair Mobile Device Management Notifications How To Identity Theft Health Black Market Mobile Computing Travel Crowdsourcing G Suite Supercomputer Botnet Electronic Medical Records CrashOverride Twitter Motion Sickness Upgrades Taxes IT Budget Machine Learning Remote Computing 3D Printing IT Consultant Relocation Meetings Work/Life Balance Unsupported Software Cleaning Private Cloud Update Webcam Law Enforcement Mobile Data Error Recovery Ben McDonald shares Point of Sale Gadget Chromebook Paperless Office Staffing Physical Security Emoji Administrator Processors what was your? Web Server GPS Licensing Personal Information Cortana Cameras Tracking Virtualization

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      What Our Clients Say

      • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
      • 1
      • 2
      • 3