BNMC Blog

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact BNMC today at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, May 29 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing User Tips Privacy Cloud Email Network Security Hosted Solutions Microsoft Software Hackers Computer Efficiency Business Malware Communication Data Google Small Business IT Services Workplace Tips IT Support Mobile Devices Tech Term Hardware Cloud Computing Internet Managed IT Services Data Recovery Backup Ransomware Innovation Users Smartphone Outsourced IT Upgrade Saving Money Mobile Device Windows Smartphones Android Miscellaneous Data Backup communications Business Continuity Disaster Recovery Microsoft Office Business Management Windows 10 VoIP Server Facebook Phishing Information Cybersecurity Social Media Office 365 Managed IT Services Network Browser Productivity Data Management Windows 10 Passwords Internet of Things Vulnerability Remote Monitoring App Gmail Gadgets Word Apps Artificial Intelligence Quick Tips Mobile Office Infrastructure Encryption Managed Service Chrome Networking Employer-Employee Relationship Virtual Reality Access Control Analytics VPN Applications Website Router BYOD Company Culture Money IT Support Tip of the week Settings Remote Workers Managed Service Provider Save Money Bandwidth Automation Content Filtering HIPAA YouTube BDR Education Apple Risk Management IT Management Data Security Paperless Office Storage Office Tips Government Virtual Private Network Computers Unified Threat Management Hacker Data storage Big Data Employee-Employer Relationship Display Collaboration Firewall WiFi Maintenance Avoiding Downtime Robot Information Technology Antivirus Development Google Drive Solid State Drive Mouse Software as a Service Break Fix Social Network Wireless End of Support Search Going Green Remote Computing Hard Disk Drive Mobile Security Printing Server Management Business Technology SaaS Password Touchscreen Business Intelligence iOS Wi-Fi Virtualization Laptop Managed IT Holiday The Internet of Things Tablet Data loss Telephone Systems Retail Alert Conferencing desktop Managed Services Augmented Reality Spam Computing Downtime MSP Outlook Two-factor Authentication Marketing Managing Stress Bring Your Own Device Operating System Social OneNote Monitors LiFi Managed IT Service Vendor Management Chromebook Hosted Solution Document Management Humor Data Breach Customer Relationship Management Scam Administration Best Practice Windows 7 IT Onboarding GDPR Time Management Printer Halloween Identity Continuity Managed Services Provider Websites Fraud Cost Management COVID-19 Smart Office Print Toner Myths Black Friday Screen Reader Charging Identity Theft Cryptocurrency Slack Hard Disk Drives Licensing Dongle IT solutions Content Huawei Servers Google Calendar Safety Wires Training Corporate Profile Google Docs Messaging Emergency Holidays Hacks Digital Signage Data Warehouse Network Management Scary Stories Solar G Suite Entertainment Vendor Dark Web Distribution Assessment Automobile Network Congestion Remote Work Running Cable Work Dell Google Wallet Shortcuts Mobile Management Cyber Monday Smart Tech Bitcoin Monitoring Solid State Drives Payment Card Cooperation Service Level Agreement Cabling Streaming Processor Legislation Buisness Voice over Internet Protocol WannaCry Business Growth Employee-Employer Relationships Google Maps Troubleshooting Business Analysis SharePoint Writing Sports Compliance Legal Hybrid Cloud Microsoft Excel Logistics Virtual Desktop Hotspot Internet Exlporer National Security Techology IT Technicians Optimization Unified Communications Drones Security Cameras Profiles Smart Technology Connectivity Windows 8 Spying Inventory Staff Leominster Human Error Memory Statistics Modem FinTech Analysis Students How To Lenovo Dark Data Update Mobile Device Management Virus Downloads Regulations Deep Learning Scalability Mail Merge Blockchain Asset Management Language Value Updates VoIP Unified Threat Management Mirgation Recycling Utility Computing Shortcut Distributed Denial of Service Politics IoT Digital Payment Shadow IT Cybercrime K-12 Schools Disaster Device Reducing Cost Bluetooth Comparison Work/Life Balance Cookies Digital Alt Codes Mixed Reality Firefox Superfish Customer Service Professional Services LED Threats Office Samsung Social Networking Migration Consulting Address Permissions Health Private Cloud Memes Computing Infrastructure PowerPoint User Error Chatbots eWaste Budget Laptops Patch Management Tech Support Star Wars Gamification Wearable Technology Network upgrade Uninterrupted Power Supply Mobility Batteries Specifications Nanotechnology Spyware Typing Alerts USB File Sharing Current Events Co-Managed IT Heating/Cooling Multi-Factor Security Social Engineering Motherboard Cables Computer Care IBM Twitter Physical Security Error Emoji Point of Sale Ben McDonald shares Upgrades Gadget Travel Crowdsourcing Personal Information Botnet Cortana 3D Printing Regulation Supercomputer CrashOverride Motion Sickness Staffing Processors Taxes Machine Learning Administrator Web Server what was your? Unsupported Software IT Budget GPS Printers IT Consultant Computer Repair Relocation Cameras Mobile Data Recovery Meetings How To Tracking Mobile Computing Cleaning Black Market CCTV Webcam Law Enforcement Financial Notifications Electronic Medical Records

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3