BNMC Blog

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact BNMC today at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, December 17 2018

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Privacy Malware Hackers Business Computing User Tips Business Network Security Software Computer Tech Term Internet Microsoft Google IT Services Hosted Solutions Efficiency Ransomware Mobile Devices Communication IT Support Smartphone Small Business Android Managed IT Services Backup Data Productivity Innovation Internet of Things Data Management Managed IT Services Saving Money Data Recovery Business Continuity Hardware Windows 10 Cloud Computing Windows Browser Workplace Tips Data Backup Business Management Microsoft Office App Cybersecurity Productivity Mobile Device Facebook Server Office 365 Remote Monitoring Upgrade Outsourced IT Word Disaster Recovery Artificial Intelligence Gmail Encryption Windows 10 Passwords Money IT Support Tip of the week Chrome Managed Service Provider Phishing Infrastructure Vulnerability BYOD Website Analytics Applications communications Network Employer-Employee Relationship Smartphones Settings Antivirus Government Google Drive Users Content Filtering Bandwidth YouTube Miscellaneous Risk Management Social Media Maintenance IT Management Office Tips Managed Service Save Money Robot Data storage Big Data VoIP Company Culture Information End of Support Two-factor Authentication Outlook Paperless Office Virtual Reality Spam Computing Avoiding Downtime Operating System Managing Stress WiFi LiFi Scam Development SaaS Hosted Solution Unified Threat Management Administration Data loss Mouse Telephone Systems Holiday HIPAA desktop Access Control Alert VPN Data Security Display Apple Firewall Education Mobile Security Server Management Storage Business Technology Touchscreen Virtual Private Network Printing Quick Tips Monitors Employee-Employer Relationship Business Intelligence Laptop Vendor Management Wireless The Internet of Things Automation Automobile Mirgation Recycling Cybercrime Bluetooth Comparison Mobility IoT Hard Disk Drive Firefox Downtime Superfish Safety Alt Codes Co-Managed IT Cookies Dell MSP Marketing Address Permissions Augmented Reality K-12 Schools User Error Remote Computing Bring Your Own Device Onboarding Social Networking Cabling Gadgets Patch Management Managed IT Service Computing Infrastructure Professional Services WannaCry Slack Budget Chatbots Google Maps eWaste Specifications Social Print Toner Star Wars Customer Relationship Management Network Congestion Wearable Technology Network upgrade Heating/Cooling Multi-Factor Security Typing Content Humor Nanotechnology Information Technology Time Management Printer Writing Best Practice Digital Signage Motherboard Cables Halloween Break Fix Wi-Fi Current Events Alerts USB Computers Monitoring Identity Continuity Search Black Friday Fraud Cost Management Networking Digital Payment Smart Office Servers Google Calendar Cryptocurrency Streaming Screen Reader Charging Emergency Dark Data Update Apps Network Management Retail Troubleshooting Google Docs Disaster Wires Scary Stories Dark Web IT solutions Going Green Licensing Dongle Digital Spying Collaboration Solar Running Cable Cyber Monday Politics Hacks Assessment Work Legislation Bitcoin Human Error Smart Tech Buisness Customer Service Analysis Google Wallet Virtual Desktop SharePoint Office Samsung Business Growth Router Uninterrupted Power Supply Voice over Internet Protocol Sports Microsoft Excel Cooperation Document Management Service Level Agreement Spyware Techology Legal File Sharing Compliance Managed IT Smart Technology Tech Support Password Hotspot Computer Care Internet Exlporer IBM Drones IT Technicians Optimization Statistics Tablet Windows 8 Device Connectivity Solid State Drive How To Lenovo Chromebook Unified Communications Downloads Social Engineering Hacker LED Modem FinTech Mail Merge Blockchain Staff Identity Theft Leominster VoIP Unified Threat Management Deep Learning PowerPoint Regulations Shortcut Distributed Denial of Service Websites Mobile Device Management Language Training Value Corporate Profile Upgrades Gadget G Suite Emoji CrashOverride Crowdsourcing Supercomputer Motion Sickness Personal Information Botnet Mobile Computing Staffing Cortana Administrator 3D Printing Taxes IT Budget Web Server what was your? Processors Machine Learning GPS Virtualization Unsupported Software IT Consultant Cameras Meetings BDR Computer Repair Relocation Tracking Mobile Data Cleaning How To Work/Life Balance CCTV Regulation Recovery Printers Webcam Health Private Cloud Black Market Error Law Enforcement Notifications Point of Sale Ben McDonald shares Electronic Medical Records Twitter Travel Physical Security

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3