Network Technologies of Kansas Blog

Network Technologies of Kansas has been serving the Topeka area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Network Technologies of Kansas today at 785-409-6286.

Comments

 
No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 24 June 2018

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Best Practices Internet Technology Privacy Email Hackers Cloud Malware Software Business Computing Microsoft Google Computer Productivity Hosted Solutions Business Upgrade Hardware Network Security Backup User Tips Small Business Social Media Bandwidth Smartphone Ransomware Gmail The Internet of Things Efficiency Mobile Devices Operating System IT Support Workplace Tips Windows Innovation Apple Content Filtering Best Practice Money Safety Website Communication Quick Tips Apps Windows 10 BDR Passwords Data storage Android Hacking Microsoft Office Data Saving Money Big Data Disaster Recovery Two-factor Authentication Business Continuity Mobile Device Management Facebook Smartphones Networking Outlook Holiday Retail Tech Support SaaS Network Drones Automation Firewall Unified Communications Running Cable Downtime Managed IT services Lithium-ion battery Printer Gadgets Alert Customer Service Deep Learning Documents Bluetooth Document Management YouTube Wireless Technology Law Enforcement App Office Phishing Memory Streaming Media Education Network Congestion Vendor Management Domains Save Money Sports Search Proactive IT Data Management Analytics LiFi Monitors Cryptocurrency Internet of Things Data Recovery Cybercrime Music Mobile Computing Visible Light Communication Google Docs Securty Displays Cleaning Compliance Advertising Experience History BYOD Browser Black Market Spam IP Address Information Technology Office Tips End of Support Office 365 Encryption Business Growth Windows XP Micrsooft Artificial Intelligence Disaster Laptop Writing Society Google Wallet Hacker Robot Augmented Reality Social Recovery Windows 8 Virtual Desktop WiFi Hosted Solution Remote Computing communications

Blog Archive

Newsletter Sign Up

  • First Name *
  • Last Name *