Network Synergy Blog

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Network Synergy today at 203.261.2201.

Tip of the Week: Do You Know What Your Android Per...
Here’s Our Rundown on Blockchain Technology
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, October 20, 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab

QR-Code dieser Seite

Sign Up

  • First Name *
  • Last Name *

      Blog Categories

      Operating System Electronic Health Records Work/Life Balance Efficiency Network Security How To Fun Competition Settings Hacking Documents Alert SaaS Windows 10 Telephone Systems Tech Support Computer How To Logs IoT eBay Video Surveillance Printing Cryptocurrency Business Computing Processors Scheduling Phone System Wires IT Management Social Engineering Refrigeration Windows 8 Gaming Console Cloud Debate Computers 3D Printing Law Enforcement Mouse App Collaboration Applications Connectivity Managed IT Encryption Mirgation Congratulations Dark Web Upgrades Conferencing Food Machine Learning Superfish Saving Time Administrator Undo Point of Sale Operations Knowledge Data storage Internet Productivity Health Crowdsourcing Vulnerabilities Outlook Phishing Address Avoiding Downtime Domains Wireless Meetings Project Management MSP Cleaning Scary Stories Software Tips The Internet of Things Multi-Factor Security Unified Communications Buisness Intranet Skype Risk Management Hosted Solution Personal Information Information Monitoring Productivity Proactive IT eWaste Tutorials Nanotechnology Android Server Management Trainging Cooperation Webinar Taxes Upgrade Lenovo IP Address Unsupported Software Cyberattacks Access Control Google Calendar User Error Vulnerability Hard Disk Drive Permissions USB Office 365 IT service Analyitcs Google Drive Botnet CrashOverride Supercomputer Google Corporate Profile Comparison Cookies IT Services HIPAA Piracy Business Smart Technology Virus Antivirus Word Websites Spam IBM Cybersecurity Streaming Media IT budget Identity Utility Computing Wi-Fi History Writing Identities Battery Value Email Save Money Training Enterprise Content Management Programming Data Unified Threat Management Office Tips Public Cloud Humor Emoji 3D People Break Fix LiFi Smartphones Employee-Employer Relationship BDR Read Only User Tips Tech Term Memory BYOD File Sharing Technology Tips Content Filtering Experience Relocation Outsourced IT Business Continuity Mobile Device Management Telephony Virtual Private Network Business Owner Digital Payment Password Inbound Marketing Regulation Mobility Hard Drive Marketing Cloud Computing Artificial Intelligence Cameras Managed IT Services Social Networking Consultation Leadership Managed Service Provider Thank You Net Neutrality Black Market Instant Messaging Robot Patch Management Start Menu Vendor Management Spyware Windows 10 Time Management Sync Specifications Innovation Best Available Black Friday VoIP Software as a Service Remote Support Notifications Managed IT services Data Recovery Automobile Document Management Managed IT Service Motherboard Social Computer Repair Microsoft Office Data Backup Printer Cache Computer Accessories Tip of the week Mail Merge Crowdfunding Fax Server Cybercrime Finance WPA3 Customer Service Chatbots G Suite Microsoft Managing Stress Files Management Remote Monitoring Hiring/Firing Data Breach Apple Staff Scam Consumers Disaster Help Desk Samsung IT Support Two-factor Authentication Business Intelligence Disaster Recovery Education Identity Theft Money Technology Uninterrupted Power Supply Development Features Text Messaging Sports Social Media User Entrepreneur Ransomware YouTube Laptop Computer Care Holiday Hacks Communication Bookmarks Company Culture Private Cloud Mobile Office LinkedIn IT Solutions Modem Network Congestion Bring Your Own Device Compliance Facebook PC Care Smart Tech Alerts Legal Firewall Chromebook Heating/Cooling Mobile Language iPhone Work Station IT Consultant WiFi Enterprise Resource Planning Passwords Distributed Denial of Service Bluetooth Disaster Resistance Malware Wireless Technology Legislation Bitcoin Bandwidth Migration Mobile Data Server Budget High-Speed Internet Geography Gadgets Law Firm IT Safety Gmail Google Wallet Favorites Storage Mobile Security Printers CCTV Monitors Excel Alt Codes Data Management Customer Relationship Management Google Analytics Presentation Shortcut PowerPoint Apps OneNote Downloads Chrome Small Business Big Data Hacker Mobile Device Application Automation Browser Business Management Wearable Technology Retail Data Loss Error Hardware Public Speaking Tip of the Week Halloween Blockchain CIO Tracking Motion sickness Backups SharePoint Recovery Network Management Office Cabling Assessment Charger Data Warehousing Asset Tracking GPS Computing Infrastructure Managed Services Provider Cables Miscellaneous Administration Remote Workers Internet Exlporer Government IT Support Fraud Servers communications Redundancy Mobile Computing Workplace Tips Remote Monitoring and Management Business Growth Tip of the Work Gadget Star Wars Cost Management Microsoft Excel Running Cable Virtualization Maintenance Technology Laws Network Service-based Business Current Events Secruity Drones Webcam Twitter 5G Virtual Reality Mobile Devices Flexibility Lithium-ion Battery Computing Infrastructure Save Time Travel Solid State Drive Software Web Server Downtime Privacy Tablet Proactive Website Touchscreen Augmented Reality Remote Computing Regulations Hackers Trending Deep Learning Hard Drives Best Practice Hotspot Typing Search Quick Tips Politics Windows 8.1 Update Internet of Things Business Technology Unified Threat Management Firefox Staffing Digital Signature Recycling Networking Paperless Office Hosted Solutions VPN Data Security Print Server Best Practices Virtual Desktop Employer-Employee Relationship Cyber Monday Statistics Online Currency Fleet Tracking Google Docs Saving Money Security Backup E-Commerce Electronic Medical Records Screen Reader Consulting IT Technicians Troubleshooting Macro Co-managed IT End of Support Managed Service Going Green Google Maps Healthcare Cortana Display Mobile Technology Licensing Router Digital Physical Security Windows Users Information Technology Smartphone Environment IT Consulting PDF Techology

      Latest Blogs

      The cloud is such an important part of today’s business environment that most organizations use it to some extent, even if it’s just for basic storage needs. However, the cloud nee...

      Latest News

      Our Site Has Launched!

      flag

      Welcome to Our New Site!
      We are proud to announce the unveiling of our new website at Network Synergy!

      Read more ...

      Contact Us

      Learn more about what Network Synergy can do for your business.

      callphone

      Call us today    203.261.2201

      Fax Number :    203-261-2935

      126 Monroe Turnpike
      Trumbull, Connecticut 06611

      facebook twitter linkedin #youtube