Network Synergy Blog

Network Synergy has been serving the Trumbull area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Network Synergy today at 203.261.2201.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 20 February 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab

QR-Code dieser Seite

Sign Up

  • First Name *
  • Last Name *

      Blog Categories

      Virus CrashOverride Administrator Crowdfunding Save Time IT Services Cloud Refrigeration Scheduling Congratulations Domains Nanotechnology Router Alt Codes Gadgets Service-based Business Analyitcs Tip of the Week Alert Infrastructure Trending LiFi Environment Hard Drives Regulations Printer Halloween Chrome Spyware Drones Windows 10 Redundancy Safety Retail SaaS Streaming Media Mirgation Machine Learning Avoiding Downtime End of Support Cryptocurrency Cybercrime Cybersecurity Windows 10 Data storage Remote Monitoring Managed IT iPhone communications Augmented Reality Intranet Virtual Desktop Social Networking Security Business Growth Two-factor Authentication Recycling Money Innovation Printing Digital Files Deep Learning Cooperation Hacking Heating/Cooling Superfish Excel Apps Flexibility Unified Threat Management Business Continuity Solid State Drive Typing Server Hard Disk Drive Staff Documents Statistics Blockchain Start Menu IT Solutions Buisness Scam Productivity Saving Time Spam eWaste Password Cortana Marketing Piracy Experience CCTV Work Station Managed Service Provider Technology Laws Processors Cleaning Shortcut Samsung People Video Surveillance Unified Communications Text Messaging Webinar Small Business Point of Sale Efficiency Uninterrupted Power Supply Lenovo Gaming Console HIPAA Privacy Fraud Risk Management Artificial Intelligence eBay Search Law Firm IT Customer Relationship Management Windows 8 Multi-Factor Security Mobile Data Disaster Data Backup SharePoint Data Recovery Access Control Operations Save Money Computer Accessories Skype Workplace Tips Technology Relocation Ransomware Troubleshooting Telephone Systems Apple Backups Data Management User Error USB Memory Smartphones Travel G Suite 3D Printing Encryption Social Secruity Networking Unified Threat Management Address Lithium-ion Battery Notifications Legal Sports Office 365 Computing Infrastructure Best Practice Tutorials Disaster Recovery Downloads Public Speaking Consumers Hiring/Firing VPN Outlook PDF Botnet Content Filtering Laptop Conferencing Mail Merge Corporate Profile Phone System Business Management Telephony Vulnerability Cyber Monday Mobile Office Tracking YouTube Backup User Crowdsourcing Assessment Wi-Fi Alerts Mouse Proactive IT Specifications Android Help Desk Network Software Tips Website Business Computing Mobility Hacks CIO LinkedIn WiFi Smart Technology Mobile Security Electronic Medical Records Current Events Logs Technology Tips IT budget Trainging Upgrade Going Green Hosted Solution Charger Google Analytics Applications Patch Management Online Currency Webcam Hacker Programming Virtualization Web Server File Sharing Email Business Owner Facebook Computer Windows 8.1 Update Consultation Personal Information Network Management Managed IT Service Business Intelligence Collaboration Computing Data Warehousing Business Technology Internet Firefox BDR Time Management IT Support Co-managed IT Touchscreen Compliance Competition Microsoft App Bitcoin Servers Google Calendar Malware Employer-Employee Relationship Techology Google Drive Big Data Emoji Cabling Law Enforcement Thank You Net Neutrality Fax Server Computers Data Break Fix Computer Repair Office Tips IT Consultant Passwords Health Physical Security Leadership Training Undo Government Hardware Microsoft Office Document Management Software Upgrades Phishing Network Congestion IP Address Comparison Knowledge Paperless Office Monitors Best Available Cameras Politics Staffing Tip of the week IT Support Mobile Technology Productivity Network Security Debate BYOD Inbound Marketing Managed IT services Legislation Data Breach Tech Support Administration Virtual Reality Bring Your Own Device Social Engineering Humor VoIP Office Presentation Motion sickness Remote Computing Managed IT Services Scary Stories Hackers IBM Mobile Computing Remote Support Browser Virtual Private Network IT Management Google Digital Signature Tablet Antivirus PowerPoint Maintenance Work/Life Balance Customer Service Public Cloud Software as a Service Education Windows Project Management Identities Vendor Management Data Loss Gadget Identity Theft Google Maps Websites Robot Distributed Denial of Service Social Media Supercomputer Permissions Value Bandwidth Mobile Device Quick Tips PC Care Best Practices Food Gmail History Microsoft Excel Business Downtime Hosted Solutions Smartphone Google Docs Writing The Internet of Things Fun Language How To Budget Chromebook IT Technicians Automation Dark Web Tip of the Work Server Management Internet Exlporer Wearable Technology Operating System Taxes Digital Payment Entrepreneur Application Cloud Computing Running Cable Unsupported Software 5G Information Technology Print Server Black Market GPS Google Wallet Internet of Things 3D Macro User Tips Sync Bluetooth Company Culture Licensing Mobile Devices Meetings Miscellaneous Black Friday Battery Holiday Wireless Display Word Data Security Recovery Hotspot Settings Private Cloud Automobile Firewall Saving Money IT Consulting IT service Disaster Resistance Cost Management Error Users Communication Mobile Device Management Outsourced IT Wireless Technology Twitter Computer Care

      Latest Blogs

      For the modern business owner or executive, making smart business decisions has become a necessity. Margins are small, efficiency is key, and if we were to be completely honest, bu...

      Latest News

      Our Site Has Launched!

      flag

      Welcome to Our New Site!
      We are proud to announce the unveiling of our new website at Network Synergy!

      Read more ...

      Contact Us

      Learn more about what Network Synergy can do for your business.

      callphone

      Call us today    203.261.2201

      Fax Number :    203-261-2935

      126 Monroe Turnpike
      Trumbull, Connecticut 06611

      facebook twitter linkedin #youtube