Network Synergy Blog

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Network Synergy today at 203.261.2201.

Tip of the Week: Do You Know What Your Android Per...
Here’s Our Rundown on Blockchain Technology
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, August 19, 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab

QR-Code dieser Seite

Sign Up

  • First Name *
  • Last Name *

      Blog Categories

      Gadgets IT Management Running Cable Meetings Fax Server Customer Relationship Management Cabling Malware Assessment Windows 8 Star Wars Cables Google Wallet Apps Crowdfunding Bring Your Own Device Google Drive GPS Supercomputer Smartphone Software as a Service Spyware Managed IT Service LinkedIn Avoiding Downtime Hard Disk Drive High-Speed Internet Monitors IT Solutions Alert Tip of the Work BDR Tip of the week Maintenance Sports Inbound Marketing Utility Computing SharePoint Logs Public Cloud Consultation Cyber Monday IT Services Personal Information Corporate Profile Retail Data Security Unified Threat Management Data storage Chatbots IT budget Virtual Desktop Licensing Samsung Training Lenovo Tablet Cybercrime Compliance Notifications Regulation Windows 10 Microsoft Office Encryption Phishing Users VoIP Computing Infrastructure Physical Security Identity Video Surveillance Touchscreen Smart Technology Facebook Mobile Device Management Work Station Tutorials IT Technicians Consumers Hard Drives Saving Time communications 3D Printing Big Data Downtime Computer Accessories Microsoft Excel Data Management Access Control Information Staffing Virtual Private Network Thank You Point of Sale Content Filtering Botnet Superfish Net Neutrality Recovery Firewall Managed IT Services Relocation Server Intranet Company Culture Business Intelligence Enterprise Resource Planning Charger Tip of the Week Work/Life Balance Online Currency Mobile Device Hacker Proactive IT Start Menu Taxes Migration Chromebook Healthcare Save Time People Connectivity CCTV Hard Drive Management Text Messaging Privacy Specifications Leadership Crowdsourcing Passwords Upgrades Laptop SaaS Employer-Employee Relationship Network Congestion Solid State Drive Vulnerabilities Workplace Tips Technology Tips Battery IT Consulting Security Productivity Value Outsourced IT Mouse Hacks Phone System Geography Cloud Server Management Wireless Bluetooth Government Address Upgrade Printing Excel Skype Competition Gaming Console Drones App Efficiency How To Entrepreneur Remote Monitoring End of Support Application Regulations Outlook User Collaboration Social Scary Stories Artificial Intelligence Printer Innovation Programming Administrator Backups Bitcoin Heating/Cooling Asset Tracking Mobile Computing Robot Data Current Events IT Consultant Smart Tech Unified Communications Project Management Disaster Recovery Blockchain Social Networking Email 5G PC Care Co-managed IT Vendor Management Knowledge Law Enforcement Multi-Factor Security Secruity Time Management Google Calendar Google Analytics Website Browser Files Politics Virtualization Public Speaking Unified Threat Management Digital Payment Memory Google Maps Internet Lithium-ion Battery IoT Distributed Denial of Service Help Desk Microsoft Writing Business Growth BYOD Websites Computer CrashOverride iPhone Telephone Systems Nanotechnology How To Scam Password Best Available Debate Best Practice Saving Money Google Hiring/Firing Fleet Tracking Chrome Halloween Alt Codes USB eWaste Macro Mobile Humor Administration Virtual Reality Android Enterprise Content Management Computer Care Employee-Employer Relationship HIPAA Techology Shortcut Proactive Business Computing Mobile Security Tech Support Office 365 User Tips Congratulations Cameras Domains Cybersecurity Social Engineering Budget Fraud Data Backup Development Best Practices Monitoring Bandwidth Webinar Recycling Spam Gmail Disaster Cost Management Servers Hackers CIO Hardware Refrigeration Windows 8.1 Update Wires Network Trainging Emoji Streaming Media PDF WPA3 Legal Piracy Business Technology Language Remote Support Scheduling Hacking Settings Education Internet of Things Analyitcs Holiday Money Digital Mobile Data Alerts Cookies File Sharing Search Technology Laws Tech Term Vulnerability Backup Presentation Remote Monitoring and Management Networking Identity Theft Troubleshooting IT service Operating System Managing Stress Data Loss The Internet of Things Disaster Resistance IBM Documents Business Continuity Miscellaneous Law Firm IT Operations Environment Break Fix Identities YouTube Smartphones MSP IT Support Experience Black Market Business Processors Computing Typing Save Money Motion sickness G Suite Marketing Hosted Solution Communication Uninterrupted Power Supply Software Display Cryptocurrency Unsupported Software Remote Computing Wi-Fi Small Business Black Friday Applications Print Server Data Breach Deep Learning Patch Management Mirgation LiFi WiFi Network Management IP Address Mobile Devices Mobile Technology IT Support Mobility Business Owner Cache OneNote Travel Webcam Storage Virus Twitter Food Wearable Technology Infrastructure Motherboard Antivirus Data Warehousing Downloads Tracking VPN Wireless Technology Managed IT Managed Service Computers Machine Learning Two-factor Authentication Safety Error Firefox Cleaning User Error Windows Automation Legislation Technology Router Permissions History Going Green Productivity Flexibility Windows 10 Computer Repair Remote Workers Telephony Fun Trending Hosted Solutions Undo Redundancy Mail Merge Dark Web Digital Signature Information Technology Comparison Customer Service Document Management Modem Conferencing Electronic Medical Records Augmented Reality Buisness Managed IT services Managed Service Provider Internet Exlporer Cooperation Network Security Google Docs Cortana Quick Tips Service-based Business Risk Management Mobile Office Automobile Apple Staff Office Word Paperless Office Business Management Cloud Computing Screen Reader Hotspot Health 3D Web Server Gadget PowerPoint Software Tips Social Media eBay Statistics Ransomware Office Tips Sync Private Cloud Data Recovery

      Latest Blogs

      Every business has some sort of management tasks that requires foresight, and staying up on them can keep headache-inducing situations from constantly causing downtime and costing ...

      Latest News

      Our Site Has Launched!

      flag

      Welcome to Our New Site!
      We are proud to announce the unveiling of our new website at Network Synergy!

      Read more ...

      Contact Us

      Learn more about what Network Synergy can do for your business.

      callphone

      Call us today    203.261.2201

      Fax Number :    203-261-2935

      126 Monroe Turnpike
      Trumbull, Connecticut 06611

      facebook twitter linkedin #youtube