RCS Professional Services Blog

RCS Professional Services has been serving the New York area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to RCS Professional Services today at 212.532.9111.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 18 September 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Upcoming Events

No events

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Best Practices Technology microsoft Privacy Internet Software Tip of the Week Business Management Tip of the Week workplace tips Small Business Backup Email gadgets Hackers Mobile Office Cloud Managed Service Provider Saving Money hardware Productivity Quick Tips Google Malware Data Business COmputing Social Media Business Microsoft Office Smartphones User Tips Mobile Devices Computer Users Android Efficiency Hosted Solutions IT Services Innovation Passwords Virtualization Network Security Business Continuity Upgrade Windows WiFi IT Support Communication Miscellaneous Smartphone Operating System VoIP Holiday Disaster Recovery Apple Network Tech Term Mobile Computing Server Unified Threat Management Facebook Marketing The Internet of Things Analytics Alert Ransomware Mobile Device Management Remote Computing Windows 8 Apps Gmail Antivirus Windows 10 IT Support Data Recovery Cybersecurity Productivity IT Consultant Outlook Content Filtering communications History Data Backup Office Data Management Hacking Collaboration Phishing Remote Monitoring Health Browser Money Excel Vendor Management Artificial Intelligence Employer-Employee Relationship Big data Virus Going Green Search Maintenance Lithium-ion Battery Managed IT Services App Printer PowerPoint Applications Business Intelligence Tutorials Firewall Bandwidth Cybercrime Current Events Internet of Things Mobile Device Windows 10 Laptop BYOD Website Humor eWaste Comparison Bluetooth Chrome Wireless Technology Update Social Networking VPN Office 365 Tech Support Cost Management Augmented Reality Spam Proactive IT Automation Hard Drives Word iPhone Managed IT Services Touchscreen BDR Downtime Avoiding Downtime Company Culture Best Practice Networking Save Money Data Security Retail Pain Points Inbound Marketing Education Patch Management Experience YouTube Unified Communications Computer Accessories Bitcoin Law Enforcement Tablet Information Cryptocurrency Gaming Console Mouse Blockchain Desktop Two-factor Authentication Hiring/Firing Customer Relationship Management Project Management Disaster Cleaning User IT Management Data Breach Data storage Social Save Time Help Desk Sports Safety Google Docs Specifications Vulnerability Lifestyle SaaS Document Management DDoS Government Business Technology Websites Robot IBM Scam Vulnerabilities Computers Cortana Net Neutrality USB Tech Terms Compliance Social Engineering Presentation Bring Your Own Device Administration Wireless Running Cable Computer Repair Access Control Encryption Digital Payment Phone System Data loss Saving Time Information Technology User Error Microsoft Excel Continuity Data Protection Software License Domains Drones Managed Service Leadership Devices Writing Distributed Denial of Service Shortcut Smart Phones Audit Backup and Disaster Recovery Upselling Solar Mobile Technology Troubleshooting Environment Twitter Programming Redundancy Regulations Staffing Streaming Media Competition Co-Managed IT Printing Value Managing Stress Digital Network Congestion Skype Read Slack Accountants Memory Phone Systems Windows XP Computer Care Application Wearable Technology Downloads Professional Services Virtual Assistant Cables Online Currency Business Owner Travel Monitoring Emergency Equifax Recovery Virtual Desktop Training Society Hackeres Mobility Zero-Day Threat Wires Time Management Product Reviews intranet Hiring/Firing Spying Startup Documents Legal Google Maps Hard Drive Disposal Public Speaking Display Text Messaging Google Calendar Dongle Trending Voice over Internet Protocol Printer Server Unified Threat Management Mobile Security Office Tips Entertainment Employee-Employer Relationship Legislation Securty Identity Theft Cloud Computing email scam Heating/Cooling Music Ebay Television Service Level Agreement GPS Statistics FinTech Multi-factor Authentication Analytic Point of Sale Onboarding Emails Virtual Reality Get More Done Hacker Black Market Harddrive Pirating Information SharePoint Smart Office 3D MSP Webinar Software as a Service Device security Deep Learning Password Entrepreneur LiFi Media Streaming Digital Signage Knowledge Wireless Headphones Chromebook Computing Infrastructure Customer Service Business Growth HIPAA Freedom of Information Work Development Manages Service Provider Processors Monitors Electronic Payment Router Visible Light Communication Nanotechnology News Optimization Business Cards IP Address Google Wallet Debate Charging Managed IT HTML Displays LinkedIn Budget Advertising Teamwork Fax Server Screen Reader Fake News Recycling Trojan Start Menu Piracy Hosted Solution Storage Analysis End of Support Hard Drive Keyboard File Sharing External Harddrive Conferencing