RCS Professional Services Blog

RCS Professional Services has been serving the New York area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to RCS Professional Services today at 212.532.9111.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 18 January 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Upcoming Events

No events

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Best Practices Technology microsoft Privacy Internet Tip of the Week Software Business Management workplace tips Small Business gadgets Email Mobile Office Backup Managed Service Provider Cloud Productivity hardware Hackers Saving Money Quick Tips Data Malware Tip of the Week Google Business COmputing Social Media Smartphones Microsoft Office Business Users User Tips Mobile Devices Hosted Solutions Computer Efficiency IT Services Android Passwords Miscellaneous Business Continuity Virtualization IT Support Upgrade Windows Innovation WiFi Operating System Holiday Smartphone VoIP Communication Mobile Computing Server Alert Disaster Recovery Apple Unified Threat Management The Internet of Things Marketing Ransomware Mobile Device Management Remote Computing Windows 8 Windows 10 Network Security Analytics Network History IT Consultant Outlook Gmail Apps Antivirus Facebook Health Big data Content Filtering Excel Going Green Office Virus Data Management Search Collaboration Phishing Browser Artificial Intelligence Printer Tutorials Firewall Vendor Management Current Events communications Lithium-ion Battery Humor IT Support Maintenance Money Cybersecurity iPhone BDR BYOD Best Practice Networking Mobile Device Comparison Hacking Wireless Technology Update Social Networking Office 365 Windows 10 PowerPoint Remote Monitoring Proactive IT Automation Bandwidth Hard Drives Employer-Employee Relationship Tech Support App Net Neutrality Cortana Project Management Lifestyle IT Management Touchscreen Downtime Presentation Laptop Administration Running Cable Encryption Productivity Computer Repair Website Saving Time Digital Payment Phone System Save Money Retail Scam Experience eWaste Education Avoiding Downtime Bluetooth Unified Communications Law Enforcement Computer Accessories Bring Your Own Device Chrome Tablet Cryptocurrency Mouse Hiring/Firing Data Recovery User Error Disaster Customer Relationship Management User Pain Points Managed IT Services Data storage VPN Inbound Marketing Access Control Cost Management Social Help Desk Save Time Sports Augmented Reality Safety Google Docs Spam Specifications Data Backup Data Security Business Intelligence Gaming Console SaaS Document Management DDoS Patch Management Government Bitcoin Cybercrime Robot Word IBM Pirating Information Blockchain Digital Computers Hacker Black Market Deep Learning Password Downloads Internet of Things Hard Drive Media Streaming Entrepreneur LiFi USB HIPAA Printer Server Virtual Assistant Customer Service Business Growth Processors Monitors Electronic Payment Emergency Mobility Compliance Distributed Denial of Service Router Visible Light Communication Debate GPS Hard Drive Disposal Time Management IP Address Google Wallet LinkedIn Wireless Displays Vulnerability Get More Done Google Calendar Advertising Teamwork Harddrive Storage 3D Webinar email scam Unified Threat Management Hosted Solution End of Support Company Culture Business Technology Television Computer Care File Sharing Keyboard Information Technology Manages Service Provider Vulnerabilities Websites Domains Drones Writing Leadership SharePoint YouTube Google Maps Shortcut Troubleshooting Computing Infrastructure Software as a Service Knowledge Staffing Managed IT Services Twitter Environment Programming Fax Server Co-Managed IT Trojan Freedom of Information Streaming Media Competition Two-factor Authentication Network Congestion Business Cards Tech Terms Skype Memory Read External Harddrive News Windows XP Wearable Technology Application Cleaning Business Owner Managed IT Online Currency Travel Recovery Smart Phones Hackeres Upselling Fake News Virtual Desktop Society Product Reviews Documents Legal intranet Hiring/Firing Microsoft Excel Start Menu Display Public Speaking Text Messaging Office Tips Trending Entertainment Phone Systems Audit Securty Social Engineering Heating/Cooling Music Ebay Statistics Redundancy Printing Analytic Budget Point of Sale