RCS Professional Services Blog

RCS Professional Services has been serving the New York area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to RCS Professional Services today at 212.532.9111.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 25 June 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Upcoming Events

No events

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Best Practices Technology microsoft Privacy Internet Tip of the Week Software Business Management workplace tips Tip of the Week Small Business Email gadgets Backup Mobile Office Hackers Managed Service Provider Cloud Saving Money Productivity hardware Quick Tips Google Malware Data Business COmputing Social Media Business Smartphones Microsoft Office User Tips Users Android Computer Mobile Devices Hosted Solutions Innovation IT Services Virtualization Efficiency Passwords Miscellaneous Smartphone Business Continuity Upgrade Windows WiFi IT Support Network Security Operating System VoIP Holiday Disaster Recovery Communication Mobile Computing Server Apple Alert Ransomware Mobile Device Management Unified Threat Management Marketing The Internet of Things Network Analytics Remote Computing Windows 8 Apps Facebook Gmail Antivirus Windows 10 Tech Term IT Consultant Outlook History Cybersecurity Artificial Intelligence Excel Vendor Management Data Recovery Big data Content Filtering Going Green Virus communications Search Maintenance Office Data Management Hacking Collaboration Phishing Remote Monitoring Browser Health IT Support Firewall Cybercrime Current Events Windows 10 Mobile Device Data Backup Humor Lithium-ion Battery Productivity App Printer Tutorials Money Bandwidth Employer-Employee Relationship Word iPhone Internet of Things BDR Downtime Laptop BYOD Data Security Avoiding Downtime Website Best Practice Networking Comparison eWaste Bluetooth Chrome Managed IT Services Wireless Technology Update Social Networking VPN Applications Office 365 Cost Management Augmented Reality Spam PowerPoint Tech Support Business Intelligence Proactive IT Automation Hard Drives Robot IBM Managed IT Services Computers Cortana Net Neutrality USB Tech Terms Touchscreen Access Control Compliance Social Engineering Presentation Administration Data loss Running Cable Computer Repair Encryption Bring Your Own Device Digital Payment Company Culture Phone System Patch Management Saving Time Information Technology Save Money Bitcoin Retail Education Experience User Error Unified Communications Pain Points YouTube Blockchain Inbound Marketing Law Enforcement Computer Accessories Project Management Tablet Cryptocurrency IT Management Data Breach Two-factor Authentication Hiring/Firing Mouse Customer Relationship Management Disaster Cleaning User Gaming Console Data storage Social Save Time Help Desk Vulnerability Sports Safety Google Docs Specifications Business Technology SaaS Document Management Websites DDoS Lifestyle Government Scam Vulnerabilities Statistics Software as a Service Device security Analytic Point of Sale Knowledge Wireless Headphones Virtual Reality GPS Computing Infrastructure Hacker Black Market Pirating Information Freedom of Information Work Deep Learning Password Get More Done Entrepreneur LiFi Media Streaming Nanotechnology Harddrive Chromebook 3D Business Cards Webinar Customer Service Business Growth HIPAA News Optimization Managed IT HTML Processors Monitors Electronic Payment Router Visible Light Communication Screen Reader Start Menu Piracy Manages Service Provider IP Address Google Wallet Debate Fake News Recycling Wireless Displays LinkedIn Advertising Teamwork Conferencing Budget Data Protection Software License Hosted Solution Storage Microsoft Excel Continuity Devices Fax Server End of Support Trojan Keyboard File Sharing Audit Backup and Disaster Recovery Hard Drive Solar Mobile Technology Domains Drones Leadership Redundancy Regulations External Harddrive Writing Distributed Denial of Service Shortcut Printing Value Cables Digital Desktop Troubleshooting Twitter Programming Accountants Smart Phones Staffing Environment Streaming Media Competition Co-Managed IT Downloads Professional Services Upselling Virtual Assistant Wires Network Congestion Skype Read Emergency Equifax Memory Windows XP Computer Care Application Wearable Technology Mobility Zero-Day Threat Hard Drive Disposal Voice over Internet Protocol Time Management Online Currency Business Owner Travel Startup Recovery Phone Systems Virtual Desktop Training Society Hackeres Google Calendar Dongle Unified Threat Management Mobile Security Product Reviews intranet Hiring/Firing Legislation Documents Legal Google Maps email scam Public Speaking Display Text Messaging Television Service Level Agreement Trending Multi-factor Authentication Office Tips Entertainment Emails Securty Identity Theft Printer Server Heating/Cooling Music Ebay SharePoint Smart Office